Slashdot Mirror
Spam Increases Make Things Tough For Companies
dosten sent us a link to a story running
on Cnet about the spam epidemic. My favorite stat is that by 2006, we'll be getting 1400 spam
a year. Of course, I already get that every week. Talks about
foreign spam relays, block lists, and so on. Decent piece explaining
a huge problem that's only getting worse.
The biggest offender for me? Resume bots. I post my resume to see if people are hiring, and I get 12 messages a day from OTHER resume posting sites trying to get me to go there and post again.
If they're smart enough to grab my email addy, why can't they harvest my resume too and leave me alone?
-skip
The Chinese government ignored SPAM problems, until enough people blacklisted China and then they took notice.
Maybe we should forward all the spam that we receive to congress, with a little note attached. Maybe they would take notice, then.
Fight Spammers!
The 1400 number is a bit sketchy; I think to assume that SPAM will continue to grow at a current rate for four years is more than a bit unreasonable.
On the contrary, I think one of two things will happen:
1. SPAM will explode long before 2006 - the number of messages will grow to such an extent that a political solution will become unavoidable. In effect, the SPAMers will SPAM themselves out of existence - but not without paralyzing the net for some time.
2. SPAM click rates will continue to fall, and bandwidth costs will soar, so eventually the point will be reached that most SPAM will no longer be viable economically- this may be some time away, but I think it is certainly a possibility.
Even if costs increase, something tells me that 1) is far more likely to occur than 2)..... But the most likely thing to happen will be that I move to a address-book-only-accepted mailbox setup... Sigh.....
Maybe the spammers should focus on only AOL addresses since their members seem to like daily solicitation, and leave the rest of us alone!
Here is, what I believe to be, a better approach to fighting SPAM: Tagged Message Delivery Agent(TMDA)
--It's Pimptastic!--
Internet researcher Jupiter Media Metrix estimates that consumers will receive about 206 billion junk e-mailings in 2006--an average of 1,400 per person, compared with about 700 per person this year.
Still, that's only about 4/day which seems very conservative to me.
I noticed a massive increase in the amount of spam that I was getting. Fortunately I am running my own FreeBSD server for mail and I simply updated access lists for the frequent offenders. That blocked some, but I was still getting a great deal of mail coming in.
Finally I was told that I can identify countries by their IP block. Now that I block Korea, Russia and other countries I am not back down to my normal daily allowance of 2 pieces of spam a day.
I also have a spam blocking strategy others may want to use. Since I run my own domain I create an alias for every website which wants me to register. For example, here I have an alias for slashdot@offwhite.net which is posted along with my comments. I also have one for cdnow.com@offwhite.net, cnn.com@offwhite.net, etc. When I sign up for a newsletter or post comments I will know where the incoming spam originated. Unfortunately I found that my slashdot alias was the culprit for much of the mail. Spammers are obviously scraping this site.
After I put my spam blocking lists in place, in addition to the normal RBL features you can do with spam I am block tons of mail for me and all the users on my server. And in a single day the daily report that FreeBSD sends out shows that I blocked 111 pieces of mail just for my offwhite.net domain.
Perhaps eventually I can release some of these offending domains from my access/blocking list, but for now I am simply returning an obscure message that the user was not found. It is my hope that they simply remove my name from their lists. One can only hope.
Brennan Stehling - http://brennan.offwhite.net/blog/
I don't think that will fix the problem, except increase the amount of lawyers in the world, and we can be sure that's not good.
I know two wrongs don't make a right, but I would actually respect script kiddies and the like if they targetted spammers instead of everyone. Someone cracking into the spamhouses and creating havoc on their networks, thrashing their servers, and randomly destroying spam programs would make for some good storytelling on slashdot.
I say screw the legal road, they're using 'illegal' and sneaky ways to take over systems - I say we give it right back to them.
Normally if that happens to a sysadmin or friend of mine, I am apologetic - having this happen to spam scumbags, I would cheer from the sideline.
This has been mentioned before (but I'm too lazy to search for the artcile), but blacklists aren't the answer. As inconvenient as it sounds, whitelists are the way to go. If your e-mail address isn't on the whitelist, your message doesn't get delivered. When a message is received that isn't on the whitelist, an automated message is sent to the sender informing them that they can be added to the whitelist by replying to this e-mail with a provided hash/password. Once they reply to the notification e-mail, they are whitelisted and their original message is delivered. Anyone who wanted to maintain a whitelist could do so, those who didn't want to bother with it could deal with the spam.
As the anti-spam vigilantes have become more shrill, more dogmatic, more draconian, and have moved into causing "collateral damage" to sites whose only crime is being neighbors of a spam sewer, the spam continues to increase.
