Slashdot Mirror
Spam Increases Make Things Tough For Companies
dosten sent us a link to a story running
on Cnet about the spam epidemic. My favorite stat is that by 2006, we'll be getting 1400 spam
a year. Of course, I already get that every week. Talks about
foreign spam relays, block lists, and so on. Decent piece explaining
a huge problem that's only getting worse.
The biggest offender for me? Resume bots. I post my resume to see if people are hiring, and I get 12 messages a day from OTHER resume posting sites trying to get me to go there and post again.
If they're smart enough to grab my email addy, why can't they harvest my resume too and leave me alone?
-skip
The Chinese government ignored SPAM problems, until enough people blacklisted China and then they took notice.
Maybe we should forward all the spam that we receive to congress, with a little note attached. Maybe they would take notice, then.
Fight Spammers!
The 1400 number is a bit sketchy; I think to assume that SPAM will continue to grow at a current rate for four years is more than a bit unreasonable.
On the contrary, I think one of two things will happen:
1. SPAM will explode long before 2006 - the number of messages will grow to such an extent that a political solution will become unavoidable. In effect, the SPAMers will SPAM themselves out of existence - but not without paralyzing the net for some time.
2. SPAM click rates will continue to fall, and bandwidth costs will soar, so eventually the point will be reached that most SPAM will no longer be viable economically- this may be some time away, but I think it is certainly a possibility.
Even if costs increase, something tells me that 1) is far more likely to occur than 2)..... But the most likely thing to happen will be that I move to a address-book-only-accepted mailbox setup... Sigh.....
Maybe the spammers should focus on only AOL addresses since their members seem to like daily solicitation, and leave the rest of us alone!
Here is, what I believe to be, a better approach to fighting SPAM: Tagged Message Delivery Agent(TMDA)
--It's Pimptastic!--
Internet researcher Jupiter Media Metrix estimates that consumers will receive about 206 billion junk e-mailings in 2006--an average of 1,400 per person, compared with about 700 per person this year.
Still, that's only about 4/day which seems very conservative to me.
I noticed a massive increase in the amount of spam that I was getting. Fortunately I am running my own FreeBSD server for mail and I simply updated access lists for the frequent offenders. That blocked some, but I was still getting a great deal of mail coming in.
Finally I was told that I can identify countries by their IP block. Now that I block Korea, Russia and other countries I am not back down to my normal daily allowance of 2 pieces of spam a day.
I also have a spam blocking strategy others may want to use. Since I run my own domain I create an alias for every website which wants me to register. For example, here I have an alias for slashdot@offwhite.net which is posted along with my comments. I also have one for cdnow.com@offwhite.net, cnn.com@offwhite.net, etc. When I sign up for a newsletter or post comments I will know where the incoming spam originated. Unfortunately I found that my slashdot alias was the culprit for much of the mail. Spammers are obviously scraping this site.
After I put my spam blocking lists in place, in addition to the normal RBL features you can do with spam I am block tons of mail for me and all the users on my server. And in a single day the daily report that FreeBSD sends out shows that I blocked 111 pieces of mail just for my offwhite.net domain.
Perhaps eventually I can release some of these offending domains from my access/blocking list, but for now I am simply returning an obscure message that the user was not found. It is my hope that they simply remove my name from their lists. One can only hope.
Brennan Stehling - http://brennan.offwhite.net/blog/
As others have pointed out, this is 1400 a year, not per day. Malda needs to learn to read.
Secondly, I find the figure of $1 per spam to be kind of ludicrous. It takes me about 5 seconds to recognize a piece of mail is spam and delete it. 5 seconds of my time isn't worth $1. And the 10k it took the mail server to store the message and fraction of a penny in bandwidth aren't worth a dollar either.
If corporate anti-spam offices are costing that much, then they're wasting their money. Let employees delete their own spam messages. It's really not that hard. It wastes maybe 5 minutes per week of my time. Is it annoying? Absolutely. Is it an "epidemic"? I don't think so.
