Slashdot Mirror
AOL Cans 1 billion Spams In One Day
linuxwrangler writes "AOL announced today that its spam filters hit the 1 billion reject mark for a 24 hour period. This is an average of 28 rejects per day per member. In addition, AOL spam engineers say they receive 5.5 million spam submissions each day from AOL users. Other reports here(1) and here(2)."
28 per subcriber per day caught.
Only leaves 103 apeice...
TODO: Something witty here...
And how many got through?
Well, maybe they are, but that's not what's reported in the article.
AOL users are reporting 5.5 million spam messages a day to customer service.
In the AOL "Mail Center" there is an option to "Allow ALL mail". I take it this doesn't work, or that AOL should change it to "Allow all mail that we decide to let through..." ?
If this is true, can you imagine how much bandwidth and disk space is wasted by spam. I'd be willing to bet that the money lost to spam exceeds the money lost to pirate software and mp3's combined.
The difference between Canada and the USA is that in Canada healthcare is a right and gun ownership is a privilege.
It would be interesting to see the code behind AOL's spam filters. What do they consider spam? Does the email have to contain a certain percentage of capitalized letters, come from a certain user/address, have lots of embedded images etc?
If the filter is anything like the filters in use in public schools and library networks, then it would be a fair guess that quite a few legit emails were blocked by the filters. It seems like writting an intelligent filter is pretty hard.
find / -name "*.sig" | xargs rm
Ah, frea speach. What an overrated 'right' that is. Sorry, but your precious Amendment only prevents the government from shutting you up. There's no reason AOL can't censor you, and there's nothing to stop the Slashdot mods putting you to -1. That was settled long ago; Sanford Wallace, the Ralsky of his day, sued AOL and Compuserve for filtering his junk out, and he lost.
It costs AOL $2 per month per user just to handle the spam traffic. AOL's huge userbase makes them a magnet for dictionary attacks. If you want an unfiltered mail feed, then by all means pay someone extra for spam storage, or run your own mail server.
Real Daleks don't climb stairs - they level the building.
I just totaled up the logs for the spam graph I keep for our mail server. In maybe a year and a half, we've caught approx. 1.6 million spams. I thought we were doing well.
But Jesus Christ! Who here wants to start a pool? We'll bet on how long it'll take before AOL has stopped a googol of spam, total. I bet two and a half years; three tops.
Carousel is a lie!
No, we have not. Spam is the #1 complaint we get from our users. They don't want the stuff, so we're fighting it. We block what they ask us to block.
But, of course, we're AOL and this is Slashdot, so naturally everything we do is wrong.
-BK
Chemical Blog
I'm kind of torn on this issue. On the one hand, I hate spam and those who allow it to proliferate. On the other hand, I abhor censorship in any form. I wouldn't have an issue with this at all if AOL simply provided its users with the *tools* to eliminate their own spam if they choose to do so. My problem with this is that AOL itself is deciding to filter its members' email, and making the determination itself as to what is and is not "spam". That's a reckless step down a slippery slope, in my opinion.
If AOL wants a strong anti-spam law passed so spammers can more easily have criminal charges or civil lawsuits brought against them, they ought to consider completely stopping the filtering so their customers get overwhelmed with junk e-mail. When the customers complain, AOL then tells the customer to contact their congressperson and complain about it and demand something be done.
I would guess that deleting spam is about as expensive as transmitting it for an ISP. that is the processor intensive task of scoring and removing a spam probably is a wash with the processor light task of tranmitting and storing it. Now for the sake of argument lets just guess a wild number for the cost of filtering or passing along a spam. lets say 0.001 dollars.
if that were true then a billion spam deleted would cost AOL 1million dollars per day (plus the ones that got through). that would be a third of a billion dollars a year. THat seems way to high. So it must be less. SO maybe its 0.000001 cents?? that would come to a third of a million dollars a year.
My guess is that the latter is probably a good guess. why? well how many engineers has AOL assigned to the de spamination? perhaps a third of a million dollars worth every year? it would of course not make sense to spend more on de spamination than the harm it costs.
so anyhow assuming this wild guessing is within an order of magnitude then the proper charge to fine a spammer would be some multiple of 0.000001 dollars per spam sent. which is not an awful lot.
so is spam really that costly to ISPs??? Maybe not
Some drink at the fountain of knowledge. Others just gargle.
