Slashdot Mirror
One Third of Email Now Spam
Himanshu writes "The volume of spam received by business has doubled over the last two years and it's going to get worse.
Analysts IDC reckons that spam represented 32 per cent of all email sent on an average day in North America in 2003, doubling from 2001. That figure is less than the 50 per cent or more junk mail statistic commonly cited by email-filtering firms like MessageLabs and Brightmail but it still represents a serious problem,"
One-third of e-mail is spam? But nine out of ten of my e-mails are spam... Nobody loves me. :~(
I get a ton of spam, check out some of my recent spams and a frequency plot. starting from when I began saving and filtering them. Many thanks to Paul Graham for his plan for spam, or I would be buried by 350 spams per day by now. It is only going to get worse! Based upon how many I get, the probability is more like 95% percent of my email is spam.
Then who is getting the other 66.6% of my email?
-------
Support Indy Music. Buy
From the logs of our anti-spam appliance, over the last six weeks or so:
That's right, about 96% of our email is spam, viruses, or otherwise ungood.I'd be delighted if the spam dropped off so it were only 32% of our mail. Think of all the things I could do with that extra bandwidth...
In fairness, the study says they were looking at businesses, and this is at a small ISP, mostly residential customers. But it's a good number to chew on nonetheless.
spam really needs to catch up. I know that over half the snail-mail I get is junk mail...
... another 2/3 to go then our job is done.
Sanford Wallace
I've had the same domain name for around ten years with a catch all email acount. 1 in 3 is nothing, for me its closer to 99 out of 100.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
... that 1/3 of email is *not* spam. Where do they get these figures from? Is there a computer that tallies all the spam up, and if so, why can't it just kill the spam along the way?
One third of my regular mail is junk mail, and it's been that way ever since I can remember. Why should email be any different?
It's about time it started going down.
"After I received 80,730 different emails trying to sell viagra, I started to wonder: How many different ways are there to spell Viagra?"
http://cockeyed.com/lessons/viagra/viagra.html
I think that they goofed. 1/3 of it is virus infected, another 1/3 is spam, and the remaining 1/3 are jokes from people that you barely know that are not that funny.
Though he seems to get most of the spam in the company. (Thankfully, the rest of us aren't as plagued.)
Anyone know a good challenge/response program that works with Exchange? (And before you suggest a free alternative, he refuses to migrate, so I have to work with what he wants.)
libertarianswag.com
I get about 2500 spams a week to my work address, and I can't change my work email. It's on my business cards, and as a DB geek they won't get me new ones :(
Because of the extreme amount of spam that I get, my Bayesian spam filters are pretty strict. I lose valid email all the time!!!
Why just this morning, I came in and was going through my spam folder, and found that my good friend Gooshot Moneyface has been trying to get in touch with me! I was wondering why I hadn't heard from her for so long.
Why should I argue rationally with someone being irrational? I'll just mock them instead.
According to this article the problem is worse
"A diplomat is a man who always remembers a woman's birthday but never remembers her age." -Robert Frost
I'd like to have a statistic on how much of that spam is do to worms relaying themselves from infected networks. 80% of the spam I now filter has a worm or trojan attached. I rarely get the marketing spam anymore.
As more spam gets sent, the rate of response to spam will decrease. Which means spammers have to send EVEN MORE spam emails to get the same return on investment that they did a few weeks before.
I'm surprised it took this long for the ratio of spam to real to reach the level it has.
So things are better than the last time slashdot ran this story?
I doubt it.
-Colin
OK, so some I can understand, like how to make millions of dollars by investing in some guy in Nigeria. Or increase the size of your sexual organs (though I'm disturbed by the ones that state "I went from 2" to 6"!" I mean, my 2 year old son is 2", you know? What of freaks are in these testimonials?)
But the ones I really don't understand are the "stop spam with this email!" It's like the phone company selling you caller-ID systems that block unlisted or telemarketers numbers - then sell the telemarketers systems to get through those.
That would never happen, right?
