Adium

Working on stopping spam

Challenge/response A major annoyance in instant messaging is the amount of spam prevalent in the Yahoo and MSN networks these days. Largely because of the “email as contact name” paradigm, these contact addresses are easily scrapped from websites. We don’t like it any more than you do.

In an attempt to combat this, I’ve created a plugin called Challenge/Response. It works by hiding messages from unknown users until the user answers a question you have picked. For example, you can set your message as, “What is the square root of 49 in numerical form?” Until the unknown user answers “7″ all of their messages are hidden from you. 

Unknown users are those not on your contact list, not in the C/R white-list, and those you do not have a chat window open for. If set to do so, C/R will log the messages you receive to a group chat. It can also hide messages from all blocked users, for protocols like MSN where blocking only hides status information.

Since spam bots can’t read the challenge, it’s unlikely for them to respond and get past the filtering system. The downside is that people who want to talk to you for the first time may be confused or unable to answer; by making your challenge and response easier, you can avoid this problem.

Challenge/Response isn’t being included as part of Adium because it’s more of a band-aid than an actual solution, and because presenting it as a third-party plugin allows it a few luxuries that being a core part of Adium wouldn’t allow it. Eventually I’d like to see some sort of intelligent filter which is able to tell the difference between spam and non-spam messages, possibly with something like a Bayesian filter used by e-mail clients.

If you run into any bugs, or have any suggestions, feel free to make a comment here or on the Xtras page for the plugin. Since we don’t have an in-app way of updating plugins yet, check back on the site every once in a while to make sure you’re using the latest version. Enjoy. ;-)

39 Responses to “Working on stopping spam”

  1. Ernest Says:

    This sounds similar to other similar solutions, like “BotGuard” on the former java based Chat Client for gay.com. (They have since gone Ajax, and Chat Client is obsolete; until the owner makes a new one). I remember Pidgin/GAIM on the PC (and probably Mac?) side having a similar feature.

    I don’t use MSN, but I do get really odd spam things on the Yahoo! side. Most times it’s just random letters, and doesn’t even spell anything. But it is SO frustrating to have to tolerate such nonsense.

    I know you guys are dedicated to building AdiumX for Mac, and I love it on both of my Macs. But has anyone ever considered a PC version??? I have to be on a PC from time to time, and could trade Pidgin in a hot second for Adium on here. Just a thought.

    I’m glad the people at Adium are addressing these little concerns from their users. It’s a lot more than some companies do.

  2. Synthetic Frost Says:

    “I know you guys are dedicated to building AdiumX for Mac, and I love it on both of my Macs. But has anyone ever considered a PC version??? I have to be on a PC from time to time, and could trade Pidgin in a hot second for Adium on here. Just a thought.”

    Not going to happen. Adium is basically the Pidgin frameworks with a Cocoa API built Front end user interface. A number of Adium’s primary features, such as the animations, the customization options, and the like are all built on an API that makes calls to the Quartz video frameworks that Windows doesn’t really have an equivalent for.

    In the long run these effects and functionality could probably be emulated with C++ and the Direct X frameworks, but it’d use lots of custom code and be dog slow by comparison, among countless other things. Adium’s as good as it is largely because it’s “relatively” easy to develop using the Cocoa API. Making an app do the same things on Windows API’s is infinitely more complex and slow.

  3. CyberSkull Says:

    This is pretty cool. I’d like to suggest that when recieveing a message from an unknown user on Yahoo/MSN that spellcheck be used somehow to see if the message is likely legitimate or not. Most spam I’ve gotten has junk characters and tons of non-netspeak misspellings in it.

  4. NichM Says:

    I get the type of spam with links to download viruses, on MSN. The problem is that its my friends’ accounts who I’m getting the message from. The virus keep sending me the message and if you respond to it, it logs off.

    “check out these awesome pics from the awesome party (spam link)”

    So I can’t block the people because when they are really them, I like need to talk to them, but the virus that spamming everyone else is quite annoying to. It would be awesome if we could work out a solution to this,

    Thanks,
    NichM

  5. Atlantic Wave Radio Says:

    erm, how can I put this? Some of the people I know would not be able to answer, What is the Square Root of 49 :-)

    Could you not keep it simple i.e. what is sum of four plus three or What is ten minus three?

    Somthing easy and quick, that doesnt require much in the way of though or education?

    It would still perform its function.

  6. Atlantic Wave Radio Says:

    Oooh, just though, something you can work out even when you have had a little drinky or two :-)

  7. mollask Says:

    This is awesome! Not for me of course, because I don’t get any spam using Adium, but I can see it’s usefulness. One more reason to use Adium (or pidgin if you MUST work on a PC sometimes) over the MSN and Yahoo clients. Also thanks for the info on why no PC Adium, Synthetic Frost, that’s the best documented reason I’ve heard yet. I do know a lot of PC users that drool over Adium, though. I guess they should consider a Mac to get all the really cool stuff that goes along with all the fabulous security and bullet proof OS that is OSX.

  8. Marcos Wright Kuhns Says:

    I’m with mollask, sweet! Though I personally haven’t had a problem with spam. You mentioned wanting to do some sort of spam filtering before challenging. How about using Askimet [http://akismet.com] for spam filtering?

    @Atlantic Wave Radio: from the screenshot it looks like you can set the challenge question to be anything you want. So if math isn’t your thing something like “What is my first name?” would also be a valid challenge.

