Slashdot Mirror

← Back to Stories (view on slashdot.org)

Crazy Stats on Spam

Posted by CmdrTaco on from the if-only-that-was-it dept.

gtaylor writes "An article in the Korea Times says that market research firm Emforce has established that South Korean internet users average about 1600 pieces of spam annually, summing to around 39 billion pieces of spam per year. According to the same story, Americans receive about 2500 pieces of spam per year." I figured that I get somewhere around 30-40,000 pieces of spam annually. Lucky me... I get *this* statistic to be on the other side of the bell curve :)

34 of 316 comments (clear)

  1. Interesting survey by .sig · · Score: 3, Interesting

    What I think would be an interesting addition to this would be to look at how much spam finds it's way onto newsgroups and weblogs such as this. My guess would be several orders of magnitude more, quite a waste of time and energy.

    If they were typing randomly odds are one of them should have produced the next Hamlet by now.

    --
    -Space for rent
    1. Re:Interesting survey by flacco · · Score: 5, Funny
      If they were typing randomly odds are one of them should have produced the next Hamlet by now.

      And they would have titled it: "Spamlet".

      --
      pr0n - keeping monitor glass spotless since 1981.
    2. Re:Interesting survey by waitdyahoo.com · · Score: 3, Interesting

      Here is another stat that would be intersting to find out what percentage of all internet trafic is devoted to Spam.

      Would the net speed up 5% if all spam was made illigal?

  2. hmm... by arson1 · · Score: 5, Funny

    But the email said it was an exclusive deal just for me!

    --


    --
    Don't sweat the petty things, and don't pet the sweaty things.
  3. How do you tell what is and isn't spam? by Quasar1999 · · Score: 4, Interesting

    What is spam? Unsolicited emails for unknown people? Unsolicited emails from companies you once did business with? Unsolicited email from companies you still do business with? Unsolicited email from relatives? How do you measure spam if you can't even define it?

    --

    ---
    Programming is like sex... Make one mistake and support it the rest of your life.
    1. Re:How do you tell what is and isn't spam? by medcalf · · Score: 3, Insightful

      My definition, adopted from long enough ago that I can't remember who said it, is:

      1. any email sent to more than 5 people who don't know the sender and didn't request the email
      2. any posting on more than 5 newsgroups

      Content is irrelevant.

      I suppose I would say that spam is getting to be an undefined term these days. It is raking in "classic spam" and also unsolicited advertising via email or posts on non-sales-related newsgroups or weblogs. Soon it will probably include any email from anyone you don't know, or who doesn't name you in the to: or cc: lines, or whatever.

      --
      -- Two men say they're Jesus. One of them must be wrong. - Dire Straits
  4. How is SPAM distributed? by sam_handelman · · Score: 3, Interesting

    The posters mention of being on the "far side of the bell curve" raises an interesting question - how is Spam distributed? Obviously, it's not a bell curve; a significant number of people are getting as much Spam at the submitter, and a significant number of people are getting none. If 5% of "users" (do they mean user/person or user/address?) are getting as much Spam as the submitter, and everyone else is getting next to none, than Spam is not nearly as much of a problem as this article indicates.

    For example, as a person, I get a lot of spam. But almost all of it is going to my old account at the university of california (when I left I started giving the address to anybody who wanted one, for any reason.) However, the addresses I actually use get none.

    --
    The good and new comes from no quarter where it is looked for, and is always something different from what is expected.
  5. Razor by Reelworld · · Score: 3, Interesting

    I've got so fed up of spam over the festive season that I finally got off my butt and installed Razor as featured on /. the other day. I've always been kind of against the complete black-hole idea, so Razor was very attractive.
    So far I'm quite impressed. Easy to install (a couple of lines in procmailrc) and it's picked up about 50% of the spam I've received so far - importantly it hasn't flagged any legitimate messages as spam. Of course, I reported the other 50%, so that hopefully others won't have to endure them. The nice thing about the systems is that the more people that use it, the more effective it gets. It's not perfect, but in this mean 'ole spam-filled world, it's a good place to start.

