Ask Jonathan Zdziarski

You may recognize the name Jonathan Zdziarski from a recent Slashdot book review of his book Ending Spam. Aside from his DSPAM spam filter Jonathan has also contributed several other projects to the open source community under the GNU General Public License. These projects include Verizon-Compatible SMIL Multimedia Gateway, The Reactive Automated Blackhole List Server, Apache DoS Evasive Maneuvers Module, and several others. Want to know how to effectively contribute projects to the open source community? Curious to ask another programmer about his history? Now is the time to ask. Moderators will select the top few questions that we will forward on to Jonathan sometime tomorrow. The answers to the questions will be displayed next Tuesday when we will encourage Jonathan to participate in the discussion as time permits.

Nomenclature

[Anonymous Coward]

How do you pronounce your name?

Re:Nomenclature

[Anonymous Coward]

jo-na-than

Re:Nomenclature

[Ann Elk]

Polish 'z' sounds like English 'z' as in "zoom".
Polish 'dzi' trigraph sounds more-or-less like English 'j' as in "jam".
Polish 'a' sounds like English 'a' as in "call".
Polish 'r' sounds something like an English 'r' as in "read", but it's rolled (more like a Spanish 'r').
Polish 's' sound like English 's' as in "say".
Polish 'k' sounds like English 'k' as in "kit".
Polish 'i' sounds like English 'y' as in "fully".

"Z-dzi-a-r-s-k-i" is prounounced (very roughly) "Ze-jarrsky". At least, in theory. I'm not P

Re:Nomenclature

[rah1420]

I work with a Zdziarski. He pronounces his name "Jar-skee."

Re:Nomenclature (correction)

[in10d]

Polish 'a' sounds like English 'a' as in "call".

Nope. It sounds like English 'a' as in "fan".
The rest is correct.

I'm not Polish, so he may have a different opinion.

OK, I am Polish, so he may have a different opinion.

Re:Nomenclature

[gad_zuki!]

"Katz"

What ever happened to him?

Re:Nomenclature

[Mr. Bad Example]

> How do you pronounce your name?

And are you considered a proper noun for purposes of Scrabble?

How do you pronounce your last name?

[winkydink]

that's my question.

Re:How do you pronounce your last name?

[halltk1983]

Exactly as it's spelled! ;-)

Re:How do you pronounce your last name?

[Anne_Nonymous]

I'll bet he gets asked to spell it a lot more than he gets asked to pronounce it.

Re:How do you pronounce your last name?

[mog007]

Correctly.

*+5 fake karma points to whoever gets the reference*

GPL 3?

[Anonymous Coward]

Seeing how Johnathan has put much of his time and effort into Open Source projects over the years, it would seem he is a good canadate for this question: What do you think about the proposed change to the GPL with the upcoming GPL 3? Is it a welcomed breath of fresh air to the Open Source Community, or will it just be a reiteration of the previous GPL? What are your thoughts and comments on the GPL 3?

--
Do you get those pesky Nigerian 419 emails? Post them here, and watch the database grow! : http://urgentmessage.org/ [urgentmessage.org]

How to start

[Anonymous Coward]

Do you have any suggestions for the enthousiastic yet inexperienced? Perhaps a listing of projects in need of developers, with some indication of the level of experience suggested (as well as languages required).

Future of Anti-Spam Techniques

[mxmasster]

Most antispam software seems to be fairly reactionary - wither it is based on keyword patters, urls, sender, ip, or the checksum of the message a certain amount of spam has to first be sent and identified before additional messages will be tagged and blocked. Spf, domainkeys, etc... requires a certain percentage of the Internet to adopt before they will be truely effective.

What do you see on the horizon as the next big technique to battle spam? How will this affect legitimate users on the Internet?

an easy one...

[krelyk]

postfix or qmail? (i vote postfix)

Do you feel disadvantaged...

[Pig Hogger]

Do you feel disadvantaged in comparison to people whose last name is "Smith" or "Jones"???

Re:Do you feel disadvantaged...

[cluening]

As one who has a long and weird last name (Lueninghoener; longer but not nearly as weird as the one in question), I can say that I feel much cooler than people with boring names like "Smith" and "Jones".