Apparently AOL users can set up their accounts to reject ALL email originating outside AOL (as if the rest of the internet were worse SPAMmers than AOL folks). Amazingly, this setting is turned on on some accounts (many, I suspect) without them even knowing it. I run a webserver for a few businesses, and we get LOTS of mail bounced back from AOL account for this reason. It's a real pain when, for example, an AOL customer is trying to sign up on our site, and their account activation key gets bounced back to us because of this stupid setting. I bet they're counting all these messages in their total.
Convert RSS to HTML - integrate webfeeds into your website
I run a small web server and answer lots of questions on Usenet Linux groups. I run a small business. I own several domain names. I've had the same email address for about 4 years now. As a consequence, I get somewhere on the order of 20 messages a day that get past my SpamAssassin filters to my inbox. On a good day I get about 50 filtered by SpamAssassin. On a bad day there may be 100-150 spams. My procmail filters show over a thousand spams since this month started.
20 messages not so bad? Well, the subjects are deceptive -- "Re: Contract Extension", "Proposal for Work", etc.. If they get past the filters they're likely to be valid so I end up checking them. Each costs me 5 seconds or so. OK, 5 minutes a day wasted may not be a huge amount. Multiply that by a year and I've lost a day to reading spam.
Let's talk about my Netscape account. I used to use it for personal email. Each week it receives close to a thousand spams. It's completely useless now. The problem is that some old friends still have that email address so occasionally they send me something. If I catch it I'll tell them about another personal address but why should I have to?
Bandwidth, as you've noted, is negligible for me. But the cost in time (both for reading and for implementing a spam filtering policy) is not.
I remember some survey from years ago that asked "if you could press a button and someone on the other side of the World would die, but you'd recieve 1,000,000 dollars, would you do it?". I'm now wondering, if you could press a button, and a spammer, somewhere would die - would YOU do it? Scary as it seems to me, I'd probably say "yes"...
Code, Hardware, stuff like that.
Having all email routed to my inbox means that my figures above include dictionary attacks.
Using tagged addresses also runs up the total a lot. Every time I give out my email address, either on a registration form or in a public posting, I use a different tag.
I started tagging addresses in the early days of spam. Remember when we foolishly thought we could attach a disclaimer to usenet posts along the lines of "send me spam, and I'll bill you $50 under the anti-fax laws"? Well, I was dumb. I figured that in order to "prove" that unsolicited email was unsolicited, I had to have some proof of how the spammer got my email address, and that I had a clear disclaimer.
The good news: I have a pretty good idea of which of my online activities generate spam (e.g., posts to control.cancel and *.test, my NIC registrations, and usenet group-creation votes all seem to be popular for the spam-database trollers)
The bad news: I can easily get hit 30, 40, or 50 times for any one mass-spewing a spammer decides to do.
The totals above contain NO false positives -- they're all tied to tagged addresses which only produce spam. Not included are the 50 or so false negatives I get a day, which get tackled through other means.
Thanks for doing your part. I worked with the abuse department at DirecTV Broadband before they went out of business, and I know when our abuse department fell behind on shutting down spammers, AOL notified us that they were about to block some of our customers' IP blocks. This happened multiple times, and we were able to use the threat to convince management to give us some additional manpower to handle the work.
None of us will probably use AOL's service, but their abuse department certainly earned our respect.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
My provider is of the opinion that email is a luxury--they provide it but make no guarantees--and it shows. I'd switch but they are the only ISP that can provide me with broadband.
I run an email server for my private needs. It is not an open relay and I do not spam but there is one RBL that has decided that any mail coming directly from the user IP address space of my provider is suspicious. I've never had a problem but my fiance, Kim, has run into a few servers that bounce her emails.
If you've guessed that AOL is now blocking mail from my server then you guessed correct. Kim doesn't have many contacts on AOL and they don't get much mail from her but she discovered, within the last week, that mail to any of these contacts bounces back.
So AOL's solution to block spam is to use RBL's--the message specifically mentions the familiar RBL that blocks my address range. I understand that the RBL's are in a difficult situation because their task is monumentally difficult but at least one has chosen an easy way out. I've long considered this RBL to be practicing bad netizenship and I now feel justified because their services are being utilitized by the provider who has been historically associated with bad netizens.
However, nothing says I can't post a screenshot of my spam-box as viewed via pine.
For the poster who asked about the amount of spam-per-address...to be honest, I'm not sure. I didn't keep a good record of how many different tags I've used, and I'm not entirely sure how to adjust for the effects of dictionary attacks.