    1. Re:Razor by Tony+Hoyle · · Score: 3, Interesting

      I did something similar... I installed spamassassin and because I didn't entirely trust it, configured it to redirect everything marked 'spam' to a separate email address.

      It was so successful at home (100% hitrate!) I installed it on the gateway at work. It only mis-diagnoses about one message a week (for some reason it doesn't like sports related e-magazines) but I can whitelist the domains where required. I've only had one spam in my inbox since (mutated nigerian scam) & people keep saying 'what spam problem... I haven't had a spam for weeks!'.

      The spam trap has approx. 2000 emails in it so far.. I keep them all out of morbid fascination. Perhaps one day I'll find a spammer I really hate and sent the lot to them!

  6. It must work on someone. by Xenopax · · Score: 5, Funny

    You have to figure that is the average person is receiving 2500 spam emails a year, then the spammers must be getting enough feedback to make it worthwhile. If you think about it, you don't need a high rate, or even moderate rate, of responses from mass mailings since a small percentage could cover your spamming costs. What we need to do is find the small percentage that is responding to this mail and whack them over the head, otherwise it will never end.

    1. Re:It must work on someone. by WolfWithoutAClause · · Score: 3, Funny

      I think the normal phrase is:

      "There's a sucker born every minute."
      The real point is that we don't want people to become suckers- the law is supposed to protect them to some extent.

      --

      -WolfWithoutAClause

      "Gravity is only a theory, not a fact!"
    2. Re:It must work on someone. by rgmoore · · Score: 5, Insightful

      Not necessarily. Arguing that spam must work because people keep trying it is like arguing that "Make money fast" must work because people keep sending it (or variants on it). All that's required for people to keep spamming it is that they think that it works, not that it actually does work. My guess is that the only spam that actually gets a big enough response rate to justify sending it is the kind that advertizes spamming services. Unfortunately, we'll only know for sure in 10 or 20 years when everyone who's unscrupulous enough to try spamming has done so. If they all give up because it doesn't work, we'll know that it was a failure and people were just trying it because they didn't know any better. If it keeps up indefinitely, we'll know that it does work and we'll have to start revoking net access of anyone dumb enough to reply.

      --

      There's no point in questioning authority if you aren't going to listen to the answers.

    3. Re:It must work on someone. by gus+goose · · Score: 5, Funny
      If a fool is born every minute, and there are (according to the CIA) 21.37 births per 1000 people, and (according to the US Census) there are about 6.1billion people, then there are 130Mil. births per year, or about 250 births per minute. Since one of these is a fool (and I think that is very low), then about 0.4% of the population are fools. Thus, if only fools respond to spam, then you only need to send 250 spam to get one response. Assuming that fools are less computer literate (proportionally few fools have e-mail), then you would need to send more to get a response, but not by much.

      On the other hand, in the past there were fewer births per minute, and thus there were proportionally more fools. This improves the spammer's hit rate.

      So, to answer your question, you get about 1 in 250 'hits' for spam.

      gus

      --
      .. if only.
  7. Re:why? by daeley · · Score: 3, Insightful

    You should spam a bunch of people with the above message, add "Would you like to know my secret?", and see how much dough you can rake in. Now *that* would be a study. :)

    --
    I watched C-beams glitter in the dark near the Tannhauser gate.
  8. Fight SPAM with Postfix by toupsie · · Score: 3, Interesting
    I used to run only sendmail for my SMTP needs but I found it a pain to administer when it came to SPAM. In the last year, I have moved all the e-mail servers I manage over to Postfix. Since I have done the switch, I am killing SPAM very effectively -- some still slip through but not many.

    By checking my logs for the last 24 hours, I have killed over 800 SPAMs for my 100+ users. If this is a 'typical day' in the life of my e-mail server (though I am seeing more around Christmas than ever), I am killing ~3,000 SPAMs per year per user. Not only does blocking SPAM give me a deep sense of personal satisfaction it gives me more time during my work day to do more important duties (like reading Slashdot) because I don't have users calling me to complain about the sex ads, mortgage offers and fly by night investment opportunities in their e-mail box.