Re:Do you feel disadvantaged...

[wild_berry]

And you get less spam...

DIY Spam Filtering

[Anonymous Coward]

Mr. Zdziarski, it appears as if you are a supporter of use of statistical methods to filter out spam. But these filtering methods have limitations, in that there are ways of getting around these filters. Since human beings can recognize spam better than any software filter, do you not believe that more emphasis should be put on developing software that facilitates DIY spam filtering?

Re:DIY Spam Filtering

[LnxAddct]

Actually, filters do a much better job then humans. One human can't deal with the job, its too overwhelming in many cases, therefore one human isn't capable of filtering effectively, even if they were capable, most would rather pay someone else to do it for them. The next solution, say AOL highered 1,000 people to filter spam, each one of them would disagree with what is spam and what isn't. Some people might want to get car deals, and sports information, or porn and viagra, others won't. The spam filter is

see any decrease in spam lately?

[krelyk]

Have you noticed any decrease in the amount of spam since a few of the hardcore spammers have finally been prosecuted? I always wonder if scare tactics will work against these guys, or if they will just move their colo to some small country offshore where it becomes harder to press charges.

Re:Question..

[pete6677]

So maybe that's a little harsh. How about making spammers spend a couple of years working for AOL tech support at minimum wage?

Question !!!

[jczucco]

I wrote a work to compare techniques and open source tools to fight spam, and dspam wins: http://web.onda.com.br/nadal/Trabalho_Jeronimo_Zuc co.pdf [onda.com.br] What do you think about combining other methods (like SPF, DK, Reverse DNS, etc) on network level, before the mail are arrived ? Thanks and congratulation for your jobs !! Jeronimo Zucco

SpamAssassin Tools - AK-47s, Knives, or Nukes?

[billstewart]

So when you're trying to assassinate spammers, do you favor precisely targeted tools like knives, medium-scale tools like AK-47s, or nuke-them-from-orbit solutions?

I guess the more serious version of this question is the tradeoff of precision and false negatives vs. overkill and false-positives. For instance, my email provider lets me pick country-blacklists, so I reject all email from China, Korea, and Nigeria, where I don't know anybody, and Japan gets accepted with extra filtering, because I know a couple people there who normally don't send me mail - it's not quite a nuke-Asia-from-orbit approach, because people who actually do want mail from people in China can accept it, but people who don't can reject it all and lose the occasional message from a friend at a cybercafe.

Insights into the corporate mentality for OS / GNU

[RealisticCanadian]

Jon, your acheivements thus far are impressive. I am personally most impressed by your adherence to Open Source Solutions in a corporate environment.

I myself have had numerous interactions with less-than-technically-savvy management-types. Any time I bring up solutions that are quite obviously a better technical and financial choice over software-giant-type solutions; conversation seems to hit a brick wall. The ignorance of these people on such topics is astounding, and I find many approaches I have tried seem to yield no results in the short term. "Well, yes, your example proves that we would save $500,000 per year using that Open Source solution. But We've decided to go the Microsoft (or what-have-you) route."

With your track record, I can only assume you have found some ways to overcome this closed-mindedness.

I would greatly appreciate any input you have on this; from the perspective of someone who has overcome this obstacle before.

Lovely SPAM

[Stanistani]

What punishment do YOU feel is appropriate when a government agency gets a wriggling, thrashing spammer in its pincers?

Scrable

[Scrameustache]

How much is your name worth at Scrable?

Re:Scrable

[Mozk]

I'd mod you up had I had mod points.

Scrabble(TM) Points

[Stanistani]

74 points if you get the 50-point bonus for a word seven letters or longer, 24 if not.

*Note: There is only one Z in the tiles, so the second Z is a blank, and is pointless... just like this post.

Spam Delays

[Malyven]

How do you deal with spam checking software causing a delay at the point where you do the spam filtering? As communication backup becomes more important in the business place you have some companys dealing with literally millions if not billions of emails a day. Even an efficent filter will take to go through that many emails, How do you deal with this?