I'd guess that I easily somewhere between 70-100 spams per day to the address I originally used in the InterNIC record for my domain, for example, but I haven't kept stats at that level.
I'm unfortunately running a tar pit. But I've got to make up a measurable portion of submissions to uce@ftc.gov...not that that does any good.
So yeah, I get way more than my fair share of spam, because of being curious/stupid and tagging my address. I'm certainly not representative of how much spam Joe Average NetUser is getting. However, I think my spamlog may be interesting reading in the context of the overall growth of spam on the net.
I've been tracking my spam volume in the form above since 10 April 2002. One of these days I need to write up an article on how this is evidence of the expansion of spam.
One encouraging factoid: The rate of spam volume growth, at least for my little cesspool, seems to be slowing, at least as compared to what I saw during the last half of 2002. I don't know whether this is a real slowing, or just more filtering going on upstream from me, however....
P.S. -- 15 spams arrived between the time I pasted the listing from pine and my hitting preview a few seconds ago. :(
Let see here....
if we have 1 billion spams per day, at roughly 5kb per message, this equals to almost 5TB of wasted bandwidth. This is only what is caught. Now with this we can start estimating the costs per day for dealing with spam.
Lets consider bandwidth cost $1 per GB, AOL being as large as they are may be able to make that less. At that cost it is $5000 per day. This does not include the cost for extra equiptment to deal with the extra bandwidth, for people to write anti-spam software, etc. i'm going to estimate that it cost AOL over $10000 per day because of spam. or over 3.5 million in one year.
In America we are imprisoned by our fear of them.
Do you really have no idea how much of a nightmare it would be to try to implement a whitelist of everyone who wants to send legitimate mail to an aol.com address? How big a holding queue do you suppose you'd need? Do you know how much legitimate mail is sent by automated systems? I can't imagine the tech support calls this would generate.
Besides, if you tried to implement a whitelist for all of AOL, the spammers would get around it pretty quickly - just sign up for a free trial, send yourself spam, add the spam to the whitelist, and away you go. It would have to be per-user to be meaningful, and if they implemented it, it would just mean most AOL users would start using Hotmail or Yahoo instead, as I'm sure many do already.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Straying a bit offtopic, but I suffer way more from being sent email viruses than I ever have from spam. I might see 1 spam (maybe 1k - 20k bytes) every couple of days, whereas I get anything from 20 to 100 copies of Klez or Yaha, at 45k - 188k bytes each per day.
AFAICT, all those came from the fact that I made the mistake of listing my real email address when I uploaded a Winamp skin. It was up for less than a week in December, and I'm still getting viruses now. The hotmail one I put up to replace it (only ever used for that Winamp skin) gets a similar level.
Registering accounts later than some other chrisb since 1997
I am AOL user since 1992 and I never lost any messages; except when I (twice actually) did not pay attention setting the exlusion filters.
What AOL really needs to do is:
1) allow more than 100 entries in the exlusion list (500 would be more reasonable)
2) perform more checking that the email header is really correct (reverse DNS etc). How can it be that spam is injected into the AOL gateway when clearly the FROM address is bogus?
I receive about 500 spam mails per month into my account; 20 real messages. More than 20 juk mails for every real message. I spend way too much time clicking the DELETE button!
I have to admit I think what AOL is doing is correct and slashdot does not speak with one voice. Hell from my point of view block all of them but don't just block it for AOL find a way to keep it from being sent to help the entire world. I have no problem with blocking spam even if you catch some real email in it unintentionally. I get thousands of messages a day and if I lose 5% of my real messages to wipe out 95% of the spam then that is something I am willing to do. Spam just costs way too much to deal with.
Computer modeling for biotech drug manufacturing is HARD!
Spam became a huge problem here roughly a year ago, and it started taking up too much employee time. So roughly six months ago, we started using Spam Assassin. In that six months, Spam assassin has caught roughly 90% of the spam we get, totalling well over 500,000 spam mails.
Am I crazy, or is 1/2 million spams for only 7 people in less than six months absolutely insane or what? How can anyone argue that these spammers are running legitamite businesses?
I think it's high-time for some legis-fuckin-lation to curb this insanity :)
Sticking feathers up your butt does not make you a chicken - Tyler Durden
If I advertise a silly product to 50 million email addresses, how likely am I to get customers?