52 Weeks, 52 Religions with John Hummel
anyone know how these stats compare with standard mail?
Comment removed based on user account deletion
Here's my idea that I don't have any capital for:
Run an Internet backbone that lets all traffic through except for mail. Nope, sorry, we can't transfer mail packets over. You'll have to use some other company.
Okay, so it won't make me tons of money, but think of how stress-free the support staff will be. Or maybe not.
Comment removed based on user account deletion
I heard about it here on /. and installed it the same day. At first it marked ALL my mail as spam because I'm on a few list servers, but the adaptive learning function of it is getting much better. After I "unlearned" my list mails as spam, it'd still let about 60% of spam through. Now it gets about 40 out of the 42 spams I get a day. I don't mind deleting two (or hitting "j" for junk), and recent searches through the junk folder show no false positives.
Check it out...
If spam is costing corporations millions every year, there is a HUGE opportunity for arbitrage between the amount spam costs them and the amount one could charge for a, effective spam filter.
Yes, yes, I know about baysian filters etc, but no current solution is near 99.9% perfect.
I presume the problem is that a solution requires cooperation among a lot of people (ISPs, advertisers, users) who are not naturally likely to work together, and for whom as individuals there is not a significant gain from blocking spam. It's a bit like litter: few people like it, but lots of people drop it, and everyone has to live with it.
See
Happy Spamiversary!
Celebrating Spam's Ten-Year Anniversary
U.S. is World Leader in Spam
This is by no means a good list of all the spam stories that have hit slashdot, just a list of the ones that seem to have no point, are glaringly obvoius, or are redundant.
Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
Filtering doesn't mitigate the problem.
So what if I don't have to see the mail? That doesn't mean my mailserver isn't using cycles to talk to some originating server, transfer, store and eventually delete that spam. The only saving grace is I don't have to pay for bandwidth on a usage basis (cable modem is still, happily, "flat rate").
But what happens if that volume gets to be high enough that it starts to affect my ability to use the bandwidth for other things?
What we have available are basically work-arounds; we need a concrete solution that addresses the basic problem.
So what is the problem? People soliciting without you opting in? Deceitful mail designed to make you open it thinking it is from a friend? The sheer volume?
The real problem is we haven't found an effective way to trace this crap back to the people supposedly "making money" with these schemes.
Solve *that* issue... put a name, address, and bank account to that spam, and we'll clean this stuff up in a hurry!
Diplomacy is the art of saying, "Nice doggie!" until you can find a rock.
Deletes every third email. No mess, no fuss.
Internet providers need to configure their mailservers to accept e-mail from authenticated servers and hosts only.
Finally, digitally-signed messages should become the norm, not the exception, where it's easy for Joe Newbie to check the signature against known databases.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
where do they get their numbers... I have been working closely with my isp and thy are seeing 80% to 90% of the email they get throught their mail server as know spam/spam-bounce traffic, this they round-file immediately, in the 10% left over, we the users still recieve spam, albeit not in the MASS QUANTITIES as before, eh Beldar.
A computer once beat me at chess, but it was no match for me at kick boxing. Emo Philips
The CIO of the company I just left always claimed that sooner or later, all professional email correspondence will take place by allowing recognized correspondence as opposed to blocking known spammers. Presumably, a person would have to go through some process to request the ability to communicate via email with someone within another company.
I don't claim to know everything, but this seems a bit far-fetched to me. Not to mention crippling a technology that has the potential to be an effective collaboration tool. I'd be interested to hear what you folks think, though.
My sig sucks.
I am really tired of all our calls for spam protection, whether it be through an ISP, the government, or anyone else. In my experience, companies and groups that try to filter spam unwittingly filter out true messages that were important to their clients. With increasing volumes of spam and more clever spammers, this problem is just going to get worse. On the other hand, when I set up my own filters, I manage to collect all of my spam into the same place, which I can then glance through to check for an important (missed) email. As much as I don't like spam, I want to be the one charged with protecting myself from it. As much as people dislike spam, to the best of my knowledge, at least, it isn't breaking any laws (and should even be protected under the first amendment here in the States). Caveat emptor, I say. We ought to protect ourselves.