Bogofilter And Standardized Bayesian Testing

[Goo.cc]

I have two questions:

1. In your new book, you basically state that Bogofilter is not a bayesian filter, which was news to some of the Bogofilter people I have spoken to. Can you explain why you feel that Bogofilter is not a bayesian filter?

2. Bayesian filters have been around for some time now but there still seems to be no standardized testing methods for determining how well filters work in comparison to one another. Do you think that comparitive testing would be useful and if so, how should it be performed?

Thanks Jonathan.

Re:Bogofilter And Standardized Bayesian Testing

[dozer]

From his paper:

http://www.nuclearelephant.com/papers/justifying.h tml [nuclearelephant.com]

"This family of filters includes the now-popular Bayesian filters (pronounced "bay zee in") as well as other filters using statistical analysis to filter spam (such as Markovian classifier CRM114 and Chi-Square Bogofilter)."

That's why Bogofilter is not Bayesian.

I definitely like the second question.

Re:Bogofilter And Standardized Bayesian Testing

[pfafrich]

Have a look at A Statistical Approach to the Spam Problem [linuxjournal.com] which as far as I can tell describes the Bogofilter approach. Which seems to be

1. Calculate the probabilities p(spam|word) for each word in spam. The formula is a modification of the standard bayes rule to account for new words not found in corpus. As the the number of emails containing the word increases it does tend to the standard Bayes rule.
2. Combine the probabilities for all the words in the email. This step is where the Chi squared test comes in

Re:my thesis

[hobbesx]

For my thesis ... I am testing some additions and tweaks ... what are some ... ?

Additionally, please format any comments of said tests in a double-spaced Word document in at least 1,500 words. Please cite references!
Thanks again!

First Question...

[catdevnull]

I'd like to know how to properly pronounce that last name!

Beyond firewall, antivirus, antispamware

[teknickle]

With malware becoming increasingly complex (from simply annoying viruses to trojans that turn zombie boxes into SPAM factories), do you see another product coming into play that takes antispyware/url filtering (firewall)/antivirus to a new level? Like some sort of unified product (NOT like the 'packages' offered by Norton or McAfee---security suites are dissimilar products just grouped together) I still think that user education is first and foremost, but perhaps some kind of heuristical scanner that inte

[ot] Lateral thinking:

[wild_berry]

Is there a Knoppix-derivative with Windows spyware tools working under Wine or with native windows-spyware-tools-for-linux coupled to a captive NTFS filesystem to tidy up boogered PC's without the Rooted Windows running?

Re:[ot] Lateral thinking:

[teknickle]

In those cases, I use BartPE bootable XP CD that can run the Windows client apps (AVG, Spybot, etc).
A 'windows version of Knoppix'.

Running clamscan against a Windows box doesn't recognize all the damage (because it isn't just viral damage).

Will spam *ever* become a thing of the past?

[Alwin Henseler]

Compare spam with phone-based direct marketing, or pushing (unasked for) flyers in a (snail-) mailbox, and think of the economics:

As much as many people hate it, there's always a percentage that buys advertised items. And with their wallet, this small percentage supports the other camp. You may hate this method of doing business, but there's the other side too: products sold, bring income and jobs for people making these products. For the small percentage of buyers, some products/services may be very much

What about legitimate mailing list software

[skazatmebaby]

Jonathan,

I develop and manage a lightweight Open Source Application that's used to send announce only and discussion mailing lists, similar to the Mailman and Majordomo projects. It's very popular and has a loyal following.

What advice do you have as a developer of this program to:

* Help my users send legitimate messages (either by education (specifically) or by programming techniques)

* Help Spam Filtering Software check the messages my program sends out for possible abuse

* Be a part of the solution to sending legitimate messages to many people, rather than perhaps be part of the problem.

I understand that any tool can be circumvented and abused and I do believe context always plays a part in how to judge something as Good or Bad. I'm sure like many different types of software, Spammers are a problem for my business as well.

I find myself in an interesting position, where I can change how many email messages are sent out. If I can send "better" email messages that are not filtered as spam if they are legitimate and can stop possible abuse of my program, I can help in a solution to people who would like to send out announce only and discussion email messages.

Thanks for your time.