    I would love to see the US Congress require all e-mail marketeers to be opt-in instead of opt-out (with the Death Penalty for violators). However, I don't know if this would be effective as most of the SPAM coming in is from foreign servers (mainly Asian nations).

    --
    Strange women lying in ponds distributing swords is no basis for a system of government.
  9. Been reading too much spam. by MindStalker · · Score: 3, Funny

    Wow, I've been reading so much spam latly, that I honestly read the headline as, "Crazy Sluts on Spam" at first!

  10. my only question... by mrroot · · Score: 3, Funny

    ...is about the penis enlargement spam.

    I mean, how did they know to send it to me?

    --
    I Heart Sorting Networks
  11. Re:Ofcourse the numbers are so big... by flacco · · Score: 4, Funny
    Finally, millions of people have a hotmail account. And there, they forget to point out that they don't want to be listed in the so-called White Pages, a main source for spammers.

    Don't you mean "Microsoft Preferred Retailing Associates"?

    --
    pr0n - keeping monitor glass spotless since 1981.
  12. The Lack of an Anti-Spam Lobby by DaveWood · · Score: 4, Interesting

    It somtimes amazes me that politicians would pass up such an excellent opportunity to please the electorate at so little political cost to themselves - why not just ban spam? All of the ingredients are there:

    1) Issue affects better educated citizens who are more likely to vote
    2) No one likes spam. No one at all. Except for the spammers, that is
    3) It's a magnet for all kinds of illegal activity
    4) Unsolicited faxes are already prohibited - the technical and legal parallels are clear as day

    And yet every time spam bills appear, they disappear, or are neutered, with lightning speed. Then I remember. This is America.

    With the exception of what I have heard politicians refer to as "hot button" issues (abortion, gun control, school prayer), the sad reality is that almost nothing gets through congress unless someone is paying for it.

    Congressionals and members of the executive are so deluged with paying customers that they seldom have time to worry about the real world. The rest of the time, rivals routinely block each others' attempts to pass any legislation as a matter of principle or habit or a continuous cycle of revenge, usually across party lines.

    --
    We're on the road to Tycho.
    1. Re:The Lack of an Anti-Spam Lobby by legLess · · Score: 5, Interesting

      Actually, the Direct Marketing Association loves spam. They see that dead-tree mail is going the way of the dodo, and more communication every day is electronic. They see spam as a wonderful way to increase their reach and simultaneously lower their costs.

      They're thinking long-term: in 25 years, they want to be able to legally send anything to anyone, ideally with little or no cost to themselves. Science fiction is replete with examples of this thinking: intelligent door agents or house-bots who spend (too) much of their time filtering what we've come to think of as spam (i.e. unsolicited electronic communication).

      The DMA sees the Internet as a "push" medium, with themselves as the prime pusher. "We'll tell you what you need, and want," they say.

      In summary, this is sadly not as much a no-brainer for Congress as you'd think or hope. The DMA has been throwing huge money at this problem for years, and will continue to do so. Don't trust Congress to do the Right Thing.

      --
      This isn't as much "normalization" as it is "don't take so many drugs when you're designing tables."
  13. Marketing analysis by Proaxiom · · Score: 5, Funny
    I read something once about advertisers and marketers trying to build lists of people according to their known interests so advertising can be more cost-effective.

    Based on the e-mails I get, it would seem the advertising community has me pegged as a debt-ridden pervert with a small unit, sexual dysfunction, no education, and a penchant for get rich quick schemes.

    I wonder how they know that. I must be an open book.

  14. Re:*sigh* by Tackhead · · Score: 3, Informative
    > One would think that spam should be tracable back to the source. Email server keeping track of the IP and time, server giving out the IP keeping track of who used the IP at the time. Then it would be likely that people could complain and get the IP to block said person.

    In many cases, it's easy to trace the spam back to the ISP from which it was sent, or to the ISP that's hosting the spamvertized website.