I hate spam as much as the next guy, but a sense of perspective is important. The technology to filter spam is rapidly advancing, and ISP's often *do* respond to complaints. Once Asia gets with the program, I'd expect this problem to subside somewhat.
(Disclaimer: not directly relevant, but I thought I'd share.) My email address is scannable from Usenet posts made when I was young and foolish, so there is no hope of it not being available to spammers. But, since using Spamcop, my spam levels decreased, and today at 9 AM MST, for the first time in years I checked my mail and it was spam free. I'm starting to suspect that spammers now keep lists of email addresses of people who are vigilant in reporting spam, and deleting them from their lists. (My hope is, that the CDs in which my email address resides, are now considered "no good," not just my address.) So, there is hope.
I don't think that will fix the problem, except increase the amount of lawyers in the world, and we can be sure that's not good.
I know two wrongs don't make a right, but I would actually respect script kiddies and the like if they targetted spammers instead of everyone. Someone cracking into the spamhouses and creating havoc on their networks, thrashing their servers, and randomly destroying spam programs would make for some good storytelling on slashdot.
I say screw the legal road, they're using 'illegal' and sneaky ways to take over systems - I say we give it right back to them.
Normally if that happens to a sysadmin or friend of mine, I am apologetic - having this happen to spam scumbags, I would cheer from the sideline.
This has been mentioned before (but I'm too lazy to search for the artcile), but blacklists aren't the answer. As inconvenient as it sounds, whitelists are the way to go. If your e-mail address isn't on the whitelist, your message doesn't get delivered. When a message is received that isn't on the whitelist, an automated message is sent to the sender informing them that they can be added to the whitelist by replying to this e-mail with a provided hash/password. Once they reply to the notification e-mail, they are whitelisted and their original message is delivered. Anyone who wanted to maintain a whitelist could do so, those who didn't want to bother with it could deal with the spam.
It helps if you run your own mail server, I do.
Three months ago I changed my email address. I told all my friends and created a new email address for them. Then, for every site I registered with, I used a slightly different address. I created a few generic addresses as well, for online shopping or one-time stuff.
So far, only places I actually visited have sent me spam, but now it's easy enough to cut them off.
And the mail is not annoying, I don't mind getting a buy.com sale email, because I buy from them.
It's a simple solution, and it works well.
As the anti-spam vigilantes have become more shrill, more dogmatic, more draconian, and have moved into causing "collateral damage" to sites whose only crime is being neighbors of a spam sewer, the spam continues to increase.
I submit that DNSBL and public blacklists are a failure. They have not done anything substantial to stem the tide of junk email, as this article shows.
In fact, from what I can tell, the spammers use the various DNSBL, especially the ones that list open relays, in order to locate their next set of victim relays. They could not care less that a relative handful of fanatics who use the DNSBL as intended will not be seeing their message. In fact, they are probably happy to ensure that their message will not be seen by those who are most likely to report them and try to get their activities shut down.
Edith Keeler Must Die
Since around Dec 7, 2000, (the date I installed Spamassassin [a really great spam-catcher I must say!] on my mail server) I have received around 650 spam messages.
By the way, spamassassin is really really good. I have not had any mail that was personal get flagged as spam, (only a few list-serv messages) and out of all those spams, about 5, certainly less than 10 spam messages actually made it through without being flagged as spam!
If you get a chance, try spamassassin. It uses razor, and many of the RBL lists, as well as key-words. Plus it's really configurable, to match your prefs.
I'm probably going to install spamassassin on several of my clients mail servers to block spam site-wide.
Cheers!