Simple Question

[jnaujok]

The SMTP standard that we use for mail transfer was developed in the late 70's - early 80's and has, for the most part, never been updated. In that time period, the idea of hordes of spam flowing through the net wasn't even considered.

It has always been the most obvious solution to me that what we really need is SMTP 2.0, where a server only accepts mail from a user that can authenticate themselves with a name and password. A server can also accept mail from another server, but only for mail directed at legitimate users on it's system. Mail servers would have to register with a central authority, and must include their active IP address in that registration. Any attempt to deliver mail from an unregistered server is bounced.

Wouldn't this simple fix stop 99% of spammers in their tracks? Isn't it about time we updated the SMTP standard?

Re:Simple Question

[bahamat]

It has always been the most obvious solution to me that what we really need is SMTP 2.0,

You don't get out much do you?

where a server only accepts mail from a user that can authenticate themselves with a name and password.

This is called SMTPAUTH. Augment this with sender maps, then you can only send mail from an e-mail address that matches your username.

A server can also accept mail from another server, but only for mail directed at legitimate users on it's system.

This is called relay control. Every mail s

Re:Simple Question

[jnaujok]

Exactly. It's available.

The problem is, it's not enforced as part of the standard. I can spend five minutes with a scan tool and find a dozen open relays that don't do authorization. I know, I get spammed by them 50 times a day.

And as for relay control, same thing. It's not part of the standard and people don't do it.

As for SPF, yeah, I know about that too. Have you ever tried setting it up? Have you ever seen an SMTP mail server that supports it natively? I haven't. That's my point.

People are obv

Re:Simple Question

[stoborrobots]

Wouldn't this simple fix stop 99% of spammers in their tracks?

No, it wouldn't.

Firstly, what this prevents is the direct sending of mail from unregistered IPs to a destination host, or via an open relay. However, the bulk of the spam out there today (not this time last year, when the profile was completely different...) does not come from open relays. Eliminating both open relays and direct port 25 connections from non-mailserver IPs would only eliminate one simple route for spam.

The bulk of todays spam com

Freedom of speech.

[Sheetrock]

In the past, I've heard it suggested that anti-spam techniques often go too far, culling good e-mail with the bad and perhaps even curtailing 1st Amendment rights. Clearly this depends on what end of the speculum you're on, but recent developments have given me pause for thought on the matter.

For example, certain spam blacklists would censor more than was strictly necessary (a subjective opinion, I realize) to block a spammer -- sometimes blocking a whole Class C to get one individual. This would cause other innocent users in that netspace to have their e-mail to hosts using the blacklists silently dropped without any option of fixing the problem besides switching ISPs.

This is an extreme example, but most anti-spam approaches have the following characteristics:

• They are implemented on a mailserver without fully informing the users of the ramifications (or really informing them at all)
• They block messages without notification to the sender, causing things to be silently dropped
• Even if the recipient becomes aware of the problem, few or no options are given for the recipient to alter this "service"

Recently I had to fix an installation where daily messages from a particular host stopped appearing in a mailbox. This system was connecting with an ISP that had offered no spam filtering and had been using a client-based Bayesian classifier with great success, but suddenly the mail coming into the system had scaled back by a factor of ten. Sure enough, the ISP installed a server-based spam filter which took out most of the spam and a good deal of the legitimate mail -- they had a (not well publicized) means of accessing the account settings and turning off the filter, and a holding tank for mail classified as spam, but beyond the last two weeks everything was thrown out.

I'm curious about what you think about server-based approaches vs. client-based approaches to spam classification and filtering and if, maybe, the cure is worse than the disease.

Re:Freedom of speech.

[rbgaynor]

Clearly this depends on what end of the speculum you're on

As do so many things in life.

Re:Freedom of speech.

[dustinbarbour]

Personal opinion.. Spam will be used as a marketing tool so long as email exists. The low operating costs of spam operations will make this true. Now, different users consider different things spam. So the end user needs to be the one classifying their email as spam or ham. No larger entity can correctly classify all email traffic for all of its users.

Re:Freedom of speech.

[suwain_2]

I've heard it suggested that anti-spam techniques often go too far, culling good e-mail with the bad and perhaps even curtailing 1st Amendment rights...