Live free or die
For those who are thinking that 32 percent is a low number, note that the original post says, "...spam received by business". This actually makes some sence since business email throughput will be a lot higher than personal email throughput. For example, I typically send/receive around 3 legit emails per day from home, but I that number jumps to around 10 emails at work. If each address receives the same amount of spam, the business address will show a significantly lower percentage.
My mail provider is Yahoo. Boo all you want but I do have to say that Yahoo does a superb job in spam filtering. It is a very rare spam that gets past their filtering. I have quit looking at my bulk mail folder when on the webmail interface anymore because I have seen virtually no false positives there either.
On my home systems I NEVER see the spam at all. I have postfix, procmail, and spamassassin setup to handle it and handle it they do. First off, procmail directs ANY email that has the Yahoo X-filtered-bulk header in it to /dev/null. Anything that gets past this is handled by one of several handy procmail recipes and gets /dev/nulled. Anything that gets past that is handled by spamassassin and gets /dev/nulled. I might see 1 or 2 spams a month, TOPS, that manage to run the entire gauntlet...but then doing "sa-learn" on it brings those particular guys to the /dev/null world.
My wife gets dozens of spams a day at her job, where the network nazis require her to use outlook and wont allow her to install any personal filtering software ala spamassassin. They tell her "Sorry, we feel your pain but we are doing our 'best' to handle spam..." I encourage her to get a laptop to take to work upon which I would install linux for her AND set it up so that she rarely ever gets any spams ever again. When she gets tired of penis enlargement or breast enlargement messages to delete she may take me up on the offer.
On spam filtering, does Snotmail not do something similar to Yahoo with its bulkmail/spam filtering?
In Bushworld, they struggle to keep church and state separate in Iraq as they increasingly merge the two in America.
Comment removed based on user account deletion
to get that much spam???
I tried to get as much spam as possible in order to test spamassassin. I posted my email address on usenet and on all porn sites i've found. I have also tried installing spyware and toolbars. Internet explorer now crash on all sites but no spam so far.
Now, i resort to post my address on slashdot
sm@bigserver.hopto.org
It does eight (yes, eight) tests on the subjects of every message. I havent even added body checking yet, and it catches most spam. I even tried replacing these 8 tests with the SpamAssassin engine and found that it was less good at detecting spam mails. The tests are so simple:
The blacklist is checked after first collapsing spaced-out words like "V I A G R A" and removing the above-mentioned obvious obfuscation. It's regex-based and contains the typical stuff like "meds" "medication" etc, but also a test for a subject that ends in 3 or more spaces followed by a string of random consonants.
When it detects SPAM, it simply changes the subject line to indicate that the message is spam.
In addition to spam-checking, it also removes all HTML mark-up (removes the tags leaving plaintext behind), deciphers MIMEd messages and recompiles them into multipart/mixed format (so images etc. are attachments) and renames many-extensioned attachments, so girl.jpg.pif becomes girl.pif.
It's still in dev, but it'll be available on baxpace.com in the next week or so for Win32 (as an exe) and UNIX platforms. It's written in Perl.
And one third of Slashdot posts are First Post
Here's what I do: Bitty Browser & Andromeda
If every Linux and Windows machine ran Postfix with CRM114 by default (and with manpages and documentation), this would help. Maybe a new anti-spam Linux distribution is needed. MacOSX ships with Postfix, but not CRM114.
Do you have any idea how many open-relays still exist? Why does SMTP software allow '*' open-relays in the first place? Do you know how many proxy servers are out there on the Internet? How many SOCKS4&5 proxies that just allow any SMTP to be bounced? How many are seemingly closed but available with the CONNECT method? Let's close some of our holes, and prevent software from opening them in the first place.
