Slashdot Mirror


One Third of Email Now Spam

Himanshu writes "The volume of spam received by business has doubled over the last two years and it's going to get worse. Analysts IDC reckons that spam represented 32 per cent of all email sent on an average day in North America in 2003, doubling from 2001. That figure is less than the 50 per cent or more junk mail statistic commonly cited by email-filtering firms like MessageLabs and Brightmail but it still represents a serious problem,"

44 of 431 comments (clear)

  1. Oh no! by Anonymous Coward · · Score: 5, Funny

    One-third of e-mail is spam? But nine out of ten of my e-mails are spam... Nobody loves me. :~(

    1. Re:Oh no! by Mateito · · Score: 5, Funny

      > One-third of e-mail is spam? But nine out of ten
      > of my e-mails are spam... Nobody loves me. :~(

      Post your email address to slashdot, and we will all send you friendly emails.

    2. Re:Oh no! by strictnein · · Score: 4, Funny

      if they had bothered to read the headers to my postings, they would know I'm not running Windows.

      I know when I spam I always check with each person I'm going to spam that the spam I am going to spam them with is full of spam pertains to products they would like to be spammed about.

    3. Re:Oh no! by MoonBuggy · · Score: 5, Informative

      Why has nobody realised yet that it doesn't say 1/3 of email recieved is spam, but that 1/3 of email sent in the US is spam. I'm not suprised at that in the slightest - most spammers don't want to bother with the legal risks involved in sending spam inside the US. Just send it through some open relay wherever you find one or operate from Russia, it's far easier.

    4. Re:Oh no! by interiot · · Score: 4, Informative
      I don't know how many times people need to post this link to slashdot before it becomes boring and common-knowledge, but MOST SPAMMERS OPERATE FROM THE US.

      • (as far as open relays go, I'm sure that spammers have an equal-opportunity policy regarding countries of origin.
      • Statistics show that about 33% of the world's users are in the US, so that might be more likely)

  2. I get tons. 1 in 3 ha! by titaniam · · Score: 5, Interesting

    I get a ton of spam, check out some of my recent spams and a frequency plot. starting from when I began saving and filtering them. Many thanks to Paul Graham for his plan for spam, or I would be buried by 350 spams per day by now. It is only going to get worse! Based upon how many I get, the probability is more like 95% percent of my email is spam.

    1. Re:I get tons. 1 in 3 ha! by spellraiser · · Score: 5, Insightful

      Note that the analysis says that 1/3 of all email sent is spam. This can easily be coincide with many users receiving lots more spam than this.

      For instance, there might be many users which receive a larger slice of the other, legitimate 2/3, thus making up for those who receive less of it.

      --
      I hear there's rumors on the Slashdots
    2. Re:I get tons. 1 in 3 ha! by blamanj · · Score: 4, Interesting

      How about 2 per second? I came home from a vacation this week to find my mailbox quota maxed out due to 2000 copies of a single e-mail from the same spammer. I figured it was a one-time thing, until I checked the following morning and the same thing happened.

      After I deleted them all, I checked every couple of minutes to see them pouring in at nearly two copies per second. Fortunately my ISP was able to block them after I notified them, but who knows how many legitimate mails were bounced while my account was full.

      It's bad enough to get spam, but to have a spammer stuck in an infinite loop on your account is really nasty.

  3. OKay then by schnits0r · · Score: 5, Funny

    Then who is getting the other 66.6% of my email?

  4. Only 32%? ? ? by David+E.+Smith · · Score: 5, Informative
    Only a third? Gosh, I wish I had that little spam...

    From the logs of our anti-spam appliance, over the last six weeks or so:

    Total emails received 27900189
    Blocked (Spamhaus lists) 22450665
    Quarantined (probably spam) 4449044
    Viruses 117518
    Allowed 882962
    That's right, about 96% of our email is spam, viruses, or otherwise ungood.

    I'd be delighted if the spam dropped off so it were only 32% of our mail. Think of all the things I could do with that extra bandwidth...

    In fairness, the study says they were looking at businesses, and this is at a small ISP, mostly residential customers. But it's a good number to chew on nonetheless.

    1. Re:Only 32%? ? ? by hackstraw · · Score: 4, Interesting

      Right now the mail server that I admin, which has only about 7 active users, we catch about 25% spam.