I submit that DNSBL and public blacklists are a failure. They have not done anything substantial to stem the tide of junk email, as this article shows.
In fact, from what I can tell, the spammers use the various DNSBL, especially the ones that list open relays, in order to locate their next set of victim relays. They could not care less that a relative handful of fanatics who use the DNSBL as intended will not be seeing their message. In fact, they are probably happy to ensure that their message will not be seen by those who are most likely to report them and try to get their activities shut down.
Edith Keeler Must Die
Since around Dec 7, 2000, (the date I installed Spamassassin [a really great spam-catcher I must say!] on my mail server) I have received around 650 spam messages.
By the way, spamassassin is really really good. I have not had any mail that was personal get flagged as spam, (only a few list-serv messages) and out of all those spams, about 5, certainly less than 10 spam messages actually made it through without being flagged as spam!
If you get a chance, try spamassassin. It uses razor, and many of the RBL lists, as well as key-words. Plus it's really configurable, to match your prefs.
I'm probably going to install spamassassin on several of my clients mail servers to block spam site-wide.
Cheers!
It's perfect for registering online or leaving a temporary contact address. I've used it almost exclusively for one of my accounts, and I get virtually no spam on that account. It's a lifesaver.
I can highly, HIGHLY recommend that you sign up with them. You'll thank me later.
Mr. Ska
Back when e-mail was invented, say, in 1623 (I'm too lazy to do actual research), people used it as a basis of instant communication between two or more parties.
(Some people used it as a basis of communication between only one party; however, these people were usually either the types who needed to write themselves little sticky notes, or they had disassociative identity disorder.)
Considering how small the 'Internet' was back during the days of the first e-mail (I use quotes because, again, I've not done my research; and I'm uncertain whether e-mail or the 'net itself came first), e-mail was developed with a very open set of rules:
I create a server.
I set up a few accounts.
I open a port to allow for e-mails to be sent to me.
People connect to my computer, write me a message, and then magically disappear.
In time, relaying was invented, and was implemented such that the existing mail servers could be used as relay points -- I send an e-mail from my computer, it gets bounced around until it reaches its recipient.
Thus, the entire idea of e-mail.
I hate to say it, but... This world of e-mail is greatly polluted. I'm not talking about Gulf of Mexico polluted -- this is pre-1972 Lake Erie polluted.
So... Why not re-invent the wheel? We've been so concerned with building filtering applications, and layers upon layers over the basic SNMP protocol that we've forgotten that no matter how many bridges we build, we're still going to be able to look down and see the same polluted water.
With this in mind, I call for a new type of e-mail service to be offered by various providers. One that explicitly denies old protocol e-mails. Something akin to Internet2, but for the public masses. Built-in encryption, a prerequisite (as well as several mechanisms) to determine that not only is the sender valid, but the router its sent from is uncompromised.
While this won't solve all the problems associated with spam, it'll certainly alleviate them. With a protocol designed from the ground up to disallow things such as anonymous e-mails or misrepresented e-mail addresses; as well as several other measures which would make for not only for a secure, but unpolluted e-mail atmosphere, we can abandon the current system which has become so polluted with the waste, filth, and garbage known as 'spam'.
Thank you.
- Employees may actually waste time clicking on spam links
- High-bandwidth graphical spam can bring slow computers and connections to their knees
- Spam can obfuscate legitimate emails, causing them to be deleted by accident in a flurry of spam deletions
- I've experienced crashes that may have been caused by the huge volume of email, or the piss-poor HTML code, but definitely had to do with spam. Data loss is unquantifiable.
All in all, I think having an administrator try to filter out spam before it gets to the 45,000 employees is a good idea. I mean, if a spam targets only 20,000 employees, they will still have to spend the 5*20,000 seconds to collectively delete the single spam that an admin could take care of at the root (also saving bandwidth and storage space). Throw in the issues of employees working with slow computers and slow connections and I can definitely see a full-time spam admin.No, not necessarily. I get about 80 spams a day, and I've tracked most of them down to a couple of things:
All of those aren't stupid things to do - but spammers make use of them nevertheless.
Pointing them to my SMTP server's terms of service and trying to claim payment usually doesn't generate a response at all. [And if you can't afford a lawyer, trying to take a spammer to court won't do much good]
Actually, the only spammer ever to react to one turned out to be a 14 year old kid who fell for a "make money fast, we assure you it's legal" scam, and I don't really want to make a victim pay more than they have.
This message is provided under the terms outlined at http://www.bero.org/terms.html