Also - know your enemy. Why haven't people dissected the software these creeps are using. The majority of spam comes from a program called DarkMailer or DM. Let's reverse engineer this application and figure out how it works, so our defenses can be built around the enemy's weapons and not just generalizations about spam.
Finally, let's set some ethics and procedures about how to deal with spammers. Too many is the case that people just want to beat their heads in with baseball bats or delete all their files on all their computers. This activity is not productive. It's my firm belief that if you take away their tools and educate them, less spam will be out there. You make it a war -- and that's what you'll get. Passion drives creativity and efficiency.
IPv4 allocations for hobbyists? join the ipalloc-l mailing-list! www.operations.net/mailman/listinfo/ipalloc-l
One day I'll simply snap and actually contact a spammer with the following order:
From: my@email.com
To: spammer@email.com
Subject: Order req'uest for >X<@n4x and V1agro! fxfj aspll cps
Dea'r Si:rs,
I w.ould l1ke t0 pl@ce 4n 0rder for tw0 p.ortions of Xa:n:aX' and v_i_a_g_r_a. P13aS.e sh1p im:medi`ate1y, 1 h@ve an><1ety and ne:ed a -bo-ner-
Y0urs s.incerel'y
S@vvy 1nvest0r
akdf k- dfks. dfk v9iew casoji ropdfk hork
aso, ckdo ofgkf opwerk- mmos odkaok s
w eofk, eoro gksod bz o-
I DON'T LIKE SPAM!
Join the Free Software Foundation
Their stats don't line up with mine -- the only thing I do agree with is that it is getting worse. It continuously has since March of last year it seems. Back then my base was about 500 a day THEN. Today it's much different, but let's digest some numbers.
:).
:)
:) yesterday alone (a typical day). This includes the harvested messages -- which now puts the email traffic at almost 98% being generated by spam.
... you do know me, right? :). Yesterday's already blocked address' attempting to send even MORE spam in was 2,251 for a total of 2 email address' which may send/get 6 emails in the same time frame. Now we're at 99.7% of the potential email traffic was all generated by spam. .3% was real.
Forgetting work -- let's just look at my home domain. Hosting my wife and myself I'll look at my email alone. In the last week we've sent/received 42 legit emails. That's about 6 a day between the two of us. In the same week the average _daily_ traffic looks like this:
I'll start by saying that actual junk mail that may make it to the Inbox in front of me is maybe 1 a week. I find even that annoying. Yesterday, an average day -- there were 109 messages harvested by spam sucking address'. Our daily average [last typical week] at home was 6 emails (sometimes less, sometimes more
By my numbers that is almost 95% of my email traffic which is simply not wanted, nor allowed.
There were also a total of 291 subnets blocked (for various other noticeable offenses
Of course, once blocked there's a URL sent back (-0- lookups in the same time frame) which tells you what to do (email a unblocking address or pickup the phone and call me
They're numbers, well -- just don't jive with my real life experiences.
I realize that it's only an option on si20. I'm complaining about the general concept of authentication, and the selfishness of the people who choose to use it... Not si20.
While we've surely all seen enough spam, this is about the most thorough bit of spam I've seen in a long time. And its short - way more crap per line than usual.
Not only is it spam, it claims to be consistent with the CAN-SPAM act. How wonderful is that?
It has the usual set of junk words intended to try to disguise itself from the normal anti-spam software. And it has the usual image to load that contains my email address so it will know I visited there. And it encourages me to send it to all my friends. And it has the usual "visit here to get off our list".
Even better, if you go to their web page you'll find a pointer to a page where they say "It has come to our attention that ..." spammers are advertising their product, and you can complain by filling in a form. And, of course, giving them your email address! For those who are amused by such things, look at the source - its obfuscated to the point of absurdity and does not seem to like running under mozilla.
See my journal for more info, including the source of the mail, the urls involved and a decoding of their web page.
... is if they count the volume of "intranet" mail.
Corporations deal piles of mail on the inside, that never gets out to the genpop: HR crap, memos, meeting notices, etc. etc.
