Blog

Working on stopping spam

Challenge/response A major annoyance in instant messaging is the amount of spam prevalent in the Yahoo and MSN networks these days. Largely because of the “email as contact name” paradigm, these contact addresses are easily scrapped from websites. We don’t like it any more than you do.

In an attempt to combat this, I’ve created a plugin called Challenge/Response. It works by hiding messages from unknown users until the user answers a question you have picked. For example, you can set your message as, “What is the square root of 49 in numerical form?” Until the unknown user answers “7” all of their messages are hidden from you. 

Unknown users are those not on your contact list, not in the C/R white-list, and those you do not have a chat window open for. If set to do so, C/R will log the messages you receive to a group chat. It can also hide messages from all blocked users, for protocols like MSN where blocking only hides status information.

Since spam bots can’t read the challenge, it’s unlikely for them to respond and get past the filtering system. The downside is that people who want to talk to you for the first time may be confused or unable to answer; by making your challenge and response easier, you can avoid this problem.

Challenge/Response isn’t being included as part of Adium because it’s more of a band-aid than an actual solution, and because presenting it as a third-party plugin allows it a few luxuries that being a core part of Adium wouldn’t allow it. Eventually I’d like to see some sort of intelligent filter which is able to tell the difference between spam and non-spam messages, possibly with something like a Bayesian filter used by e-mail clients.

If you run into any bugs, or have any suggestions, feel free to make a comment here or on the Xtras page for the plugin. Since we don’t have an in-app way of updating plugins yet, check back on the site every once in a while to make sure you’re using the latest version. Enjoy. 😉


39 Comments

  1. This sounds similar to other similar solutions, like “BotGuard” on the former java based Chat Client for gay.com. (They have since gone Ajax, and Chat Client is obsolete; until the owner makes a new one). I remember Pidgin/GAIM on the PC (and probably Mac?) side having a similar feature.

    I don’t use MSN, but I do get really odd spam things on the Yahoo! side. Most times it’s just random letters, and doesn’t even spell anything. But it is SO frustrating to have to tolerate such nonsense.

    I know you guys are dedicated to building AdiumX for Mac, and I love it on both of my Macs. But has anyone ever considered a PC version??? I have to be on a PC from time to time, and could trade Pidgin in a hot second for Adium on here. Just a thought.

    I’m glad the people at Adium are addressing these little concerns from their users. It’s a lot more than some companies do.

  2. “I know you guys are dedicated to building AdiumX for Mac, and I love it on both of my Macs. But has anyone ever considered a PC version??? I have to be on a PC from time to time, and could trade Pidgin in a hot second for Adium on here. Just a thought.”

    Not going to happen. Adium is basically the Pidgin frameworks with a Cocoa API built Front end user interface. A number of Adium’s primary features, such as the animations, the customization options, and the like are all built on an API that makes calls to the Quartz video frameworks that Windows doesn’t really have an equivalent for.

    In the long run these effects and functionality could probably be emulated with C++ and the Direct X frameworks, but it’d use lots of custom code and be dog slow by comparison, among countless other things. Adium’s as good as it is largely because it’s “relatively” easy to develop using the Cocoa API. Making an app do the same things on Windows API’s is infinitely more complex and slow.

  3. This is pretty cool. I’d like to suggest that when recieveing a message from an unknown user on Yahoo/MSN that spellcheck be used somehow to see if the message is likely legitimate or not. Most spam I’ve gotten has junk characters and tons of non-netspeak misspellings in it.

  4. I get the type of spam with links to download viruses, on MSN. The problem is that its my friends’ accounts who I’m getting the message from. The virus keep sending me the message and if you respond to it, it logs off.

    “check out these awesome pics from the awesome party (spam link)”

    So I can’t block the people because when they are really them, I like need to talk to them, but the virus that spamming everyone else is quite annoying to. It would be awesome if we could work out a solution to this,

    Thanks,
    NichM

  5. erm, how can I put this? Some of the people I know would not be able to answer, What is the Square Root of 49 🙂

    Could you not keep it simple i.e. what is sum of four plus three or What is ten minus three?

    Somthing easy and quick, that doesnt require much in the way of though or education?

    It would still perform its function.

  6. Oooh, just though, something you can work out even when you have had a little drinky or two 🙂

  7. This is awesome! Not for me of course, because I don’t get any spam using Adium, but I can see it’s usefulness. One more reason to use Adium (or pidgin if you MUST work on a PC sometimes) over the MSN and Yahoo clients. Also thanks for the info on why no PC Adium, Synthetic Frost, that’s the best documented reason I’ve heard yet. I do know a lot of PC users that drool over Adium, though. I guess they should consider a Mac to get all the really cool stuff that goes along with all the fabulous security and bullet proof OS that is OSX.

  8. I’m with mollask, sweet! Though I personally haven’t had a problem with spam. You mentioned wanting to do some sort of spam filtering before challenging. How about using Askimet [http://akismet.com] for spam filtering?

    @Atlantic Wave Radio: from the screenshot it looks like you can set the challenge question to be anything you want. So if math isn’t your thing something like “What is my first name?” would also be a valid challenge.