      I've got spamassassin installed, and it does a good job. One thing from the article that reinforces something that I've been thinking about implementing is reducing the time spent dealing with spam. Since I have a good spam filter, I was thinking of deleting the obvious spam, and then delaying the more questionable spam to be spooled until one time a day and then put in the users' mailboxes at one time. That way the user would only have to go through the scan the inbox and delete spam once a day instead of incrementally throughout the day. This will also reduce the "You've go new mail" at all if the only new mail is spam or possibly spam. The only false positives that I've seen have been solicited mass mails like newsletters, and sometimes a mail in the spamassassin mailinglist will get flagged as spam for obvious reasons. Having these false positives mailed with the other questionable spam with a delay would not be a problem.

  5. Well, in that case, by imadork · · Score: 5, Funny

    spam really needs to catch up. I know that over half the snail-mail I get is junk mail...

  6. Almost there... by Anonymous Coward · · Score: 5, Funny


    ... another 2/3 to go then our job is done.

    Sanford Wallace

  7. Bah. by Kenja · · Score: 5, Insightful

    I've had the same domain name for around ten years with a catch all email acount. 1 in 3 is nothing, for me its closer to 99 out of 100.

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
    1. Re:Bah. by Animats · · Score: 5, Informative
      Me too. I'm getting about a thousand spams a day to the default inbox for four domains.

      Filtering is removing about 97% of the spam, but even after filtering, I'm getting more spam than real mail.

      Most of the spam seems to be selling prescription drugs. It's clear the Bush Administration doesn't want to do anything about this; there's plenty of authority for stopping illegal sales of prescription drugs on-line. Prescription drugs are traceable, after all.

  8. Wow! It's down to 1/3? by Anonymous Coward · · Score: 5, Funny

    It's about time it started going down.

  9. 600,426,974,379,824,381,952 ways to spell Viagra by Anonymous Coward · · Score: 5, Funny

    "After I received 80,730 different emails trying to sell viagra, I started to wonder: How many different ways are there to spell Viagra?"

    http://cockeyed.com/lessons/viagra/viagra.html

  10. 1/3 seems very low by theManInTheYellowHat · · Score: 5, Funny

    I think that they goofed. 1/3 of it is virus infected, another 1/3 is spam, and the remaining 1/3 are jokes from people that you barely know that are not that funny.

  11. So bad my spam filters are too strong by reverendG · · Score: 5, Funny

    I get about 2500 spams a week to my work address, and I can't change my work email. It's on my business cards, and as a DB geek they won't get me new ones :(

    Because of the extreme amount of spam that I get, my Bayesian spam filters are pretty strict. I lose valid email all the time!!!

    Why just this morning, I came in and was going through my spam folder, and found that my good friend Gooshot Moneyface has been trying to get in touch with me! I was wondering why I hadn't heard from her for so long.

    --

    Why should I argue rationally with someone being irrational? I'll just mock them instead.
  12. Virus sent spam by Outosync · · Score: 5, Interesting

    I'd like to have a statistic on how much of that spam is do to worms relaying themselves from infected networks. 80% of the spam I now filter has a worm or trojan attached. I rarely get the marketing spam anymore.

  13. expect more of it by lobsterGun · · Score: 4, Interesting


    As more spam gets sent, the rate of response to spam will decrease. Which means spammers have to send EVEN MORE spam emails to get the same return on investment that they did a few weeks before.

    I'm surprised it took this long for the ratio of spam to real to reach the level it has.

  14. Better? by CGP314 · · Score: 5, Interesting

    So things are better than the last time slashdot ran this story?

    I doubt it.


    -Colin

  15. compared with snail mail? by StevenHallman76 · · Score: 4, Interesting

    anyone know how these stats compare with standard mail?

    1. Re:compared with snail mail? by gmhowell · · Score: 5, Funny

      anyone know how these stats compare with standard mail?

      Pretty well. I get nearly 100% spam in my snail mail box. Marked with things like 'Past Due', 'Gomer's Collection Agency', 'We Know Where You Live'. I just chuck it all in the trash.

      --
      Jesus was all right but his disciples were thick and ordinary. -John Lennon
  16. Comment removed by account_deleted · · Score: 4, Informative

    Comment removed based on user account deletion

  17. Thanks to previous raves about Mozilla by JohnnyComeLately · · Score: 5, Informative
    For those who, like me, thought they would have a hard time replacing Outlook Express (*puke*), check out Mozilla Thunderbird.

    I heard about it here on /. and installed it the same day. At first it marked ALL my mail as spam because I'm on a few list servers, but the adaptive learning function of it is getting much better. After I "unlearned" my list mails as spam, it'd still let about 60% of spam through. Now it gets about 40 out of the 42 spams I get a day. I don't mind deleting two (or hitting "j" for junk), and recent searches through the junk folder show no false positives.

    Check it out...