Customer relationships also generate piles of e-mail, but that should be visible to your average slashdotter who buys stuff.
I wonder if they're counting automated, machine-read e-mails such as SEC filings and other things that humans never read?
Design for Use, not Construction!
I spoke with IDC for a short article I'm writing on this release for InformationWeek. The difference between IDC's figures (32%) and those of anti-spam vendors like Brightmail (63%) comes from the sample. IDC's sample included internal corporate mail sent by respondents to each other. As might be expected, mail sent from employee to employee tends to include fewer mentions of Viagra. Brightmail's statistics are based on mail traversing the Net.
This message contains no text. Surprisingly, all the contents of the message has fit into the subject line. Clicking at a subject line with (n/t) for 'no text' brought you to read this incoherent drivel. Thank you for participating.
If programs would be read like poetry, most programmers would be Vogons.
We are using a new product called GWGuardian that we spotted at Brainshare. On average I was recieving somewhere in the range of 1500+ SPAM messages a week. With the GWG I have had 1 Spam mail make it into my inbox. Have to love it.
I doubt it'll keep spammers at bay forever, so I really should start looking into some more spammer hostile things I can do to my mail server. Worst case, I can always shut the damned thing down. I was ready to do that anyway. If the service is useless to me (Because filtering spam takes so long that I don't have time for anything else) why should I bother running it?
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
While the economics of email favor spam, spam will flourish. It's as simple as that.
To get rid of spam, we need to change the economics of email.
However, most systems proposed are too simple in that they serve to make a lot of the legitimate purposes of email too expensive, Maillists being a primary one, as well as mail from new potential customers.
Essentially, we can arrange email into a grid of Expected or Unexpected vs Desired or Undesired. We need a way to freely receive all Desired mail whether it is Expected or not, while making it expensive for mail that is both Unexpected and Undesired.
To address this, I believe a system where the promise of payment is encoded into the delivery may solve the problem. Note that the promise of payment doesn't mean that payment will be necessarily be required. However, having the promise encoded into the email does require that it be possible to place a charge on that email by the recipient. This would require verification at intermediate servers that the mail came from a known system that allows payment to be made before relaying it on.
Legit users send out so few emails that they could easily send out mails with promise of payment encoded, companies would not require the payment be made (as what a great way to lose a potential customer) so the status quo is preserved, and friends who they send mail to similarly would not bother requiring payment. Of course, if payment is required (you get into a fight with your friend) it should be a small enough amount (sub-dollar range) that it is not an extreme hardship even then.. provided you're only getting charged for one or two.
Mail-lists could be sent without the promise of payment, but since they are typically subscribed to directly, it becomes very easy to implement a white-listing solution for all the lists you're on.
Spam could not be sent using promise of payment -- if it was, the costs would quickly dwarf the profits since it is only the very low cost of email that makes spamming possible. Anybody receiving the spam would simply click the "Require Payment" button or some such, and the spammers credit card would be automatically charged the amount. Assuming only 25% of the recipients are actually able and willing to require payment, since the typical spam run sends out hundreds of thousands of email, the charges mount significantly quickly. Yet if spam was forced to not promise payment, since all legitimate email is using promise of payment, it becomes very easy to whitelist the spam out of existance.
Essentially, the promise of payment system allows unexpected but desired mail to proceed as normal, while unexpected undesired mail incurs a fee. Expected mail can use the standard email system with whitelists, or still use the promise system with no difficulties.
That Jesus Christ guy is getting some terrible lag... it took him 3 days to respawn! -NJ CoolBreeze
I have to assume IDC based its studies on mail filtering reports and technologies using servers that at some point, started deferring SMTP traffic and didn't actually compile complete stats on spam. There's NO WAY the spam-to-legit ratio is 33%. It's more like 85%, especially for any boxes hosting e-mail addresses which may be on file with domain records.