Until the US Government starts filtering spam out of my inbox for me, I don't think there's any breach of my 1st Amendment rights going on.

Re:Freedom of speech.

[in10d]

Let me oppose.

• They are implemented on a mailserver without fully informing the users of the ramifications (or really informing them at all)
• They block messages without notification to the sender, causing things to be silently dropped
• Even if the recipient becomes aware of the problem, few or no options are given for the recipient to alter this "service"

These three points are the definition of poorly designed anti-spam system. But not all (a minority, as they mature) of them are so fscked up.

C

Christian Beliefs

[Anonymous Coward]

This is arguably out of scope for this interview, but I still feel it's something many Slashdotters would be interested in hearing about.

On your webpage you have an essay [nuclearelephant.com] describing your Christian beliefs and why you have them. You say many things that most Slashdotters (and nerds and scientist in general) regard as utterly ridiculous. You think the earth is no more than 10,000 years old, you think Christianity is logical, you regard the Bible as a historial document, etc.

No doubt you are aware of the fact that most nerds disagree with you on these things. Indeed, they might even consider you "crazy" for holding them.

Without going into the truths of the beliefs in question, which I'm sure will be debated enough in the Slashdot thread anyway (and I hope you'll join in), what do you think the reason is that so many scientists, nerds and people otherwise rather similar to you think your beliefs are obviously incorrect? Do you think they are all deluded? Do you agree that there might be a possibility that your beliefs are not rational (again, without going into whether or not they are so)?

Best regards,
an AC

Re:Christian Beliefs

[mbius]

what do you think the reason is that so many scientists, nerds and people otherwise rather similar to you think your beliefs are obviously incorrect?

It pretty much begins and ends with "God had a human son, whose death and resurrection fulfilled God's Divine Plan." I'll be happy to outline just a handful of the problems built into that idea, but they've all been beaten to death (no pun intended).

People take issue with Christianity (or ought to) because its theology is ludicrous. The existence of God

Re:Christian Beliefs

[mbius]

I've no doubt Zdziarski's reply will be both original and profound. However, I feel the question "Why Christianity?" is too often absorbed into "Why Religion?", from both camps. They're really quite separate.

Re:Christian Beliefs

[adrianmonk]

Do you agree that there might be a possibility that your beliefs are not rational (again, without going into whether or not they are so)?

I think he sort of answers that question in the essay you linked to. He says that "it is true that Christianity is ultimately based on faith".

There are many philosophical viewpoints on what are valid ways of obtaining knowledge. Some people think the only valid source of knowledge is empirical observation and rational thought. Others think that, if there is such

Re:Christian Beliefs

[bluGill]

No logician would take this as an argument in favor of faith, no matter how you slice it.

Godel's theorems are not a argument in favor of faith, they are arguments against denial of faith. Godel proved there are things that we cannot prove (or that our universe is logically inconsistent depending on which alternative you choose to believe - but believing either requires faith)

In a pure logic system faith is something that cannot be proved or disproved. Maybe it is, maybe it isn't, but logic tells you n

Re:Christian Beliefs

[Shaper_pmp]

Seconded. Or how about:

First off, this is not intended as flaimbait - although I'm arguing against religion I'm honestly curious, and refusing to post as an AC to prove it. I've spoken to many intelligent, intellectual religious people about their beliefs, and I've never had a anything approaching a good answer to this question:

As an obviously educated, skilled hacker, how do you reconcile your (presumably) scientific, rational, empirical approach with your more faith-based (ie, no empirical scientific ev

Re:Christian Beliefs

[bluGill]

God speaks to me. Not in words, so don't ask me to describe his voice. However God gives me a message from time to time, (Note, years between messages are normal) that cannot be ignored. Of course you from the outside will disagree that it is a message from God if I state them, so I won't.

Prove I really exist. We have not met. Someone could create a convincing hologram of me, or a really advanced robot... (This assumes the existence of technology that you know nothing about, so it is a stretch)

Re:Christian Beliefs

[Shaper_pmp]

Thanks for responding...

"God speaks to me. Not in words, so don't ask me to describe his voice. However God gives me a message from time to time, (Note, years between messages are normal) that cannot be ignored. Of course you from the outside will disagree that it is a message from God if I state them, so I won't."