  18. Thank goodness for filters, BUT... by Not_Wiggins · · Score: 5, Insightful

    Filtering doesn't mitigate the problem.

    So what if I don't have to see the mail? That doesn't mean my mailserver isn't using cycles to talk to some originating server, transfer, store and eventually delete that spam. The only saving grace is I don't have to pay for bandwidth on a usage basis (cable modem is still, happily, "flat rate").

    But what happens if that volume gets to be high enough that it starts to affect my ability to use the bandwidth for other things?

    What we have available are basically work-arounds; we need a concrete solution that addresses the basic problem.

    So what is the problem? People soliciting without you opting in? Deceitful mail designed to make you open it thinking it is from a friend? The sheer volume?

    The real problem is we haven't found an effective way to trace this crap back to the people supposedly "making money" with these schemes.

    Solve *that* issue... put a name, address, and bank account to that spam, and we'll clean this stuff up in a hurry!

    --
    Diplomacy is the art of saying, "Nice doggie!" until you can find a rock.
  19. Re:For Our CEO it's more like 98 out of 100... by azadrozny · · Score: 5, Funny

    Funny, here 98% of spam comes FROM our CEO. :)

  20. Re:I don't get some of them by Anonymous Coward · · Score: 4, Funny

    Dear Freak,
    Please stop measuring your son's penis.

    Regards,
    Child Protective Services

  21. New Spam Filter by kelseyj · · Score: 5, Funny

    Deletes every third email. No mess, no fuss.

  22. Re:For Our CEO it's more like 98 out of 100... by stevey · · Score: 5, Informative

    Stick a mail proxy between the internet and Exchange, that way he still gets to keep using Exchange, and you have a simple proxying machine that can do arbitary scanning and filtering.

    You can scan all incoming mail with spamassissin and clamav before it reaches exchange, bounce or drop bad mail and forward "passed" mail into the Exchange server

    You could also hookup a challenge response script there too.

    I do the same thing for a company mail server running Lotus Notes.

  23. My tool by TwistedSpring · · Score: 5, Interesting
    Well, approximately 95% of my e-mail is spam. I hacked together a tool called POPgun that takes a real basic approach to spam checking. None of your Bayesian filters and all that nonsense. It sits transparently between my mail client (which connects to localhost) and my mail server, captures the mails as they come in and rewrites them.

    It does eight (yes, eight) tests on the subjects of every message. I havent even added body checking yet, and it catches most spam. I even tried replacing these 8 tests with the SpamAssassin engine and found that it was less good at detecting spam mails. The tests are so simple:
    1. Is The Subject Capitalized Like A Headline?
    2. Does the subject contain too many non english-alphanumeric characters?
    3. Is the subject a duplicate of another subject in the same POP retrieve job?
    4. Does the subject contain 4 or more spaces anywhere?
    5. Is the subject more THAN HALF CAPITAL LETTERS
    6. Does the mail have no subject at all?
    7. Does the su-bject con+tain obvi!ous obfuscation?
    8. Finally, does the subject hit on the blacklisted words?

    The blacklist is checked after first collapsing spaced-out words like "V I A G R A" and removing the above-mentioned obvious obfuscation. It's regex-based and contains the typical stuff like "meds" "medication" etc, but also a test for a subject that ends in 3 or more spaces followed by a string of random consonants.

    When it detects SPAM, it simply changes the subject line to indicate that the message is spam.

    In addition to spam-checking, it also removes all HTML mark-up (removes the tags leaving plaintext behind), deciphers MIMEd messages and recompiles them into multipart/mixed format (so images etc. are attachments) and renames many-extensioned attachments, so girl.jpg.pif becomes girl.pif.

    It's still in dev, but it'll be available on baxpace.com in the next week or so for Win32 (as an exe) and UNIX platforms. It's written in Perl.
    1. Re:My tool by Anne+Thwacks · · Score: 4, Funny

      Would you like your tool to be longer and harder ;-}

      --
      Sent from my ASR33 using ASCII
  24. And one third of Slashdot posts are First Post by turnstyle · · Score: 5, Funny

    And one third of Slashdot posts are First Post

    --
    Here's what I do: Bitty Browser & Andromeda
  25. I would have guessed much higher by dre23 · · Score: 5, Interesting
    Maybe 99%. More people should be reading all of these documents.

    If every Linux and Windows machine ran Postfix with CRM114 by default (and with manpages and documentation), this would help. Maybe a new anti-spam Linux distribution is needed. MacOSX ships with Postfix, but not CRM114.