That study is flat-out inaccurate. When they use those lame content-based filtering systems, their mail system slows down so much, they cannot handle all the inbound connections so they never really know how much SMTP traffic they actually get. Spammers hit their lame servers, get deferred, and don't come back. I guess this might be one reason why you might want to use MS Exchange: it's so slow it can't actually process all the spam sent to it, and then you get incomplete figures on mail traffic and spam.
IDC estimates that each worker would spend an average of 10 minutes a day dealing with spam.
That seems a bit low to me. Maybe with content-based filtering in effect. But they should also ask IT managers how much time is wasted per-employee looking for legitimate messages that have been held up by the inbound mail filtering/flagging systems that erroneously trap legitimate mail. I bet that figure is much higher.
RBLs work. Content-based filtering doesn't. This whole study is basically a shill for promoting more ineffective "strip-searching" of e-mail content as a "solution" [sic] to the spam problem.
Nonsense. Even setting aside the obvious frauds contraband offers, unauthorized use of trademarks, etc. found in 99+% of spam, it is a violation of property rights. The First Amendment does not protect spamming any more than it protects grafitti vandalism.
At most, the law might reasonably tolerate spam if it evidences no attempt to evade filtering -- no forged headers, no "v1agra" munges, no misleading subject lines, no nothing. The use of such techniques creates a "bright line" between spamming and legitimate bulk e-mail, because it constitutes prima facie evidence of intent to intrude without permission (and, indeed, against an express prohibition).
Bottom Line: The computer-cracking laws ought to be clarified so that the evasion or spoofing of a spam filter is treated just like the evasion or spoofing of a password prompt.
/. If the government wants us to respect the law, it should set a better example.
One way to reduce this ratio would be to send more legitimate email. C'mon, get sendin'!
:)
Two further points.
1) Lots of comments are talking about how much spam they _receive_, this article was talking abut how much spam is _sent_. Naturally since spam is sent in huge numbers from few originators but most people don't send any spam, there's a greater ratio of spam received per user than sent.
2) Many comments say spam is easy to block, but then talk about blocking spam to only a small population or just a few accounts. The genuine email expected by one company that e.g. supplies bathroom fittings will be easier to avoid blocking than a huge diverse population e.g. a University, where people work in many different areas on lots of different projects.
When spam blocking, avoiding false positives (blocking genuine email) is key.
Environmentalism is the new Victorianism. Everyone ties on a green corset and pretends we're virtuous.
Can anyone suggest a decent, doesn't have to be perfect, server side anti-spam filter?
/etc/access file such as: "connect:218 REJECT" will knock off about 200-5000 spams per day utilizing minimal system resources).
2 ,210,211,213,217,218,219,220,221 and you'll stop a TON of spam from a lot of foreign countries you likely never communicate with.
Don't waste your time implementing a content-based filter. The best solution is to incorporate a real-time spam relay blacklist. I recommend bl.spamcop.net. It's very effective and accurate with an extremely low legit mail blocking rate.
RBLs are great because they refuse spammer connections before the mail even gets delivered, so you don't waste bandwidth and system resources downloading spam crap and trying to interpret the contents. RBLs respect the sanctity of the e-mail message as a private communication medium and penalize those ISPs which allow spammers to operate.
If you're using Sendmail, you can also hard-code some of the IP regions where tons of spam is originating (signal-to-noise ratio for most people on the Chinese IP blocks is 0% so why allow them to hit your server in the first place? A few lines in your
Personally, if you want to get aggressive, block the following Class As: 61,80,81,82,83,142,164,193,194,195,196,200,201,20
Set up a web-based e-mail form and put a link to it in your Sendmail access configuration so that if any legit mail gets bounced, they can redirect to a web page to contact you in the [unlikely] event they were inappropriately blocked.
So, I'm thinking - those people who actually respond to spam? We should host an awards show for them - called "Too dumb to Live". We give them a chance to give their speeches and thank their whatevers, and then, when they leave the stage to go to the "press interviews", we can just dispatch them in some nice, efficient manner.
We should ALL do something to make the world a better place to live, ya know...
