Slashdot Mirror
You've Got Spam: AOL Blocks 1/2 Trillion Spam
yohaas writes "Yahoo! News is reporting that AOL blocked more than 500 billion spam messages for its users in 2003. That comes to 40 messages a day per user. The company regularly blocks 75-80% of all incoming mail as spam! The article also lists the top 10 spam phrases for the year, including such come-ons as: 'Viagra online', 'Online pharmacy', 'Get out of debt' and 'Get bigger'."
I know AOL bashing is a treasured hobby of many Slashdotters, but based on those numbers it seems that they're doing a fairly good job at blocking spam. Especially since they're a huge ISP who has to be conservative with their spam blocking techniques.
Instead of sending the mails to the bitbucket AOL should do something about the abuse. They've got the IP addresses of half a trillian zombies and open proxies. Where's the AOL goon squad? They should be kicking down doors, not writing press releases.
if they block 500 billion spam messages if a couple trillion spams are sent around in a year? Despite how large that number sounds, I still see client AOL inboxes stuffed with all sorts of junk, and see this more as a publicity stunt on AOL's part. I read the article, and no where in it does it say how much spam total there was in 2003. 500 billion may sound impressive by itself, but if it's 500 billion blocked out of 50 trillion, it's not such a big deal.
When they started blocking "unknown relays" they dropped a pile of legitimate email
comment directly in my journal
AOL blocks a lot of legitimate email as well, however. If you prefer to run your own email server (for example, about half of all the Linux broadband users on Slashdot) then you cannot send to an AOL user... same goes for SWBell users too I think. Sure they block a lot of email and I can kinda understand their purpose in blocking "dynamic" or "residential" IPs... but that is collateral damage.
If they're blocking that much spam, makes me wonder how much of the mail that was NOT spam is being blocked. Maybe AOL users are not getting all the email they should be getting.
On the other hand, I get spam from AOL and they dont seem to be doing anything about it, maybe they should be concetrating on blocking their outgoing spam too.
=9,765.6 petabytes [I guessed at the average size of a spam email]
I wonder how much that costs AOL?
The spammers are probably just taking some time off around the holidays like everyone else. It'll go back up next week.
Rank Presidents by th
A less deceptive way of phrasing it is that AOL has blocked 500 billion emails from reaching the intended recipients. I doubt very much that this figure takes into account the ridiculous rate of false positives that AOL's rather loose definition of "spam" results in.
Do you think that a bunch of poor people in China are all of a sudden picking up laptops and peddling viagra? It's not the Chinese, it's the same people who have always sent spam. They are just buying their hosting/bandwidth from companies overseas, where regulations are non-existant.
Stop the Slashdot effect! Don't read the articles!
2 major problems
If I can buy a cert, a spamer can buy a cert too.
See x.400 for why this won't work.
Second is that if you can't trust the ISP to do the MX right, then this breaks. How many IPS break their reverse dns lookups? There are too many for me to count.
Remember spamers are good at breaking all the little rules.
I send mail from my mailserver to a couple friends on AOL at least once a week.
Static IP DSL from Speakeasy via Covad. I had them configure rDNS when I heard AOL started their aggressive blocking, but never had a problem before or since having that done.
"...I get a fair amount of spam, but I am not afraid. It is all filtered..."
Good for you.
But the key point about all this spam that you're hiving off into a seperate folder at +9 on the SpamAssassin scale, or that your ISP is bouncing on the basis of blacklists is: You've already paid for it!
Your ISP is paying for the bandwidth, the storage and the processing power to cope with this junk, and as they wish to stay in business and make a profit, they pass the charge right along the food chain to you the paying customer.
It doesn't matter that you and people like you never get to see the spam bar the subject heading - I suspect that you would never buy anything from a spam-supported business even if you had a pistol to your head.
But filtering email is like a Usenet kill-file: Although you might not be seeing the posts, they're still there for others to see. The spammers will continue to get through to those who are naive, gullible, or just plain stupid. People who have no idea how to enable blacklist based blocking at their ISP, or how to use a filter...
And enough of those people will reply to spam to make up the fractional percentage response that makes spam profitable.
T&K.
Political language
they simply want everyone to use AOL. if you cant email your friend on AOL, its your fault, and you gotta use AOL to fix it. maybe one day they will block mail from any non-AOL members. i could see it happening.
http://ipod.fresh27.net/
...those companies would probably prefer to deal with legit businesses. They're still poor, relative to the equivalent American or European, just a little less poor. Moreover, as someone already pointed out, the government's pretty corrupt. Also, let's not forget Nigeria. I seem to remember during the 90's they got a whole bunch of computers and network infrastruction from some well meaning idiots (they don't have food or schoolbooks, but by god they'll have the internet) with predictable results.
