Let the SPIT wars begin


If SPAM arrives in your inbox at 4am, the chances are your antispam software will catch it. But even if it doesn’t, you won’t lose much sleep over its arrival.

But it’ll be a different story with SPIT (spam over internet telephony). Junk phone calls at 4am are going to drive you mad because the chances are that antispit software won’t be able to intercept the call.

Today, Andreas Schmidt and pals from the Fraunhofer-Insitute for Secure Information Technology in Darmstadt Germany explain why intercepting SPIT is so much harder than spotting SPAM.  The main difference between junk calls and junk email is that the email arrives at your mail server before you access it. This gives the server time to analyse its content and filter out the junk before it gets to you.

Internet telephony, on the other hand, goes straight through to you in (more or less) real time, giving your server little or no time to analyse its content.

There are still a number of strategies that could be employed to filter out SPIT. For example, white lists that allow only calls from predetermined callers, Turing tests such as audio CAPTCHAs that make a caller prove he or she is human and payment-at-risk services where the caller makes a small payment in advance and is refunded immediately if the receiver acknowledges the call as legitimate.

But Schmidt and pals don’t seem confident that these techniques will work. They happily point out the disadvantages of each strategy, showing how most are either impractical or easily  circumvented by a determined spitter.

They have even created a program that implements all of these attacks. Their idea is to use the program as a benchmarking tool against which people can test antispitting strategies.

Spitting is a problem that is likely to get worse. Much worse, if the estimates are correct that as much as 90 per cent of email traffic is SPAM .

So to all you computer security guys out there: hustle, hustle, hustle. I need my sleep.

Ref: arxiv.org/abs/0806.1610: Spam over Internet Telephony and How to Deal With It

9 Responses to “Let the SPIT wars begin”

  1. [...] team of German computer scientists has developed a program that reproduces all the known forms of spit (spam over internet telephony) a…. Their plan is to make the spitting software available to computer security experts wanting to test [...]

  2. Nitpicker says:

    It’s silly to spell it “SPAM”, just use “spam” — it’s not an official acronym, and rather used as a proper noun. Or do you always speak (shout) of RADAR detection? Similarly the same goes for spit, just like tries (http://en.wikipedia.org/wiki/Trie) are not TRIES.

  3. redhound1 says:

    Hey Professor Higgins (Nitpicker), I think you missed the point of the article.

  4. Jeff Barson says:

    Everything’s going to need to migrate to an identity based network. Fortunately, those networks now exist.

  5. nuargh says:

    @nitpicker: SPAM is a semi-officially acronym. It stands for Spiced Pork and Meat. The company selling this product used to print SPAM on their cans.
    They once said they didn’t bother Spam being associated to UCE, but if anyone was addressing their product, this person shall simply use SPAM in capitals.

    So, spam is not even an acronym for the phenomenon described, if you want to use a acronym, use UCE. To find out the reason why UCE is referred to as spam, you might want to watch a certain Monty Python episode dealing with a restaurant, a bunch of vikings and the fact that with every order of a meal, the guest got a free can of SPAM, no matter if you wanted that or not.

  6. [...] Let the SPIT wars begin – VoIP spam calls may soon be bothering us all [...]

  7. duh says:

    @nitpicker: You are correct that it is spam and not SPAM (the ‘meat’ product).

    RADAR is still correct as it stands for Radio Detection And Ranging. It is acceptable to use radar now though.

    I think it needs to be referred to as SPIT so it isn’t confused with the physical act of spitting. SPIT is a stupid name anyway.

  8. [...] Let the SPIT wars begin – the physics arXiv blog » Blog Archive (tags: spam mobile TIC abuse technology) [...]

  9. [...] According to The physics of arXiv blog, SPIT is proving even more difficult to control than SPAM. [...]