    The problem comes when the spammer's ISP is unresponsive, either because they don't give a fsck about the problem, or because they're being paid well enough by the spammer.

    SPEWS presents an interesting solution to the problem. In a nutshell, networks that harbor spammers get listed, and you can configure your mail server to use that list to refuse traffic from spam-harboring network providers.

    The more people that use services such as SPEWS, the more likely it is that large, unresponsive ISPs (you know who you are) who also happen to have legitimate customers will receive mail from those customers saying "Hey! Clean up your act so people stop rejecting all mail from your customers! You've got real customers to service, not just spammers, you know!" and will be forced by market necessity to take their network abuse problem seriously.

    If you're a user of one of these networks, and don't like the fact that some of your mail now bounces, look at it this way. You're living in a crackhouse, and your landlord is doing nothing to solve the problem. We're tired of dealing with your neighbors' rusty needles and used condoms. If your landlord won't clean up the building because he'd rather have a crack dealer's protection money than your rent, maybe it's time you moved somewhere civilized.

  15. spamcop.net by Neon+Spiral+Injector · · Score: 4, Informative

    With the last article about spam that ran on Slashdot. I saw someone mention spamcop. I knew of the service, but never really checked it out before.

    After reading most everything on their site, I figured I'd sign up for their pay filter service. Not really to stop the spam (that is just a nice added benifit), but just for ease of reporting the spammers.

    Since signing up spamcop has probally stopped around 50 spams to me a day. Still about 5 a day slip through (and perhaps 1 false positive a day). I have reported all of the spam. I think I've recieved about 8 responces total to my reports, and I keep getting spam from the same places.

    I'm pretty impressed with the service. At $0.50 a megabyte it isn't too expencive (but I shouldn't have to pay to not recieve e-mail). They are planning on going to a flat rate of $3 a month (which will be good for me as they estimate I'll be paying about $7 a month at my current rate).

    Anyway, check it out if you haven't before, www.spamcop.net. At least report some of the spam you get using their free service to help build a bigger data base of open relays and other bad Internet company.

    1. Re:spamcop.net by rodbegbie · · Score: 3, Informative

      I've been using Spamcop for the last 9 months as a reporting tool, but for filtering, I'm a huge fan of SpamAssassin. It's a bit of a bitch to build and install (leaving a vital patch file out of the distribution tar probably isn't the smartest thing to do), but dear god, it does the job right.

      Plus, you can configure it to use Spamcop's black-list so you get the benefit of Spamcop's filters too.

      Sysadmins/users with an ounce of savvy should check this bad boy out.

      rOD.

      --
      Rod Begbie done this, and he's not
  16. Re:What this says... by morcego · · Score: 3, Interesting

    * The U.S. is where the money is or * The U.S. is where the stupid people are

    Well, this is kind of interesting.
    You see, I have, basically, 4 e-mail domains I use.
    - 1 .org address
    - 1 .org domain
    - 3 .br addresses at a major ISP domain
    - 1 .br address at my work

    Even though something like 80% of the e-mails I receive is at my work address, I still have the following percentage of spam:

    - 1 .org address -> 3%
    - 1 .org domain -> 50%
    - 3 .br addresses at a major ISP domain -> 90%
    - 1 .br address at my work -> 3%

    So, as you can see from my Completly Unacurate Statistcs Study(tm), it seens to me that your domain is more relevant to the amount of spam you receive then the country of it
    Just to give an additional data, my .org domain is the most widely known of them. My address e-mail is the second best. My addresses from the ISP are the least known, and are the ones that received (percentage) the most spam.
    Something like 15 spams reach my e-mail boxes every day, which amounts for something like 5475 spams/year. Considering that my evasive measures and filters get something like 80% of all the spam directed to me, we can consider that I have around 30000 spams/year target at me. And I live in Brazil. So not, it's not something only Americans are subject to.

    --
    morcego
  17. Spam laws by Alsee · · Score: 5, Informative

    Spam sucks. Spam is a problem. Spam is a BadThing.