That's not a lot, by a friggin longshot. I know Taco is in a unique situation, where people would put him on a list for paybacks or vendettas or whatever form of agression they are taking for not having their story accepted. Me, in a position where I really, really try to keep spam out of my inbox by only giving it to places I deem worthy, and removing myself from lists where I believe that will do me any good, I still get about 15 a day. Filtering out 90% helps, which might make it to 1400 spams a year that reach my inbox. But whoever is doing this study must really know how to repevent the uncolicited crap away If 4 a day is too much for them to handle.
Th
It's perfect for registering online or leaving a temporary contact address. I've used it almost exclusively for one of my accounts, and I get virtually no spam on that account. It's a lifesaver.
I can highly, HIGHLY recommend that you sign up with them. You'll thank me later.
Mr. Ska
Back when e-mail was invented, say, in 1623 (I'm too lazy to do actual research), people used it as a basis of instant communication between two or more parties.
(Some people used it as a basis of communication between only one party; however, these people were usually either the types who needed to write themselves little sticky notes, or they had disassociative identity disorder.)
Considering how small the 'Internet' was back during the days of the first e-mail (I use quotes because, again, I've not done my research; and I'm uncertain whether e-mail or the 'net itself came first), e-mail was developed with a very open set of rules:
I create a server.
I set up a few accounts.
I open a port to allow for e-mails to be sent to me.
People connect to my computer, write me a message, and then magically disappear.
In time, relaying was invented, and was implemented such that the existing mail servers could be used as relay points -- I send an e-mail from my computer, it gets bounced around until it reaches its recipient.
Thus, the entire idea of e-mail.
I hate to say it, but... This world of e-mail is greatly polluted. I'm not talking about Gulf of Mexico polluted -- this is pre-1972 Lake Erie polluted.
So... Why not re-invent the wheel? We've been so concerned with building filtering applications, and layers upon layers over the basic SNMP protocol that we've forgotten that no matter how many bridges we build, we're still going to be able to look down and see the same polluted water.
With this in mind, I call for a new type of e-mail service to be offered by various providers. One that explicitly denies old protocol e-mails. Something akin to Internet2, but for the public masses. Built-in encryption, a prerequisite (as well as several mechanisms) to determine that not only is the sender valid, but the router its sent from is uncompromised.
While this won't solve all the problems associated with spam, it'll certainly alleviate them. With a protocol designed from the ground up to disallow things such as anonymous e-mails or misrepresented e-mail addresses; as well as several other measures which would make for not only for a secure, but unpolluted e-mail atmosphere, we can abandon the current system which has become so polluted with the waste, filth, and garbage known as 'spam'.
Thank you.
Yeah, I think that one comes from Acme!
No way this will ever happen! Ever hear of junk mail (not spam email, real paper junk mail)? Has it become unviable? No. As a matter of fact, it is the most effective form of advertising. As more and more people worldwide use email, targeted spam will become as effective as the direct mail is now.
The spam is green. It is still in its infancy as a marketing medium.
Curb CO2 emissions: Kill yourself today!
Well, let's say your moral compass has been permanently derailed and you are planning to enter the "spamming industry." You can buy CDs with e-mail lists for cheap (I believe it's something in the order of 1 million names for $100). You also would use a program to find open relays and exploit them (why run your own mail server when you can hijack someone else's for less dough). Then you forge your e-mail headers (after all, you don't want to deal with messy details like bouncing e-mails and angry recipients).
Now say you send out a million spam e-mails. Your cost is $100 or so (the cost of the list) and whatever you're using for your Internet connection. That's less than a penny per person. If one hundredth of one percent of those names were to send $5 each, you'd take in $500, or about $400 profit. And that's just from one mailing. You'd ignore any "remove me off this #&*#&@ list" e-mails (actually, with the forged headers you wouldn't see them) and send another round hoping to lure in more suckers.
Now these aren't hard and fast numbers, but you can see how some people are lured into the "easy money." Of course, breaking into people's homes and taking valuables is "easy money" also, but spammers somehow convince themselves that they have a constitutional right to misuse other people's bandwidth and time for their own personal gain.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
All the SPAM'ers cite freedom of speech. Well, I wanna know what the hell happened to your rights ending where mine begin?