That's fair enough, but again - how do you distinguish genuine messages from God from a sudden idea, subconscious action [survivalafterdeath.org], temporal-lobe epilepsy or (in an extreme case) schizophrenia?

I don't mean

Re:Christian Beliefs

[Lady Jazzica]

"There isn't a single religion with any kind of hard evidence in favour of it"

Sure there is. The Catholic faith has lots of proof to back it up. Have a look at all the miraculous healings that have taken place at Lourdes, for instance. And that's just one place with lots of miracles, investigated by medical experts. There are many more miracles that happen all the time; each canonized saint has at least two miracles (healings) that have been investigated and found to be impossible without supernatural i

I have a really important question

[Anonymous Coward]

I would like to know who you are and why Slashdot is asking you anything. Did you ask Slashdot to do this? Who are you and why should we care?

Re:I have a really important question

[usageman]

I hate the anonmous caward posts. This guy bio is in the article abouve and why adn he talking with slashdot is very clear. Try reading the topic before posting or post about something on topic.

I only have one question

[Anonymous Coward]

Dear Jonathan Zdziarski,

I work in the credit and accounts department of Union Bank Plc,GHANA. I solicit to write you in respect of a foreign customer with a Domicilliary account. His name is Engineer Manfred Becker. Since the demise of this our customer, Engineer Manfred Becker,who was an oil merchant/contractor, I have kept a close watch of the deposit records and accounts and since then nobody has come to claim the money in this a/c as next of kin to the late Engineer. He had only $18.5mllion in his a/c a

"Ending Spam" inconsistencies

[anany01]

Just a couple for now:

1. In your book, "Ending Spam" you are pretty harsh on commercial filters and basically anything that's not statistical filtering. You make very good points in favor of statistical filtering, but I feel that you've missed a major fact about spam. Statistical filtering requires that the end-user get actively involved in the spam filtering process. What happens when they don't (because, in general, they won't) How does that affect the attacks you described in chapter 7 and what technique

Re:"Ending Spam" inconsistencies

[TheRaven64]

With regard to TarProxy, you might like to take a look at OpenBSD's spamd (not to be confused with SpamAssassin's spamd). This implements the tar pit mechanism, but relies on an external source for policy - you can use any whitelist / blacklist source as input.

history of DSPAM

[passion]

I recall hearing a story that you created DSPAM as a response to the trashy emails that your religious leader was receiving. I also see that your religion plays a large role in your life. I'm curious, how a thinking, logical, Christian such as yourself feels about the "intelligent design" movement?

Is this a misinterpretation of scripture? A reaction filled with fear against science? An attempt to distance ourselves from animals so that the atrocities occuring in modern industrial-meat production can be justified? Or is it a revival of much-needed spiritual values in our country?

In addition, I'm curious what your take is on the Intelligent Falling [theonion.com] theory?

Re:history of DSPAM

[Anonymous Coward]

I'm curious, how a thinking, logical, Christian such as yourself feels about the "intelligent design" movement?

Read his website. He's a creationist.

I Just Can't Swallow Evolution [nuclearelephant.com]

(That section starts about 2/3 of the way through the page.)

Re:history of DSPAM

[TheRaven64]

Not a very concise explanation, however. Microevolution is not in doubt - there are observable cases of ti recorded.

Macroevolution is a bit harder to swallow, and a real solution probably requires us to redefine what we mean by `species'. We currently define two creatures as being of the same species if they can mate and produce fertile offspring (assuming a correct gender pairing). At some point, two micro-evolutionary branches of a species diverge to such a point that they can no longer mate. The pro

Ummm... why use /. for this?

[Rob_Ogilvie]

Y'all realize Jon is really a nice fellow who is quite easy to get in touch with. If anybody really has a desire to contact him with a question, why don't you? If you wish to open a discussion with him, why don't you catch him on IRC?

Re:What is ..

[Geoffreyerffoeg]

char name[]="Jonathan Zdziarski";
cout 18

Re:frosty?

[Anonymous Coward]

Could you create a "First Post" (And other crapy look-alikes) filter as well?