It's not that I think people are basically honest, it's just that most would rather not bother with the consequences of shady dealings. I think given the chance, the hosting companies would be happy to tell spammers to shove off, and the local police would be more than happy to enforce laws. That's just not going to happen the way things are right now. Until something changes (I'm holding out for a massive plague and/or war to kill off the surplus population, either that or world peace) you're just treating symptoms of a disease, not the disease itself.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Nor is it any better of a move if done with the approval of management. Each ISP who does it will alienate its own customers -- "You let spam into my mailbox to prove to me that spam is bad? I already knew that, shithead!" -- and will lose customers to those ISPs who do not breach their customers' trust in this fashion.
In short, letting spam in doesn't demonstrate that spam is bad. We already know that spam is bad. All it demonstrates is that you are willing to hurt people who trust you in order to make a point. That's called being an asshole. And that is why this "protest" has been shot down time and again.
hasn't anyone noticed that the spam is comming mostly from countries that have a technology infrastruction combined with lots of really poor people (China, India, etc.)?
Apparently, you have no idea of what you are talking about. Poor people in India and China do not have access to the infrastructure to spam. And, more importantly they do not know what is spam, viagra, bigger, etc. They are busy worrying about their next meal.
Of course, I understand and empathize with your feeling. That does not make you any less wrong. The danger of well meaning but completely wrong people can never be underestimated.
She gets her celebrity news, she can send Instant Messages to her friends, she can send email to my wife and her brother but usually can't remember how to send it to me, it's less passive than TV, and it lets her be lots more social, and after she retired she was starting to feel pretty isolated, especially since she's not all that mobile. So it's a good thing, and she's sufficiently immune to saccharin overdoses that she misses all those online greeting cards people used to send.
Would I recommend it for my side of the family? Not a chance! My mother hasn't replaced the MacOS 7.x 68030 Macintosh she and Dad used (he died about five years ago), but it does email, browsing, and letter-writing just fine, and she's perfectly willing to try new technology if there's a good reason for it, and she's got a small local ISP that can actually have a live intelligent human being answer questions if she needs support, plus my sister lives nearby and can go kick the printer a few extra times if it's stubborn. She did get a bigger monitor and had my sister set the thing to the biggest print should could run, though - much easier on real machines than AOL. My younger brother eventually got something with modern graphics on it, so I don't think he's still telnetting to a real computer to do email much any more. My sisters have mostly downgraded from Macs to newer faster Wintel boxes, but that was mostly because their kids needed Games. For the most part, they all use real ISPs, though one sister might be on a cable modem now.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I've done a lot of email work with companies.
It's damaging email. It's hurting business. It costs BILLIONS a year to slow down spam to make mailboxes not entirely useless.
A manager: "I can't see how someone serious about doing business could keep relying on email."
Mail is being discarded (no bounce backs, no trail) all over the place.
Now, when the US House stops blocking spam to their own mailboxes, maybe we'll get some laws with some balls and maybe the FTC, FBI and similar agencies might get the budget and motivation to track down the HUGE amount of spam that is illegal in that it's perpetrating scams or illegal medicines.
We convict the minor players and offer them real prison or they get to appear on the new Fox show:
"Cane the Spammer".
20 whacks. Each whack given by a system admin selected by lottery.
Do it public and demotivate the kiddies willing to blast out some mail for some guy for $500.
Another reason, standard dictionaries suck. Unless you're going to use the equivalent of the Oxford unabridged, dictionaries fall flat for anyone who deals in specialist areas with uncommon words. My wife is in the medical field, which has a dictionary all it's own. And in my case, I get a lot of email dealing with historical issues, which means dealing with unusual spellings and obsolete terminology.
You are quiet correct, as a sysadmin, I know full well just how much money spam costs, and a big chunck of it is not paid for by the spammer. Its paid for by the network that has to pay for the bandwidth that is used to deliver the crap the spammer sends to me, intended for my customers that don't even want the f'ing shit. I have to pay so a spammer can choke my mail server full of crap that will just get deleted. I have to pay for the spammers that employ dictionary attacks to get spam through to any user they can find. Its my bandwidth that suffers so that they can bombard just a few dozen more people with their nonsense ads that no one wants to see. I didn't ask for it, nor did my customers, why the fuck should I have to pay for it then?