The problem of SPAM on fax machines back in the 80's, due to the fact that paper/toner/etc. cost $$ as well as tying up a business' fax line prompted a law that bans SPAMing fax machines. It was the use of resources and stopping of business that got this law passed.
Well, bandwidth is a resource, and if a major ISP's mail service is unusable for a good chunk of time, that's a stopping of business.
I pay for my bandwidth to run my own server. Using my resources (bandwidth), for a purpose I don't approve of, should be considered theft. It might be different for a dialup user (the end user doesn't pay for bandwidth, they pay a monthly fee for access, the ISP pays for the bandwidth, usually).
I'm so incredibly sick of SPAM! Oh, and by all means, I don't want to limit SPAM to commercial mail. I think any email that is soliciting, be it a campaign contribution, a donation to the kidney fund, or religion oriented ("come join us in fellowship", blah) should be considered SPAM as well.
Although, having said all that, I think that legislation is only part of the problem. I think what we need is a modification to the SMTP protocol itself that makes it easy and lightweight to identify and handle these types of email, and legislation enforcing this.
Something like identifying the message as spam immediately after the HELO or RCPT TO, or perhaps even requiring spam to use another port!
But even that's not enough because you know those direct marketing jackasses will still send it without the proper identifiers.
I'm real close to setting up a system where you have to give me your email address and I have to approve you to send me email or I'll never see it. (with a seperate dump account for registrations for web boards, etc.)
Don't mess with any of the fields in emails, or forward anything to the gov't types. Just create a few web pages with the email addresses of the folks you want to take official notice of the problem, and let the spam spiders do all the work. A few test posts to usenet with those addresses included for those harvesters would also help.
Any deception on your part makes you look bad, not the poor mislead spammer. Spammers are bad enough on their own, just maybe they need a push to go after the people you want particularly mad at spam.
You're just jealous 'cuz the voices talk to *me*
I think SPAM could be limited if our government dedicated more resources to white collar crime and fraud than to other pursuits like the war on drugs.
Most of what passes for SPAM in my mailbox is either prima facie fraudulent products (penis enlargers) and offers (stock "tips") or setups to fraudulent web sites for porn or related items.
If people who did these scams were actually investigated and ultimately jailed with great frequency we would have fewer SPAM messages. They have to be invetigatable because there has to be a way for them to get money from your pocket to theirs.
Also, I think that there'd have to be few convictions. Merely having the FBI/SEC/ATF show up and start doing a serious investigation is enough to scare a lot of people into other lines of fraud.
This wouldn't do anything for offshore scammers, but I have a feeling that the offshore places are going to have to get their shit together or they will start finding lots of the 1st world net blackholed to all of their data.
b) It's clear that a technological filtering solution is probably not the ideal way to go because ultimately, any filtering scheme doesn't address the issue that the SPAM is out there and it's still flooding our networks, regardless if you detect it as a SPAM or not.
The only conclusion is that we really need to fix the problem at it's source. Change the SMTP protocol to include a handshaking/whitelisting layer. Is there a reason why the big mail server makers and mail client makers couldn't get together and work on an extention of the protocol that would make the protocol secure?
To me, this is a no brainer and it's probably the only way to go at this point.
No, not necessarily. I get about 80 spams a day, and I've tracked most of them down to a couple of things:
All of those aren't stupid things to do - but spammers make use of them nevertheless.
Pointing them to my SMTP server's terms of service and trying to claim payment usually doesn't generate a response at all. [And if you can't afford a lawyer, trying to take a spammer to court won't do much good]
Actually, the only spammer ever to react to one turned out to be a 14 year old kid who fell for a "make money fast, we assure you it's legal" scam, and I don't really want to make a victim pay more than they have.
This message is provided under the terms outlined at http://www.bero.org/terms.html