Slashdot Mirror

← Back to Stories (view on slashdot.org)

Crazy Stats on Spam

Posted by CmdrTaco on from the if-only-that-was-it dept.

gtaylor writes "An article in the Korea Times says that market research firm Emforce has established that South Korean internet users average about 1600 pieces of spam annually, summing to around 39 billion pieces of spam per year. According to the same story, Americans receive about 2500 pieces of spam per year." I figured that I get somewhere around 30-40,000 pieces of spam annually. Lucky me... I get *this* statistic to be on the other side of the bell curve :)

12 of 316 comments (clear)

  1. Bell Curve by PoiBoy · · Score: 2, Informative
    Mod me offtopic, but I must...

    I figured that I get somewhere around 30-40,000 pieces of spam annually. Lucky me... I get *this* statistic to be on the other side of the bell curve :)

    The normal distribution, aka the "bell curve", has absolutely nothing to do with the distribution of the number of pieces of spam received annually. If anything, I would guess that the distribution has a long right tail: most people receive somewhere around the median amount of spam, but a relatively few users (such as slashdot readers) receive a much larger amount.

    In general, numbers of anything do not just happen to be normally distributed. Central limit theory discusses the asymptotic normal distribution of sample means under suitable conditions, but generally very little can be said about the underlying population's distribution. Please refrain from talking about something having a particular distribution unless you know (or can test statistically) that it does. It's usually a sign of ignorance.

    --
    Sig (appended to the end of comments you post, 120 chars)
  2. When will people learn? by Gaccm · · Score: 2, Informative

    I can see why for somehoe with an email address shown on slashdot might get tons of spam, but the far majority of regular users could easily not get spam anymore. Here are the steps i did to not get spam EVER.

    1. don't use your isp's email address. I don't know why, but those always get lots of spam. I think its because the isp gives you webspace, in a folder named from your username. So a spambot just needs to go to aol.com/users/ read all the folder names and tack on @aol.com.

    2. have 2 email addresses, one which is for actual usage, such as communicating with friends. The other is just for all the things where you have to give a valid email address to sign up.

    Thats all i did, and it works great for me. I guess a possible third step is that, if you get any spam, to ALWAYS hunt it down. look in the headers of the email, find where it came from (for example, aol.com) and forward the spam to abuse@aol.com, if that doesn't exist, forward it to webmaster@aol.com, root@aol.com, admin@aol.com, administrator@aol.com and any other names you can think of.

    --

    Only dead fish swim with the stream...
    1. Re:When will people learn? by linuxlover · · Score: 5, Informative
      I have the same setup.

      To report spam, the _easiest_ way is through spamcop.net. You signup (free) and they will send you an email address to forward your emails. So all you do is forward the email as an attachment which preserves all the headers. Spamcop will do the tedious work of hunging down the headers adn open relays abused and send a report to those automatically.

      I have been using it for a week now, and absolutely love it. Give it a try. You'll be glad you did.

      LinuxLover

  3. Re:*sigh* by Tackhead · · Score: 3, Informative
    > One would think that spam should be tracable back to the source. Email server keeping track of the IP and time, server giving out the IP keeping track of who used the IP at the time. Then it would be likely that people could complain and get the IP to block said person.

    In many cases, it's easy to trace the spam back to the ISP from which it was sent, or to the ISP that's hosting the spamvertized website.

    The problem comes when the spammer's ISP is unresponsive, either because they don't give a fsck about the problem, or because they're being paid well enough by the spammer.

    SPEWS presents an interesting solution to the problem. In a nutshell, networks that harbor spammers get listed, and you can configure your mail server to use that list to refuse traffic from spam-harboring network providers.

    The more people that use services such as SPEWS, the more likely it is that large, unresponsive ISPs (you know who you are) who also happen to have legitimate customers will receive mail from those customers saying "Hey! Clean up your act so people stop rejecting all mail from your customers! You've got real customers to service, not just spammers, you know!" and will be forced by market necessity to take their network abuse problem seriously.

    If you're a user of one of these networks, and don't like the fact that some of your mail now bounces, look at it this way. You're living in a crackhouse, and your landlord is doing nothing to solve the problem. We're tired of dealing with your neighbors' rusty needles and used condoms. If your landlord won't clean up the building because he'd rather have a crack dealer's protection money than your rent, maybe it's time you moved somewhere civilized.

  4. spamcop.net by Neon+Spiral+Injector · · Score: 4, Informative

    With the last article about spam that ran on Slashdot. I saw someone mention spamcop. I knew of the service, but never really checked it out before.

    After reading most everything on their site, I figured I'd sign up for their pay filter service. Not really to stop the spam (that is just a nice added benifit), but just for ease of reporting the spammers.

    Since signing up spamcop has probally stopped around 50 spams to me a day. Still about 5 a day slip through (and perhaps 1 false positive a day). I have reported all of the spam. I think I've recieved about 8 responces total to my reports, and I keep getting spam from the same places.

    I'm pretty impressed with the service. At $0.50 a megabyte it isn't too expencive (but I shouldn't have to pay to not recieve e-mail). They are planning on going to a flat rate of $3 a month (which will be good for me as they estimate I'll be paying about $7 a month at my current rate).

    Anyway, check it out if you haven't before, www.spamcop.net. At least report some of the spam you get using their free service to help build a bigger data base of open relays and other bad Internet company.