    But don't push for SpamLaws. It is just an invitation for them to pass other stupid net-laws. Laws are regional, the internet is not. It won't work. The treatment will be worse than the disease.

    Lawmakers do not understand the internet. Tell them to keep their hands off.

    We are better off working out our own solutions - blackhole lists, filtering software, etc.

    -

    --
    - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
  18. Re:Hey, let's build a prison just for them by Tackhead · · Score: 5, Funny
    > Yeah, make them read their own spam mail once for each person they sent it to. Or let's say twice. There has to be some punishment involved. ;-)

    1) Jail spammer in special spammer's prison.
    2) Give spammer an email address.
    3) Publish spammer's address on USENET, preferably in an MLM or pr0n newsgroup.
    4) Mail spammer, three times a day, an email message telling him his meal is ready, which he can print out to requisition his meal.
    5) Deny spammer the use of filtering tools. If the spammer starves to death because he can't find his meal tickets among the spam, that's his problem.

    I mean, why should he need a filter for his mail? Every spammer I've talked to - from trailer-trash to DMA executive - says it's easy to Just Hit Delete, right? It only takes a few seconds a day!

    And I'm sure there are so many interesting offers in his mailbox, if he's not interested, he can always Just Hit Delete, right?

    Ah, what I wouldn't give to be a warden in such a prison.

  19. Re:Hotmail included? by Lussarn · · Score: 3, Informative

    We run small webmail in sweden. 80000 registred users. We get over 100 spam/min which we catch on the connect. 100 spam/min which we catch before it is even sended to us and the rest get through. Don't really know how many that is but it's many.

    We use only the rbl lists right now. Filters take CPU/mem and our E450 2*250mhz 1gb is running at 80% now.

    It's an ongoing fight to catch those spamers. It seems to be getting worse at christmas too.

    Most spam are "guessing spam" where the spammers are just guessing username@ourdomain.

  20. Re:When will people learn? by linuxlover · · Score: 5, Informative
    I have the same setup.

    To report spam, the _easiest_ way is through spamcop.net. You signup (free) and they will send you an email address to forward your emails. So all you do is forward the email as an attachment which preserves all the headers. Spamcop will do the tedious work of hunging down the headers adn open relays abused and send a report to those automatically.

    I have been using it for a week now, and absolutely love it. Give it a try. You'll be glad you did.

    LinuxLover

  21. The Missing Stat - SNR! by nyquist_theorem · · Score: 5, Insightful

    Unsolicited mass emails are never going to go away 100%. It frustrates me that so much time and energy and print/webspace is given to studies and articles that don't include what I would think to be the most important indicator of spam's level of infiltration - Signal to Noise Ratio. Sure, the "average" user gets xxx Spam per day/year/minute, but on what amount of traffic? If the "average" user gets 1600 spam out of 1700 emails, that's obviously very bad, but 1600 on 170,000 emails a year is a lot better. The poster's comment about being on the wrong side of the bell curve doesn't neccesarily mean he's getting more spam than most people as a ratio of spam-to-legit-emails. I would be most interested in studies that analyze the SNR, for in doing so I think we'll see (even more clearly!!) that there is indeed a spam problem that must be dealt with through enforceable legislation and/or international agreements.

    As a side note, I have taken to giving out different email addresses for every place I'm asked for one, and using a "catch-all" from my domain, for example my email address here is slashdot@theoretica.net, but it might be goatpornmailinglist@theoretica.net or vic20overclockerslist@theoretica.net for other places. That way not only can I see what spammers got my email address from where, but I can also block a given address once its been overcome with spam - you know those places where you are asked for an email address and you just *know* you are going to get spammed senseless for providing it, but you must to get a login or pwd or whatever?

    I also have OE move everything that's been BCC'd to me into a spam folder, mark it as read, and review it once a week.

    --
    -- "Ignorance more frequently begets confidence than does knowledge." (Charles Darwin)
  22. sold on sales by Erris · · Score: 3, Interesting
    What we need to do is find the small percentage that is responding to this mail and whack them over the head, otherwise it will never end.

