Spam Increases Make Things Tough For Companies

dosten sent us a link to a story running on Cnet about the spam epidemic. My favorite stat is that by 2006, we'll be getting 1400 spam a year. Of course, I already get that every week. Talks about foreign spam relays, block lists, and so on. Decent piece explaining a huge problem that's only getting worse.

Resume bots

[skippy5066]

The biggest offender for me? Resume bots. I post my resume to see if people are hiring, and I get 12 messages a day from OTHER resume posting sites trying to get me to go there and post again.

If they're smart enough to grab my email addy, why can't they harvest my resume too and leave me alone?

-skip

Law makers might realize the problem.

[www.sorehands.com]

Maybe after seeing this lawmakers will realize the extent of the problem.

The Chinese government ignored SPAM problems, until enough people blacklisted China and then they took notice.

Maybe we should forward all the spam that we receive to congress, with a little note attached. Maybe they would take notice, then.

Growth, Growth, Growth....

[mlknowle]

The 1400 number is a bit sketchy; I think to assume that SPAM will continue to grow at a current rate for four years is more than a bit unreasonable.

On the contrary, I think one of two things will happen:

1. SPAM will explode long before 2006 - the number of messages will grow to such an extent that a political solution will become unavoidable. In effect, the SPAMers will SPAM themselves out of existence - but not without paralyzing the net for some time.

2. SPAM click rates will continue to fall, and bandwidth costs will soar, so eventually the point will be reached that most SPAM will no longer be viable economically- this may be some time away, but I think it is certainly a possibility.

Even if costs increase, something tells me that 1) is far more likely to occur than 2)..... But the most likely thing to happen will be that I move to a address-book-only-accepted mailbox setup... Sigh.....

How profitable is spam?

[Yoda2]

I know its cheap, but I'm really curious to see how much spammers really profit from their ads. There has to be a certain profile for the person who really believes that they can enlarge their penis by "clicking here".

Maybe the spammers should focus on only AOL addresses since their members seem to like daily solicitation, and leave the rest of us alone!

Re:How profitable is spam?

[AnotherBlackHat]

know its cheap, but I'm really curious to see how much spammers really profit from their ads. There has to be a certain profile for the person who really believes that they can enlarge their penis by "clicking here".

Maybe the spammers should focus on only AOL addresses since their members seem to like daily solicitation, and leave the rest of us alone!

Opinions vary, but I believe that the response rate is 1-3 per 10,000.
Responses aren't sales, but if we use junk mail as a guide, there's approximately a 10%
sell through rate. That means 1-3 sales per 100,000. As a guess, most crap sold via spam
is about 90% profit and sells for about $40.00. A dedicated spammer could easily saturate the market,
which is about 150,000,000 people. That works out to about $50,000.
That's a lot of assumptions, but I believe $50,000 is within an order of magnitude of correct.
Not enough to excite me, but unfortunately more than enough to keep those assholes going.

I have a friend who works for an ISP. He claims a spammer offered to pay the ISP $10,000
a month to cover the cost of dealing with the spam complaints, if they were allowed to continue spamming.
The spammer clearly thought that spam was worth more the $10,000 a month.

-- Spam Wolf, the best spam blocking vaporware yet!

This may be the only way to keep up:

[TheFlu]

Here is, what I believe to be, a better approach to fighting SPAM: Tagged Message Delivery Agent(TMDA)

1,400 per YEAR

[NickPest]

Internet researcher Jupiter Media Metrix estimates that consumers will receive about 206 billion junk e-mailings in 2006--an average of 1,400 per person, compared with about 700 per person this year.

Still, that's only about 4/day which seems very conservative to me.

not blacklists, whitelists

[einer]

This has been mentioned before (but I'm too lazy to search for the artcile), but blacklists aren't the answer. As inconvenient as it sounds, whitelists are the way to go. If your e-mail address isn't on the whitelist, your message doesn't get delivered. When a message is received that isn't on the whitelist, an automated message is sent to the sender informing them that they can be added to the whitelist by replying to this e-mail with a provided hash/password. Once they reply to the notification e-mail, they are whitelisted and their original message is delivered. Anyone who wanted to maintain a whitelist could do so, those who didn't want to bother with it could deal with the spam.

Re:Overblown article

[telbij]

First of all, I think you are right that simply deleting spam is not all that difficult or expensive. But in practice there are many more costly effects spam can have that can drive up the average cost ($1 is still pretty high though):

• Employees may actually waste time clicking on spam links
• High-bandwidth graphical spam can bring slow computers and connections to their knees
• Spam can obfuscate legitimate emails, causing them to be deleted by accident in a flurry of spam deletions
• I've experienced crashes that may have been caused by the huge volume of email, or the piss-poor HTML code, but definitely had to do with spam. Data loss is unquantifiable.

All in all, I think having an administrator try to filter out spam before it gets to the 45,000 employees is a good idea. I mean, if a spam targets only 20,000 employees, they will still have to spend the 5*20,000 seconds to collectively delete the single spam that an admin could take care of at the root (also saving bandwidth and storage space). Throw in the issues of employees working with slow computers and slow connections and I can definitely see a full-time spam admin.

Re:I block Asia, Russia and other places

[alcmena]

I prefer "support@[website]". For example, to get RealPlayer to quit bugging me, my email address it was assigned was "support@real.com". I also make an extra effort to ensure all the correct check boxes are selected to "yes" as well. :)

Re:Suggestions to avoid spam.

[bero-rh]

If you are getting 40 spams a day, you are doing something stupid.

No, not necessarily. I get about 80 spams a day, and I've tracked most of them down to a couple of things:

• The bug-gnu-utils list is gated to spamnet, formerly known as usenet. While I post to bug-gnu-utils with an obfuscated addresses these days, I can't prevent people from sending bug reports to bug-gnu-utils and Cc'ing me -- thereby making my address visible to spambots harvesting spamnet.
• Address mentioned in public places by someone else, such as "If you're seeing that bug in the Red Hat packages only, contact their packager at ..."
• Address listed on a website (feedback requests, without obfuscating the address to make it easier for users) - this is also what generates a lot of spam on our security contact address

All of those aren't stupid things to do - but spammers make use of them nevertheless.

Pointing them to my SMTP server's terms of service and trying to claim payment usually doesn't generate a response at all. [And if you can't afford a lawyer, trying to take a spammer to court won't do much good]

Actually, the only spammer ever to react to one turned out to be a 14 year old kid who fell for a "make money fast, we assure you it's legal" scam, and I don't really want to make a victim pay more than they have.