    1. Re:spamcop.net by rodbegbie · · Score: 3, Informative

      I've been using Spamcop for the last 9 months as a reporting tool, but for filtering, I'm a huge fan of SpamAssassin. It's a bit of a bitch to build and install (leaving a vital patch file out of the distribution tar probably isn't the smartest thing to do), but dear god, it does the job right.

      Plus, you can configure it to use Spamcop's black-list so you get the benefit of Spamcop's filters too.

      Sysadmins/users with an ounce of savvy should check this bad boy out.

      rOD.

      --
      Rod Begbie done this, and he's not
  5. Spam laws by Alsee · · Score: 5, Informative

    Spam sucks. Spam is a problem. Spam is a BadThing.

    But don't push for SpamLaws. It is just an invitation for them to pass other stupid net-laws. Laws are regional, the internet is not. It won't work. The treatment will be worse than the disease.

    Lawmakers do not understand the internet. Tell them to keep their hands off.

    We are better off working out our own solutions - blackhole lists, filtering software, etc.

    -

    --
    - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
  6. Re:Hotmail included? by Lussarn · · Score: 3, Informative

    We run small webmail in sweden. 80000 registred users. We get over 100 spam/min which we catch on the connect. 100 spam/min which we catch before it is even sended to us and the rest get through. Don't really know how many that is but it's many.

    We use only the rbl lists right now. Filters take CPU/mem and our E450 2*250mhz 1gb is running at 80% now.

    It's an ongoing fight to catch those spamers. It seems to be getting worse at christmas too.

    Most spam are "guessing spam" where the spammers are just guessing username@ourdomain.

  7. Fighting spam by jestapher · · Score: 2, Informative

    If you are in states with so-called "anti-spam" laws, you can start taking legal action against spammers. Check out:

    Sorry for the Washington-heavy links; it's my home state.

  8. Re:Fight SPAM with Postfix by Anonymous Coward · · Score: 1, Informative

    However, I don't know if this would be effective as most of the SPAM coming in is from foreign servers (mainly Asian nations)

    Sure, the spam (note the lowercase form: its not an acronym and its not spiced pork and ham) might be coming from Asian servers but the products and...er... services they offered are almost always US-centric. I'd bet good money that any money being made is going to American porn-kings and rip-off merchants. Asian servers are just easier to send spam from in general.

  9. Ten tips to reduce spam by clarkie.mg · · Score: 3, Informative
    1. Do not post your email on a website or in newsgroups.

    2. Use a separate email address for subscribing to web sites. If that email gets spammed, change your email on web sites you want to continue to use, delete your second email and create a new one.

    3. Use 2 emails, one for your job and one for your private use. That way, you won't get porn or stupid jokes at your job and your company won't monitor your private emails.

    4. Never reply to a spam. If you have to unsubscribe, do it on the web.

    5. If you want to put your email on the web or in newsgroups or on any system that can be digitally scanned for emails, disguise your email so that only a human can read it. Example myname@isp.com becomes myname(AT)isp(DOT)com.

    6. Use a tool for filtering your incoming email.

    7. Never forward an email chain letter. They are all scams. If you absolutely want to forward one, check the information before.

    8. If you have subscribed to mailing-lists, check or ask if it is indexed on the web and if your email is diclosed there. Ask for removal or dedicate another email to that list that you will delete/change when it gets spammed.

    9. If you have time, read the headers of spam emaiks and complain to the ISP that the spammer used.

    10. There are many tools and advice on the web:
      abuse.net
      cauce

    Updates to this list are in my journal.
    --
    Men are born ignorant, not stupid; they are made stupid by education. Bertrand Russel
  10. My experience as an open mail relay by Thagg · · Score: 5, Informative

    I reconfigured our mail server a month or so ago, and, well, misconfigured it, so that it was an open mail relay on our DSL line. It took the bad guys about 2 weeks to notice; at which point we all of a sudden started getting hit with tens of thousands, then hundreds of thousands of relays through our server per day.

    I'm only a part-time sysadmin, so I didn't realize what was wrong for a couple of days, just noticed that the mail server was slow...during that time perhaps half-a-million messages were forwarded by my machine. Unforgivable, I know. I didn't realize the threat; and most of it happened over a weekend.

    On Monday, I spent a few hours finding out what was going on, and madly tried to cancel the messages by hand from the mail queue, before I did the right thing and installed the latest version of sendmail -- which by default doesn't relay.

    For the next several weeks, I've been petitioning the various spam reporting lists to take us off of their blacklists. I have to say that everybody was reasonable in this respect. It took some time to hunt them all down, but I think I have them all. If you are doing this yourself, http://relays.osirusoft.com has a great resource for checking what lists your server is blacklisted with.

    The only good thing to come out of this is that during the cleanup phase, spammers continued to try to relay spam through my site, and I was able to get several of those accounts cancelled by calling up the various email abuse departments at their ISPs. (My favorite was worldcom, I called them and they answered "Abuse!" I told them that I really wanted an argument...) The biggest disappointment was @home, who required a 1-week waiting period before shutting down a really high-volume spamming operation.

    I was surprised how quickly my open relay was discovered, and then how quickly that information was distributed among quite a few (at least 40) spammers. Perhaps they watch incoming spam to see where it is relayed from; and harvest those to run their own spam.

    Anyway -- my apologies to the community. It won't happen again.

    thad

    --
    I love Mondays. On a Monday, anything is possible.