    Whack my grandmother at your peril, it's never going to end.

    The ultimate fools are those who buy your logic and pour money into advertising. This works just as well for the suckers who buy "harvester" software as it does for folks who buy billboards. All it buys the purchaser is customer anoyance. The more advertised something is, the less likely I am to buy it. Unfortunatly there's a sucker born every minute who thinks "brand recongition" can be earned in some way other than solid performance, positive reviews and customer satisfaction.

    Never trust someone who connives.

    --
    DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
  23. I wonder what costs the economy more warez or spam by smartin · · Score: 3, Interesting

    Maybe the current govt crack down is targeted at the wrong set of Internet wrong doers.

    --
    The difference between Canada and the USA is that in Canada healthcare is a right and gun ownership is a privilege.
  24. Ten tips to reduce spam by clarkie.mg · · Score: 3, Informative
    1. Do not post your email on a website or in newsgroups.

    2. Use a separate email address for subscribing to web sites. If that email gets spammed, change your email on web sites you want to continue to use, delete your second email and create a new one.

    3. Use 2 emails, one for your job and one for your private use. That way, you won't get porn or stupid jokes at your job and your company won't monitor your private emails.

    4. Never reply to a spam. If you have to unsubscribe, do it on the web.

    5. If you want to put your email on the web or in newsgroups or on any system that can be digitally scanned for emails, disguise your email so that only a human can read it. Example myname@isp.com becomes myname(AT)isp(DOT)com.

    6. Use a tool for filtering your incoming email.

    7. Never forward an email chain letter. They are all scams. If you absolutely want to forward one, check the information before.

    8. If you have subscribed to mailing-lists, check or ask if it is indexed on the web and if your email is diclosed there. Ask for removal or dedicate another email to that list that you will delete/change when it gets spammed.

    9. If you have time, read the headers of spam emaiks and complain to the ISP that the spammer used.

    10. There are many tools and advice on the web:
      abuse.net
      cauce

    Updates to this list are in my journal.
    --
    Men are born ignorant, not stupid; they are made stupid by education. Bertrand Russel
  25. My experience as an open mail relay by Thagg · · Score: 5, Informative

    I reconfigured our mail server a month or so ago, and, well, misconfigured it, so that it was an open mail relay on our DSL line. It took the bad guys about 2 weeks to notice; at which point we all of a sudden started getting hit with tens of thousands, then hundreds of thousands of relays through our server per day.

    I'm only a part-time sysadmin, so I didn't realize what was wrong for a couple of days, just noticed that the mail server was slow...during that time perhaps half-a-million messages were forwarded by my machine. Unforgivable, I know. I didn't realize the threat; and most of it happened over a weekend.

    On Monday, I spent a few hours finding out what was going on, and madly tried to cancel the messages by hand from the mail queue, before I did the right thing and installed the latest version of sendmail -- which by default doesn't relay.

    For the next several weeks, I've been petitioning the various spam reporting lists to take us off of their blacklists. I have to say that everybody was reasonable in this respect. It took some time to hunt them all down, but I think I have them all. If you are doing this yourself, http://relays.osirusoft.com has a great resource for checking what lists your server is blacklisted with.

    The only good thing to come out of this is that during the cleanup phase, spammers continued to try to relay spam through my site, and I was able to get several of those accounts cancelled by calling up the various email abuse departments at their ISPs. (My favorite was worldcom, I called them and they answered "Abuse!" I told them that I really wanted an argument...) The biggest disappointment was @home, who required a 1-week waiting period before shutting down a really high-volume spamming operation.

    I was surprised how quickly my open relay was discovered, and then how quickly that information was distributed among quite a few (at least 40) spammers. Perhaps they watch incoming spam to see where it is relayed from; and harvest those to run their own spam.

    Anyway -- my apologies to the community. It won't happen again.

    thad

    --
    I love Mondays. On a Monday, anything is possible.