    Do you have any idea how many open-relays still exist? Why does SMTP software allow '*' open-relays in the first place? Do you know how many proxy servers are out there on the Internet? How many SOCKS4&5 proxies that just allow any SMTP to be bounced? How many are seemingly closed but available with the CONNECT method? Let's close some of our holes, and prevent software from opening them in the first place.

    Also - know your enemy. Why haven't people dissected the software these creeps are using. The majority of spam comes from a program called DarkMailer or DM. Let's reverse engineer this application and figure out how it works, so our defenses can be built around the enemy's weapons and not just generalizations about spam.

    Finally, let's set some ethics and procedures about how to deal with spammers. Too many is the case that people just want to beat their heads in with baseball bats or delete all their files on all their computers. This activity is not productive. It's my firm belief that if you take away their tools and educate them, less spam will be out there. You make it a war -- and that's what you'll get. Passion drives creativity and efficiency.

    --
    IPv4 allocations for hobbyists? join the ipalloc-l mailing-list! www.operations.net/mailman/listinfo/ipalloc-l
  26. Re:600,426,974,379,824,381,952 ways to spell Viagr by Anonymous Coward · · Score: 5, Funny

    One day I'll simply snap and actually contact a spammer with the following order:

    From: my@email.com
    To: spammer@email.com
    Subject: Order req'uest for >X<@n4x and V1agro! fxfj aspll cps

    Dea'r Si:rs,

    I w.ould l1ke t0 pl@ce 4n 0rder for tw0 p.ortions of Xa:n:aX' and v_i_a_g_r_a. P13aS.e sh1p im:medi`ate1y, 1 h@ve an><1ety and ne:ed a -bo-ner-

    Y0urs s.incerel'y
    S@vvy 1nvest0r

    akdf k- dfks. dfk v9iew casoji ropdfk hork
    aso, ckdo ofgkf opwerk- mmos odkaok s
    w eofk, eoro gksod bz o-

  27. Re:For Our CEO it's more like 98 out of 100... by Nephilium · · Score: 4, Informative

    Ran into this same problem at my company... Tested two different things out:

    Mailwasher - Not a challenge/response like you asked for, but allows you to send bounces back to spam, and delete them off of the server before you donwload them. Can tie into SpamHaus and such.

    ChoiceMail - Challenge response, both single user and enterprise are available. Single user sits on local machine, enterprise ties into Exchange. Can quickly add anyone in your Outlook contact list to the whitelist, and anyone you send an e-mail to can be set to be whitelisted. The challenge message can be customized. Biggest problem with the bounce (at least in my testing) is that the challenge gets rated as spam by my filters. I'm sure if the challenge was tuned up it wouldn't be that big of a problem. And they have a free trial so you can test it for 14 days

    Nephilium

  28. The only way it could be merely 1/3... by unfortunateson · · Score: 4, Insightful

    ... is if they count the volume of "intranet" mail.

    Corporations deal piles of mail on the inside, that never gets out to the genpop: HR crap, memos, meeting notices, etc. etc.

    Customer relationships also generate piles of e-mail, but that should be visible to your average slashdotter who buys stuff.

    I wonder if they're counting automated, machine-read e-mails such as SEC filings and other things that humans never read?

    --
    Design for Use, not Construction!
  29. The Will Pay System by Kwil · · Score: 4, Interesting

    While the economics of email favor spam, spam will flourish. It's as simple as that.

    To get rid of spam, we need to change the economics of email.

    However, most systems proposed are too simple in that they serve to make a lot of the legitimate purposes of email too expensive, Maillists being a primary one, as well as mail from new potential customers.

    Essentially, we can arrange email into a grid of Expected or Unexpected vs Desired or Undesired. We need a way to freely receive all Desired mail whether it is Expected or not, while making it expensive for mail that is both Unexpected and Undesired.

    To address this, I believe a system where the promise of payment is encoded into the delivery may solve the problem. Note that the promise of payment doesn't mean that payment will be necessarily be required. However, having the promise encoded into the email does require that it be possible to place a charge on that email by the recipient. This would require verification at intermediate servers that the mail came from a known system that allows payment to be made before relaying it on.

    Legit users send out so few emails that they could easily send out mails with promise of payment encoded, companies would not require the payment be made (as what a great way to lose a potential customer) so the status quo is preserved, and friends who they send mail to similarly would not bother requiring payment. Of course, if payment is required (you get into a fight with your friend) it should be a small enough amount (sub-dollar range) that it is not an extreme hardship even then.. provided you're only getting charged for one or two.

    Mail-lists could be sent without the promise of payment, but since they are typically subscribed to directly, it becomes very easy to implement a white-listing solution for all the lists you're on.

