Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spam Doubles, Finding New Ways to Deliver Itself

Posted by CmdrTaco on from the soul-crushing-never-ending dept.

An anonymous reader noted that the times is running a piece on the rise in spam that you might have noticed in your inbox over the last 6 months. Gates promised the end of spam by 2006, but they figure it's doubled in the last few months. And best of all, a huge percentage of spam is now images that circumvent traditional text analysis.

17 of 486 comments (clear)

  1. It's the bottom line, stupid! by Pig+Hogger · · Score: 5, Insightful
    The crux of the problem is the penny-pinching network executives who prefer to run spam sewers where zombies thrive without any supervision.

    Competent sysadmins are expensive, and the idea of, say blocking outbound port 25 would never occur to them, or is brushed-off for stupid reasons.

    The only way out is to exerce pressure on those network owners and the best way to do so is by simply blocking them left and right until they are left with nothing but their huge intranets.

    1. Re:It's the bottom line, stupid! by David+McBride · · Score: 5, Insightful

      My understanding is that botnets, mostly made up of weakly-secured home machines, are the source of the majority of spam. Thus the main problem is not network administrators not taking good care of their networks (which are usually quickly identified and isolated using blocklists), but rather the woefully insecure configuration of home desktop machines out-of-the-box.

      And the blame for that can be squarely placed with Microsoft.

    2. Re:It's the bottom line, stupid! by A+beautiful+mind · · Score: 5, Insightful

      You're essentially correct. Greylisting results confirm what you say. The spam that goes through greylisting is miniscule compared to the amount it blocks, for now. The spam that gets through comes from hacked servers, open relays etc, which are much less common than a compromised windows pc.

      The blame is mostly on MS. Partly in a different way than people think. MS advertises easy to use windows/computers, while that category is fiction. A computer is a complex tool. You can use it easily like you can use a chainsaw easily. The chainsaw eliminating a couple of your fingers is enough deterrent that most people learn to use it properly before that happens.

      A computer is a chainsaw that cuts into someone's finger 2000km away in another country if not used correctly. The user stupidity only causes such big problems because the expectations are out of touch with reality. Computers are not easy to use and can't be made easy to use. Anyone who tells you so lies and sabotages the stability of the Internet.

      What I'm talking about here is the "user stupidity" part of the problems. The Windows security side of the issue is another part of the problems. The "user stupidity" part is grave, because even if someone switches to Linux or BSD or something else than Windows, it is still easy to take over any system with a stupid user's cooperation. The answer is education and readjusting the common thinking about what computers are.

      --
      It takes a man to suffer ignorance and smile
      Be yourself no matter what they say
    3. Re:It's the bottom line, stupid! by Dun+Malg · · Score: 4, Insightful
      Instead we should be going after the money. It doesn't matter if the source of the SPAM is offshore or not. The products they are selling have some sort of presence in the US -- otherwise, why spam Americans?
      The majority of my spam is pump-n'-dump penny stock scamming. There is no product. Just a "wow! this stock is going to take off and go up fifty points! Invest now!" message, and some daytrader jackass somewhere waiting for it to go up half a point so he can sell and make a couple thousand bucks.
      --
      If a job's not worth doing, it's not worth doing right.
    4. Re:It's the bottom line, stupid! by ummit · · Score: 3, Insightful
      So by your logic, we shouldn't need traffic lights, seat belts, air bags, insurance, or speed limits. If people took the time to learn how to drive more carefully, and stopped having stupid accidents, we wouldn't need these safety measures.

      In any case, we've been blaming the "stupid users" for years now, and it hasn't helped. They're still clicking on those easy-to-click executable attachments...

    5. Re:It's the bottom line, stupid! by kalpol · · Score: 4, Insightful

      This is a truth rarely pointed out in discussions of spam. I see many many comments along the lines of "if only losers would stop buying their product, spammers would go away..." No, as long as there is hope, some idiot will pay some spam gang to blow a load of email across the face of the net hoping that he'll get rich quick. There could be zero purchases, and the guy will just give up, but what do the spammers care? They have their money and there's always some new moron out there with a grand scheme.

      --
      12:50 - press return.
  2. Re:ban images? by Shakrai · · Score: 4, Insightful

    Yeah, cuz it's not enough that I can no longer relay e-mail directly from my machine. It's not enough that I now have to have reverse DNS otherwise my e-mail gets rejected. It's not enough that e-mails that aren't SPAM get dropped/flagged. It's not enough that many e-mail providers drop useful attachments and scan so intrusively into them that I need to encrypt them if I want the e-mail delivered.

    Let's take away yet more functionality due to spam! That's a great idea. Seriously, I hate SPAM but the zeal to stop it has ruined many useful features of SMTP.

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.
  3. Re:Picture spam by anotherone · · Score: 3, Insightful

    A huge percentage of legitimate email is random sentences with buzz words and a picture.

    Maybe it would be possible to OCR every image as it comes through but then you'll just have spammers sending you CAPTCHA'd messages.