I really do think they means One-Third of Mail NOT Spam. I've read a dozen reports in the past year that said that half of all the email was spam. I know it's not decreasing. 2.5 years ago half of the email coming into a provider I contract with was getting rejected as spam. Now that number is even higher. 1/3 my foot. 3/4 is more like it.
Maybe total, I guess, but for me, so far today I've got 58 spam, and 25 real mail. That's about 2/3 spam.
If you're lucky enough to get a valid email address, feed it in to your other spam (using their handy verify^H^H^H^H^H^Hunsubscribe link). Also useful for abuse/postmasters who do nothing.
Seriously though, nothing will happen as long as China (and a few other countries) don't care. A spammer recently picked up my cable address (which I don't use), and hits me 2-3 times a day. I've traced it back to china, contacted the appropriate admins, and received a "abuse mailbox full" bounce.
I use Macs to up my productivity, so up yours Microsoft!
Seriously- if you think about it, spam may be our last hope for privacy on the net. The more legal measures we put against spammers, the more freedom we lose ourselves. So why not just accept spam as a fact of life and find some useful purpose for it, like camoflage for stego. I know there's several stego programs out there that disguise their transmissions as spam- if we get rid of the spam, no more camoflage. Don't get me wrong, I don't like getting ads for pr0n at work any more than anyone else, but I think there are other ways of dealing with it- without legally screwing ourselves in the end. (pun intended)
DISCLAIMER: This post was not checked for speling and grammar- if you complain- you're a whiner
>>I know, this is against the old rule "never respond to spam, Spamers will pick it up and use it for spamming"
I hear this a lot, like people saying the 'remove' link is to just verify your email address.
I don't think I buy it. I don't think they care or have a reason to care if the address is good or not.
What happens if they don't get a response? They just send more. They don't care if the address is valid or not.
It doesn't cost them any more to send to them, in fact once they have a connection to send spam they don't have any reason to purge the bad addresses. Why spend time doing something that won't save you money?
I really think the 'remove' hits are just ignored, doesn't make any difference if they are valid or not. And, they can always claim they have the 'un-subscribe' that many laws require.
Here is my solution to spam, utilizing a combination of SpamAssassin and Sieve scripting on a FastMail account.
:contains "X-Spam-hits" "MIME_HTML_ONLY" { :contains "subject" "Infected file rejected", header :contains "X-Spam-hits" "FVGT_S_MULTI_OBFU_3", header :contains "X-Spam-hits" "NIGERIAN_BODY", header :contains "X-Spam-hits" "RM_sl_Parens") { :contains ["X-Spam-known-sender"] "yes" { :value "ge" :comparator "i;ascii-numeric" ["X-Spam-score"] ["10"] { :value "ge" :comparator "i;ascii-numeric" ["X-Spam-score"] ["4"] { :over 249K { :contains "X-Spam-known-sender" "yes" {
First, I set my account to scan all incoming e-mail for viruses and trojans. Any e-mail with an infected attachment is automatically deleted. Secondly, I set SpamAssassin to mark any spam with the score 4.1 or higher and move it to a "Junk" folder. Any spam with the score 10 or higher that is sent from anyone who doesn't match my address book is automatically deleted. Any e-mail that is HTML only is rejected and sent back to the sender. Since SpamAssassin doesn't scan e-mail above 249 Kb in size, I have it set to automatically let any e-mail above that size into my Inbox, since it's *most likely* not spam. Then, any e-mail that doesn't meet any or all of the above criteria, but doesn't match any address in my address book, is filtered into a "Gray List" folder, which is periodically reviewed every two-three days or so. Only e-mails that don't meet any or all of the above with e-mail addresses that match my address book are let into my Inbox.