  9. @Atlantic Wave Radio: You set the question and answer, so you could say “What color is the sky on a clear day?” and have an answer of “Blue.” I hope your friends could answer that! 🙂

  10. Nice plug-it! ok .. but what about to simply block any message from unknown contacts ? MSN (the MS Client) does it …

  11. ok … im a big dumb. RTFM Marco !!!!! LOL

  12. I’ve installed this plugin, but now I’m receiving an error message when spammers sent me a message: “Message could not be sent because an error with the switchboard occurred:”

  13. Yeah i get the same “switchboard” error that Xico is getting.

  14. @Tom/Xico, have you restarted Adium since installing the plugin? Are you using Adium 1.3.2?

  15. Yes. I’m using Adium 1.3.2 and restarted Adium.

  16. yeah same here.

  17. Exact same problem here.
    1.3.2 and getting the same error.

  18. For anyone worrying about the difficulty of the challenge question — mine is set to “Type ‘yes’ (with no quotes) and hit return.” (with some additional explanatory text). You can absolutely tell them exactly what to say, bots won’t be able to understand it anyhow. 🙂

  19. Same problem with the ‘Message could not be sent because an error with the switchboard occurred:’ message here

  20. I’d like maybe a growl notification if someone sends me a message but doesn’t answer the question or answers it wrong

  21. Why not block all first-time messages that include a web address in them? Cause spam wouldn’t be very effective if it didn’t have a web address attached…

    Either that, or you could set the ‘challenge’ to “Hey, what’s up?” and then the ‘response’ to anything at all. Spammers won’t write back, but everyone else will.

  22. Or is there a way to block all messages except ones from your contacts?

  23. John: yes, Adium’s ‘privacy options’ menu item. It’s been there since 1.0.

  24. Amazing. This is much better for me. Thanks David!

  25. Greetings. I am still having problems with Yahoo IM connection. I have had for at least a couple of months. It won’t connect at all. I’ve checked all the forums and the tickets with similar problems seem to be crossed out yet I’m unresolved. I don’t know how to start a new ticket. What do I do to get access to Yahoo again? Thank you.

  26. This is an excellent idea. I think you can go a step further, and make computers, not humans to solve the challenges to detect spam.
    I’ve wrote down some ideas on this in my blog post:

    http://notbrainsurgery.livejournal.com/35666.html

  27. Any update to the “message could not be sent because an error with the switchboard occurred” problem? This greatly reduces the value of the plugin for me.

  28. I receive 20-40messages a day, this is the answer to my spam problems!!

  29. http://corlive.com is the answer to the spam problem, nothing like im or email will ever work imho, as long as programms can send messages automatically.

  30. spammer i hate them why dont u block this spammers

  31. This is nice but it would be nicer if Adium could just use the setting from MSN’s Privacy settings like the previous version (1.3.1) did. The settings I am referring too? Allow: only those in your contact list and Block: All other users.

    I wouldn’t mind if I could just download the older version again.

  32. I don’t think this is the solution for me, because I think that an automated answer will “verify” my account for the spammers, leading to more spam on unfltered clients (iPhone).

    I don’t need a Bayesian filter, either. I just need to filter everything that contains “http:” and isn’t from a buddy, and in authorisation-requests, too. I think that might be useful for others as well.

  33. Another type of spam IM that you’d likely need to filter out is this kind: “Hey changed my account my new one is blah_blah@hotmail.com” or “Hi I want to chat but this is my work account. Can you message me on my personal account blah_blah@hotmail.com looking foward to chatting.” I suppose there is some sort of auto reply with web info for some skin site and of course automated spamming/selling of a confirmed good email account but I have not, nor will I ever, reply to these so I can’t confirm my hypothesis.

  34. Will someone please explain this option in the above screen shot?

    “Hide messages from blocked users.”

    I thought if you block someone, you’ll never see their messages. Now we have an option to toggle if we want to see the users messages or not? Wouldn’t this make “Block User” ineffective?

    I’m so confused.

  35. @ http://adiumx.com/blog/2008/11/working-on-stopping-spam/#comment-3190

    Exactly.

    So… Why not add a feature that will challenge any person who sends a URL?

  36. @Doug: certain services (aka MSN) still allow blocked users to message you but not see your status.

  37. @ Andy:

    Because of how MSN works, it does not really matter if you click those links or not. MSN clients respond with an ACK (acknowledgment) packet as soon as you get the message, so the bot knows if your screen name exists immediately. Our backend, Pidgin, does it this way because it’s the proper way for the client to respond when offered an IM challenge. What everyone here is seeing (Switchboard not responding errors) is that the bots do not respond with the ACK (Why would they? They’re just there to spam the network), so the MSN code gets confused and assumes that the bot is disconnected. What we need it a filter, and if the message is highly likely to be spam, don’t send the ACK to the source.

  38. This only blocks the message, but the message WINDOW still pops up and says the message can’t be displayed. Make it so no windows from the spamming bastards show if they get the question wrong. The whole point is to limit the number of windows/tabs you get, I hate getting 3 tabs of crap when I’m on Adium.

  39. I love Adium

Post a Comment


Logged in as - Logout