    Spam could not be sent using promise of payment -- if it was, the costs would quickly dwarf the profits since it is only the very low cost of email that makes spamming possible. Anybody receiving the spam would simply click the "Require Payment" button or some such, and the spammers credit card would be automatically charged the amount. Assuming only 25% of the recipients are actually able and willing to require payment, since the typical spam run sends out hundreds of thousands of email, the charges mount significantly quickly. Yet if spam was forced to not promise payment, since all legitimate email is using promise of payment, it becomes very easy to whitelist the spam out of existance.

    Essentially, the promise of payment system allows unexpected but desired mail to proceed as normal, while unexpected undesired mail incurs a fee. Expected mail can use the standard email system with whitelists, or still use the promise system with no difficulties.

    --

    That Jesus Christ guy is getting some terrible lag... it took him 3 days to respawn! -NJ CoolBreeze

  30. Re:it ain't fair by Steve+B · · Score: 4, Insightful
    As much as people dislike spam, to the best of my knowledge, at least, it isn't breaking any laws (and should even be protected under the first amendment here in the States).

    Nonsense. Even setting aside the obvious frauds contraband offers, unauthorized use of trademarks, etc. found in 99+% of spam, it is a violation of property rights. The First Amendment does not protect spamming any more than it protects grafitti vandalism.

    At most, the law might reasonably tolerate spam if it evidences no attempt to evade filtering -- no forged headers, no "v1agra" munges, no misleading subject lines, no nothing. The use of such techniques creates a "bright line" between spamming and legitimate bulk e-mail, because it constitutes prima facie evidence of intent to intrude without permission (and, indeed, against an express prohibition).

    Bottom Line: The computer-cracking laws ought to be clarified so that the evasion or spoofing of a spam filter is treated just like the evasion or spoofing of a password prompt.

    --
    /. If the government wants us to respect the law, it should set a better example.
  31. Re:I don't get some of them by sindarin2001 · · Score: 4, Funny

    If you were my parental unit and I ever found out that you had broadcast in a public forum the size of my sex organ, I would probably start my teen angst REALLY early.

  32. Re:what about server solutions? by mabu · · Score: 4, Informative

    Can anyone suggest a decent, doesn't have to be perfect, server side anti-spam filter?

    Don't waste your time implementing a content-based filter. The best solution is to incorporate a real-time spam relay blacklist. I recommend bl.spamcop.net. It's very effective and accurate with an extremely low legit mail blocking rate.

    RBLs are great because they refuse spammer connections before the mail even gets delivered, so you don't waste bandwidth and system resources downloading spam crap and trying to interpret the contents. RBLs respect the sanctity of the e-mail message as a private communication medium and penalize those ISPs which allow spammers to operate.

    If you're using Sendmail, you can also hard-code some of the IP regions where tons of spam is originating (signal-to-noise ratio for most people on the Chinese IP blocks is 0% so why allow them to hit your server in the first place? A few lines in your /etc/access file such as: "connect:218 REJECT" will knock off about 200-5000 spams per day utilizing minimal system resources).

    Personally, if you want to get aggressive, block the following Class As: 61,80,81,82,83,142,164,193,194,195,196,200,201,202 ,210,211,213,217,218,219,220,221 and you'll stop a TON of spam from a lot of foreign countries you likely never communicate with.

    Set up a web-based e-mail form and put a link to it in your Sendmail access configuration so that if any legit mail gets bounced, they can redirect to a web page to contact you in the [unlikely] event they were inappropriately blocked.

  33. "Too dumb to Live Awards" by __aagmrb7289 · · Score: 4, Funny

    So, I'm thinking - those people who actually respond to spam? We should host an awards show for them - called "Too dumb to Live". We give them a chance to give their speeches and thank their whatevers, and then, when they leave the stage to go to the "press interviews", we can just dispatch them in some nice, efficient manner.

    We should ALL do something to make the world a better place to live, ya know...

  34. Maybe it's time we embraced spam by netruner · · Score: 4, Interesting

    Seriously- if you think about it, spam may be our last hope for privacy on the net. The more legal measures we put against spammers, the more freedom we lose ourselves. So why not just accept spam as a fact of life and find some useful purpose for it, like camoflage for stego. I know there's several stego programs out there that disguise their transmissions as spam- if we get rid of the spam, no more camoflage. Don't get me wrong, I don't like getting ads for pr0n at work any more than anyone else, but I think there are other ways of dealing with it- without legally screwing ourselves in the end. (pun intended)

    --



    DISCLAIMER: This post was not checked for speling and grammar- if you complain- you're a whiner