And if that is not enough, I can assure you, a great deal of spam is comming in from windows systems that have been infected with some exploit and turned into mail relays. Real Time Blacklists have been a lot less effective over the past few weeks due to spam comming from dsl and cable lines now with a new vigor. Its not just a couple comming from an owned pc, its a couple hundred.
And yet, its still fucking legal! Explain it to me God, explain it to me, I want it explained, Jesus!!!!!!
--Nuintari
slashdot : where an opinion can be wrong.
I do believe that was the point. There is a high degree of correlation between well to do countries and regulations. The regulations do not cause them to be prosperous, prosperity allows them to make such regulations and enforce them.
It *is* the chinese that are allowing said traffic to be routed through them (unless you know of a way to send a message through thier machines without routing it through there). It is not raelly the chinese peoples fault per se, but they do hold some level of responsibility for allowing it to occur.
------- Sorry about the spelling, I suffer from two problems. Dyslexia makes it difficult to spell well, lazy makes it
The solution to this is to strictly enforce some laws we have, like the California law that makes it a criminal offense to accept a credit card number online from a California resident without first disclosing the actual business name and address of the business. If every spammer who violated that law did the required six months in the county jail, we'd have far fewer spammers.
It seems like the latest attack on Bayes-based filters is to throw misspellings and random characters into the message. I'm surprised the major Bayes tools haven't linked to a standard spell-checker and consider really bad spelling a sign of spam...
:)
Well, the statistical module of spamassassin uses both words that are very likely to appear in spam (raising the spam score) and words that are very likely to appear in nonspam (lowering the spam score).
The beauty of the technique is that it is general - you train it with your email & spam. If you get email with obscure words/terminology, it will learn from that.
The biggest problem is if you are a family doctor who does actually deal with breast enlargement, viagara, and all the other things commonly found in spam
The problem with that is that they are CUSTOMERS meaning that they are right most of the time, or at least that is what we tell them.
A lot of our demographic that contacts us for assistance (not our target demo) because they lack knowledge are older folks, and for them AOL is the internet. Give them dial-up networking and Eudora and you'd confuse the hell out of them.
every time slashdot has a story about spam, i again wonder to myself why the world hasn't turned to the obvious solution: a new email standard. i read a comment recently to the effect of "if a given protocol allows cheating, it's a bad protocol". it should be clear to everybody that this technical problem can not be solved with legislation (not that it shouldn't be illegal anyway, but it's folly to expect laws to have any real impact). the world needs an email protocol which is encrypted and authenticated, traceable and secure, and easily combined with whitelist or pay-to-deliver filters.
and China is a big country. I'm sure there are plenty of really nasty slums that still have a network infrastructure in place to transfer data. How else do you suppose the sweatshops coordinate themselves? These countries do big business, shipping billions of items. Near as I can tell, most of that wealth winds up in the hands of a lucky few. If a few of the not-so-lucky rely on spam to make a living, who am I with my nice car, home, and regular meals to say they shouldn't. I'd certainly do the same.
Frankly I don't see the danger (although I do empathize with your feeling; look at the Nigerians). The only thing I'm suggesting is that if the standard of living in these spammer's havens where to improve, it would be tougher for them to do business there (just like it's getting to be in America). I don't pretend to understand the realities of the Chinese economy, but I know this: Fewer desparate people means fewer willing to do dishonest things. The only danger here is that Americans would lose all those cheap consumer goods made in slums and imported from China.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
In storage and transmission costs alone, this is a fortune.
So what do we need? Harsher laws, of course. And stop saying they won't work already. The main spammers are known all we need to do is put, say, the top-50 away for life.
Sounds harsh? I don't think so. Spammers are committing a very serious, evil crime: Stealing from the commons.
Unfortunately, in our corporate dominated world, where things don't count unless they are property of someone and can be put on a quarterly report, that idea is mostly lost.
That doesn't change the facts. Spammers are stealing from all of us. A single spam mail might be petty theft, but it's petty theft times several million.
The law needs to recognize that spam is destroying a part of society, and adapt the sentences. Fuck fines. Put the notorious spammers away for a few decades, into a prison for serial-rapists and murderers. Make their cases extremely public. Make it clear that now that the top-50 list has been cleaned out, anyone aspiring to take one of those spots has a cell reserved already.
Assorted stuff I do sometimes: Lemuria.org
And yet, its still fucking legal!
Using a virus or a trojan to take over a PC and use it to relay spam is definitley *not* legal in the USA. I really want to see someone tie this to an individual spammer and get the bastard sent up the river..