It's a rather complicated system, but it works. For anyone else that uses FastMail (it most likely won't work anywhere else due to FastMail's unique headers), here's my Sieve script -
require ["envelope", "fileinto", "reject", "vacation", "regex", "relational", "comparator-i;ascii-numeric"];
if header
reject "Message bounced by server content filter";
stop;
}
if anyof( header
discard;
stop;
}
if not header
if header
discard;
stop;
}
if header
fileinto "INBOX.Junk";
stop;
}
}
if size
fileinto "Inbox";
} elsif not header
fileinto "INBOX.Gray List";
}
"We are all in the gutter, but some of us are looking at the stars." - Oscar Wilde
If 1/3 of all the email that is SENT is spam then how is it that over 60% of the mail received is spam as reported by BrightMail a few months ago?? Does it have babies as it goes through the routers?? If so is Spam processed out of rabbit meat?
1=2 I'm confused?
Nobody mentionned the magnificent Spamgourmet.com ?
I love this service.
You can create as many disposable email addresses as you want.
Now you can even send mail, and those little critters won't be able to spam you on these addresses.
Hint, hint !: Create a single, specific address for each address you give, and you will be able to see who sold/gave your email.
And it's free (as in beer).
The average percentage of spam here over the past 24 hours was 99.83%. That's an average of 92.65 spams every 5 minutes and 0.16 non-spam messages every five minutes. Internal mail is not included.
----
All of whose base are belong to the what-now?
You sound just like my manager. Just because you personally don't want to talk to someone in Australasia doesn't mean other people your server is serving mail for don't. Whole Class A's and countries is far too coarse. The internet isn't just the United States!
Backups are for wimps. Real men post their data in comments and have slashdot mirror it
I'd say that at least 30% of the physical mail I receive on a typical day is junk mail, which is just the real world version of spam. On some days, it's a lot more than 30% junk.
An interesting point about physical junk mail, by the way, is that it costs money to produce and it costs money to send. And yet, continue to get the same crap day after day. There are a lot of people out there who think that the key to stopping spam is going to be charging the sender for sending mail. But real world experience shows us that it just ain't so... physical mail costs a lot more to produce and send than anyone has proposed charging for e-mail, and we still get plenty of junk mail.
I think the real key is going to be something akin to the national do-not-call list. In fact, it could be an extension of it. You could register an address (street or e-mail) and say that you choose not to receive unsolicited commercial mail. That, combined with better regulations requring accurate sender information, could really help.
My personal mail account stats for the preceding 3 days:
970 total messages
6 of which real emails
964 spam.
My SpamAssassin proxy needs a tweak or an upgrade, it only correctly tagged 750 of the spams.
I'm a good-natured sort, but this pisses me off. If I ever meet a spammer I'll fucking kill his ass dead with a 2x4.
Because Slashdot wasn't when I submitted my site as a newsworthy article some time ago.
In a nutshell, my program, CF13 uses a number of simple, non-mathematic, pattern-matching tests to make it virtually impossible to get English language spam past it. These tests do not require the overhead associated with Bayesian Filtering and its ilk.
I think the key feature to it is to treat as spam all email from unapproved senders that contain more than 'spaces' and alphabetic charaters.
This simple but powerful feature makes it IMPOSSIBLE to conveniently spell email addresses, URLs, postal addresses, prices, and phone numbers. These items are neccessary for e-commerce to take place. Without them, e-commerce is IMPOSSIBLE or at least extremely difficult to conduct. It also treats as spam email containing 'non-ASCII' characters. I have gotten quite a few such emails at another email address I use infrequently--all spam (sales pitches in foreign languages).
As an added benefit, CF13 makes it 100% IMPOSSIBLE to accidentally run malware sent by email provided a particular registry setting has not been compromised. It does this by treating all email and file attachments as 'text files' that can be scanned for malware and handeled safely. Thus, one's PC CANNOT be compromised by a malicious malware HTML webpage or worm/virus/trojan email file attachment.
It also detects 'mailbombing' and handles it a manner that makes it easy to clean up afterwards.
It is probably best to fight spam at the SMTP server level but I have heard it is best to fight spam at the end user level. Both approaches have their advantages and disadvantages so this issue appears to me to be a toss-up for the time being....