The British Security Service MI5 is going start issuing security threat updates via email.

How long until spammers start emulating these alerts, and the alerts themselves wind up in the filters?

A few days ago, a study came out of Canada which tallied up which spam filter worked best. I still haven’t been able to download the video, and I am now under house arrest for snatching that fiber line. Nevertheless, J.D. Falk pointed out that it isn’t necessarily what individual filter works best, but what combination of tools work best for your individual needs. A list of “must haves” for any solution followed.

Thanks, J.D.

MX Logic has been granted a patent on its spam filtering technology. The process is a combination of proprietary and open rules systems, statistical/probability based measurements, as well as plugins for Sender Policy Framework and Sender ID. Congratulations goes out to them.

Meanwhile…

In news that was to be “officially” released Monday morning, the venerable anti-computing-pest weblog Spamroll is rumored to be filing a patent of its own. It’s called A Method and Process for Unsolicited Commercial Email Receiver Stupidity, and leading authorities in the anti-spam community contend it is groundbreaking. The “technology” includes a single claim, that the weblog has a lock on ignorant users clicking on links from spam emails, and proceeding to purchase bogus goods. While there seems to be some prior art, Spamroll believes it can readily convince the USPTO that such idiocy is beyond measure. How to defend this “technology” is still being worked out, but the intellectual property owners are purportedly readying to hide it from as many people as possible.

Folks are debating whether spammers’ methods are stagnating, so I have to throw my uninformed two-cents in. They are changing, that much is clear, but I think it is a mearly a shift based on market forces.

Spam filters are tightening up everywhere, so:

- You are seeing more plain text messages. And that plain text may be obfuscated, jumbled, or otherwise arranged to look like even more simple text like the alphabet, separated by carriage returns to keep dirty words like “pharma” from getting caught.

- Less use of HTML forms, and any semblance of scripts is disappearing.

- Botnets are being used, and since authorities and ISPs are catching on quickly, why bother with falsifying headers. Just use the email address of the poor infected sucker. The spammer’s tool will get cleaned up soon anyway, and why leave a trace of your method.

I see a return to the simple life for everyday spammers. It is a multi-level marketing game, and the top agents have bigger fish to fry. The kingpins can spend their time constructing sophisticated looking phishing emails tagged with real digital certificates, while the little guy pushes p3nis pills.

I am not exactly sure how Gmail’s spam filters work, and likely won’t figure it out anytime soon - I flunked out of my Astrophysics PhD program, don’t you know. But I do know that spam seems to be a very subjective thing at the Google service. Some people get it, and some don’t.

I still haven’t received any through the service, and check my Entourage folders diligently. I use the POP service at Gmail, so I leave no messages on the service except those in the spam folder (which I empty roughly once every 30 days). But the real kicker is this - I use my Gmail account for all web forms, etc., considering the account disposable if need be. I get all the spam from my primary domain, which I guard with my life.

Gmail’s spam filter may learn from the spam you report, but does it get dumber from the email you keep?