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Spam is not illegal you say? Since when is sending pornography to children legal? When did it become legal to commit credit card fraud? Just how is it legal to pretend that you're some foreign government official with an "offer you can't refuse" so long as people send their bank info?
The vast majority of spam is very much illegal, always has been! It's not like breaking the law is any more or less illegal just because it's done by spam instead of some other medium.
The real problem here is enforcement. That's the problem in China, as you mentioned above, and it's also the problem in the United States, Canada, Europe and elsewhere. The problem with spam is that it's so big and so difficult to track individual spammers that most law enforcement agencies just don't see the value in it unless the spammer sends something really bad. If a spammer starts sending out lots of adds for child porn, chances are that the cops will bust them. But simply trying to commit credit card fraud seems to not be seen as a sufficiently "evil" act to warrant the sort of international investigation that would be required (and probably for good reason, the cost of such an investigation would be huge with only a limited chance of a conviction).
Unfortunately the sad fact of the matter is that we can't depend on laws and law enforcement agencies to solve the spam problem. Think about it, it's illegal to steal cars, but nearly everyone still locks their car door instead of just hoping that the cops will bust any car thief. When it comes to spam, we've got to use filters (preferably at the ISP level) and hope that the police can at least catch the worst offenders.
Well.. its not amazing, spam grows at leaps and bounds each day that someone new moron thinks they will make money from doing spam, cause the hear about it on TV and online so much. I spoke to a Failed spammer recently and he said " I lost my isp connection, and they never paid me" So that leaves one to think that only the High end guys are probably really making TONS of money off of this anymore, they have the little guy actually doing the mailings. AOL has so many email accounts and allows each user to have so many per account that it is not unbelievavle that they are probably blocking themost if not in the top 5 --Dave http://www.whitehatsystems.com/
It tough times, the abuse desk is one of the first to be cut by short-sighted "logic": It doesn't generate any profit, and when they cut (spammy) customers, it creates a loss.
One line blog. I hear that they're called Twitters now.
Seriously, hasn't anyone noticed that the spam is comming mostly from countries that have a technology infrastruction combined with lots of really poor people (China, India, etc.)? In a lot of those countries life is harsh. It's no wonder people turn to rather unpleasant means to better their standard of living. Sure spamming sucks, but it beats the hell out of 16 hrs/day making Nike shoes in a sweatshop. If you want spam to go away, do something about the general standard of living in the rest of the world.
Yeah, I'm sure that is the excuse that Ralsky uses. You just can't make it in America, he's desperate living in his million dollar home...
You know, criminals will break the law for the quick buck no matter what their income. The only thing a few of them fear is consequences. Spamming is not a crime of the impulsive, it is a planned willful act to disregard the standards of the community. It involves investment, planning, stealth, and usually some outside help (for software) to get going. We have not made the consequences fearful enough, nor do we have the enforcement means under the current laws to change the minds of those who would be affected by reasoning about the consequences.
Even if you multipled the standard of living over there 10 fold, spamming wouldn't stop. You know it, I know it. That's why guys like Ralsky exist.
Freedom is merely privilege extended unless enjoyed by one and all.
A good fourth of the time I can't communicate with AOL users period via email. Whether I use my ISP's server to send it, or the free service I have in Russia.
The free service I have in Russia blocks yahoo all of the time now, doesn't even tell the user who sent it that their mail couldn't be delivered. It just disappears into a blackhole. I'm sure they block others as well. It's pretty rare for me to get spam on that account. Since I know they block people I'm reluctant to use the address as much anymore, even though it's served me well. I change ISP's, but I keep that email address so people I know can get hold of me.
Email is quickly becomming unreliable, which is going to have severe negative effects on Ecommerce if we don't do something about it.
The way AOL is going about it is having negative impacts on other legit senders.
Freedom is merely privilege extended unless enjoyed by one and all.
And yet, its still fucking legal! Explain it to me God, explain it to me, I want it explained, Jesus!!!!!!
no it not legal, it's illegal on so many different levels, that its hard for the Law Enforcement to keep track of it all. Most cops have a hard enough time keeping up with their case load, to bother looking at the big picture once in a while.
I can assure you, a great deal of spam is comming in from windows systems that have been infected with some exploit and turned into mail relays. isn't that computer trespass? doesn't that get some people prison time? Personaly I'd call each 'ploited system a potential terrorist weapon, and I'm sure that the money trail is convoluted enough that somewhere along the line some terrorists, drug-lord or other crime syndicate type gets a cut.
Apocalypse Cancelled, Sorry, No Ticket Refunds