  9. Evan Schoenberg Says:

    @Atlantic Wave Radio: You set the question and answer, so you could say “What color is the sky on a clear day?” and have an answer of “Blue.” I hope your friends could answer that! :)

  10. Marco Says:

    Nice plug-it! ok .. but what about to simply block any message from unknown contacts ? MSN (the MS Client) does it …

  11. Marco Says:

    ok … im a big dumb. RTFM Marco !!!!! LOL

  12. Xico Says:

    I’ve installed this plugin, but now I’m receiving an error message when spammers sent me a message: “Message could not be sent because an error with the switchboard occurred:”

  13. Tom Says:

    Yeah i get the same “switchboard” error that Xico is getting.

  14. Zac West Says:

    @Tom/Xico, have you restarted Adium since installing the plugin? Are you using Adium 1.3.2?

  15. Xico Says:

    Yes. I’m using Adium 1.3.2 and restarted Adium.

  16. Tom Says:

    yeah same here.

  17. Evan Says:

    Exact same problem here.
    1.3.2 and getting the same error.

  18. dcclark Says:

    For anyone worrying about the difficulty of the challenge question — mine is set to “Type ‘yes’ (with no quotes) and hit return.” (with some additional explanatory text). You can absolutely tell them exactly what to say, bots won’t be able to understand it anyhow. :)

  19. John Says:

    Same problem with the ‘Message could not be sent because an error with the switchboard occurred:’ message here

  20. Jesse Donat Says:

    I’d like maybe a growl notification if someone sends me a message but doesn’t answer the question or answers it wrong

  21. Martin Says:

    Why not block all first-time messages that include a web address in them? Cause spam wouldn’t be very effective if it didn’t have a web address attached…

    Either that, or you could set the ‘challenge’ to “Hey, what’s up?” and then the ‘response’ to anything at all. Spammers won’t write back, but everyone else will.

  22. John Says:

    Or is there a way to block all messages except ones from your contacts?

  23. David Smith Says:

    John: yes, Adium’s ‘privacy options’ menu item. It’s been there since 1.0.

  24. John Says:

    Amazing. This is much better for me. Thanks David!

  25. MiLady Carol Says:

    Greetings. I am still having problems with Yahoo IM connection. I have had for at least a couple of months. It won’t connect at all. I’ve checked all the forums and the tickets with similar problems seem to be crossed out yet I’m unresolved. I don’t know how to start a new ticket. What do I do to get access to Yahoo again? Thank you.

  26. notbrainsurgery Says:

    This is an excellent idea. I think you can go a step further, and make computers, not humans to solve the challenges to detect spam.
    I’ve wrote down some ideas on this in my blog post:

    http://notbrainsurgery.livejournal.com/35666.html

  27. rubyist Says:

    Any update to the “message could not be sent because an error with the switchboard occurred” problem? This greatly reduces the value of the plugin for me.

  28. Kenny Says:

    I receive 20-40messages a day, this is the answer to my spam problems!!

  29. tim Says:

    http://corlive.com is the answer to the spam problem, nothing like im or email will ever work imho, as long as programms can send messages automatically.

  30. Silah Sanayi Says:

    spammer i hate them why dont u block this spammers

  31. Andy Says:

    This is nice but it would be nicer if Adium could just use the setting from MSN’s Privacy settings like the previous version (1.3.1) did. The settings I am referring too? Allow: only those in your contact list and Block: All other users.

    I wouldn’t mind if I could just download the older version again.

  32. foobar Says:

    I don’t think this is the solution for me, because I think that an automated answer will “verify” my account for the spammers, leading to more spam on unfltered clients (iPhone).

    I don’t need a Bayesian filter, either. I just need to filter everything that contains “http:” and isn’t from a buddy, and in authorisation-requests, too. I think that might be useful for others as well.

  33. Andy Says:

    Another type of spam IM that you’d likely need to filter out is this kind: “Hey changed my account my new one is blah_blah@hotmail.com” or “Hi I want to chat but this is my work account. Can you message me on my personal account blah_blah@hotmail.com looking foward to chatting.” I suppose there is some sort of auto reply with web info for some skin site and of course automated spamming/selling of a confirmed good email account but I have not, nor will I ever, reply to these so I can’t confirm my hypothesis.

  34. Doug Says:

    Will someone please explain this option in the above screen shot?

    “Hide messages from blocked users.”

    I thought if you block someone, you’ll never see their messages. Now we have an option to toggle if we want to see the users messages or not? Wouldn’t this make “Block User” ineffective?

    I’m so confused.

  35. Doug Says:

    @ http://adiumx.com/blog/2008/11/working-on-stopping-spam/#comment-3190

    Exactly.

    So… Why not add a feature that will challenge any person who sends a URL?

  36. Zac West Says:

    @Doug: certain services (aka MSN) still allow blocked users to message you but not see your status.

  37. Nicholas Peshek Says:

    @ Andy:

    Because of how MSN works, it does not really matter if you click those links or not. MSN clients respond with an ACK (acknowledgment) packet as soon as you get the message, so the bot knows if your screen name exists immediately. Our backend, Pidgin, does it this way because it’s the proper way for the client to respond when offered an IM challenge. What everyone here is seeing (Switchboard not responding errors) is that the bots do not respond with the ACK (Why would they? They’re just there to spam the network), so the MSN code gets confused and assumes that the bot is disconnected. What we need it a filter, and if the message is highly likely to be spam, don’t send the ACK to the source.

  38. not good enough Says:

    This only blocks the message, but the message WINDOW still pops up and says the message can’t be displayed. Make it so no windows from the spamming bastards show if they get the question wrong. The whole point is to limit the number of windows/tabs you get, I hate getting 3 tabs of crap when I’m on Adium.

  39. Veronica Says:

    I love Adium