    --
    Username taken, please choose another one.
  4. Re:ban images? by tomstdenis · · Score: 3, Insightful

    Why not use email for what it was meant for?

    If clients weren't so friendly to "auto show" images this spam would never had existed.

    I too send attachments to folks but usually only source files and/or patches (e.g. really small things).

    I want my email client to read/write messages, not the "web". It's bad that HTML emails exist ...

    Tom

    --
    Someday, I'll have a real sig.
  5. Using Clamav against the images by rutger21 · · Score: 4, Insightful

    Since about two weeks I am using the image-spam repositories of MSRBL, and of Sanesecurity. Using a cron script to fetch the data and keep Clama's database up-to-date works quite well!

  6. Re:Picture spam by spectral · · Score: 3, Insightful

    They already are sending me CAPTCHA'd images.

  7. You don't use authentication? by khasim · · Score: 3, Insightful

    We have people who work from home. But I've set them up with email authentication. They can send anything, from anywhere, to anyone, providing that they have signed on with their username and password.

    You do it differently?

  8. The "spam problem" *IS* largely solved. by wayne · · Score: 3, Insightful

    I know people like to rant about the "spam problem" a lot, but for all practical purposes, the problem has been largely solved for several years now.

    If you run reasonable spam filters, including many open source ones, you will not end up with much spam in your inbox. Yeah, there will be lots of spam still being sent, but the real, significant, cost of spam is really mostly people's time, not machines. Any ISP, company or person who gets "too much spam" is simply being penny wise and pound foolish. The same goes for systems that get too may "false positives", that is, legitimate emails being rejected. Almost all of that is due to trying to run "cheap" spam filters, or buying snake-oil systems. Upgrade your mail servers or switch to someone who runs reasonable spam filters.

    The "spam problem" of today is really the "you can't do anything about spam" problem. Too many people are convinced that you can't stop spam, so you shouldn't try harder. The problem is low expectations. The problem is people cutting corners.

    For email senders having problems getting caught in spam filters, some of this is due to people running bogus spam filters and that is the receiver's problem more than yours. Most of the rest is due to either you not running a standard-compliant mail server on a static IP address that can have a reputation built up for you being a good server, or because you really do send out spam, either due to "bad" customers or backscatter (bogus bounces, challenge/repsonse systems, autoresponders, etc.). Don't be cheap and think you can get away with not running spam filters on your outbound email and catching your "bad" customers. Don't be cheap and spew backscatter. Don't be cheap and say you can't afford to do port 25 blocking of dynamic IP addresses, or not allow customers to configure their reverse DNS.

    The vast majority of knowledgable people in the area of spam do not munge their email addresses. The vast majority do not suffer either lots of spam in their inbox nor lots of false positives.

    --
    SPF support for most open source mail servers can be found at libspf2.
  9. Wrong. by aussersterne · · Score: 4, Insightful

    It's not up to the recipient, it's up to the recipient's service provider; most recipients have no idea what is or isn't happening to their email before they get it.

    And we have lost a tremendous amount of functionality due to SPAM. There was a time not so long ago when I could send to a family member: email with an attached photo, email with an attached document, email sent from my own PC and handled with my own SMTP daemon, email that was only two or three lines long, etc.

    Now all of these are likely to be rejected. Even plain text email sent with a large subscription SMTP server is now getting blocked by some friends and family members' service providers simply because the domain of the address (my personal web domain) is not whitelisted and this hits the SPAM score where it hurts. A phone call is great... unless you were hoping to do one of the many useful things you used to be able to accomplish by sending attachments (i.e. send an article you're working on to a friend to have them read it and mark it up with revisions before sending it back).

    So I suppose your answer is that we should all get an @gmail.com account, have to use it via the Web interface to send plain-text only email with zero attachments that's at least five but no more than twenty sentences long and doesn't use the words "sex," "free," or "mortgage."

    Fine, but don't pretend that email hasn't lost a significant amount of functionality due to SPAM or that these restrictions are being imposed democratically by the consensus of common users. Functionality has indeed been lost and the decisions are made by admins at major email providers trying to save costs and manage the tremendous problem that SPAM has become.

    The proper solution isn't to filter more. The proper solution is the death penalty for SPAMmers. I'm quite serious. We execute far too many blue collar criminals in this world and not nearly enough white collar ones. SPAMmers should be first among these.

    --
    STOP . AMERICA . NOW
  10. WE INVITE YOU TO COME SEE THE 2020 by Serious+Callers+Only · · Score: 4, Insightful

    If everyone turned off images, html and anything else, we'd get text only spam instead.

    The real problem is authentication in email. While mail servers accept email with any arbitrary 'from' address, this problem will persist.

    1. Re:WE INVITE YOU TO COME SEE THE 2020 by Sancho · · Score: 3, Insightful

      But we can easily deal with text-only spam. The problem is that filters don't know how to read the image to detect whether or not it is spam.

  11. Re:ban images? by TheRaven64 · · Score: 3, Insightful

    You could always try sending spams for free penis pills, and sending cyanide capsules to everyone who responds...

    --
    I am TheRaven on Soylent News