Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spam Doubles, Finding New Ways to Deliver Itself

Posted by CmdrTaco on from the soul-crushing-never-ending dept.

An anonymous reader noted that the times is running a piece on the rise in spam that you might have noticed in your inbox over the last 6 months. Gates promised the end of spam by 2006, but they figure it's doubled in the last few months. And best of all, a huge percentage of spam is now images that circumvent traditional text analysis.

9 of 486 comments (clear)

  1. It's the bottom line, stupid! by Pig+Hogger · · Score: 5, Insightful
    The crux of the problem is the penny-pinching network executives who prefer to run spam sewers where zombies thrive without any supervision.

    Competent sysadmins are expensive, and the idea of, say blocking outbound port 25 would never occur to them, or is brushed-off for stupid reasons.

    The only way out is to exerce pressure on those network owners and the best way to do so is by simply blocking them left and right until they are left with nothing but their huge intranets.

    1. Re:It's the bottom line, stupid! by David+McBride · · Score: 5, Insightful

      My understanding is that botnets, mostly made up of weakly-secured home machines, are the source of the majority of spam. Thus the main problem is not network administrators not taking good care of their networks (which are usually quickly identified and isolated using blocklists), but rather the woefully insecure configuration of home desktop machines out-of-the-box.

      And the blame for that can be squarely placed with Microsoft.

    2. Re:It's the bottom line, stupid! by A+beautiful+mind · · Score: 5, Insightful

      You're essentially correct. Greylisting results confirm what you say. The spam that goes through greylisting is miniscule compared to the amount it blocks, for now. The spam that gets through comes from hacked servers, open relays etc, which are much less common than a compromised windows pc.

      The blame is mostly on MS. Partly in a different way than people think. MS advertises easy to use windows/computers, while that category is fiction. A computer is a complex tool. You can use it easily like you can use a chainsaw easily. The chainsaw eliminating a couple of your fingers is enough deterrent that most people learn to use it properly before that happens.

      A computer is a chainsaw that cuts into someone's finger 2000km away in another country if not used correctly. The user stupidity only causes such big problems because the expectations are out of touch with reality. Computers are not easy to use and can't be made easy to use. Anyone who tells you so lies and sabotages the stability of the Internet.

      What I'm talking about here is the "user stupidity" part of the problems. The Windows security side of the issue is another part of the problems. The "user stupidity" part is grave, because even if someone switches to Linux or BSD or something else than Windows, it is still easy to take over any system with a stupid user's cooperation. The answer is education and readjusting the common thinking about what computers are.

      --
      It takes a man to suffer ignorance and smile
      Be yourself no matter what they say
    3. Re:It's the bottom line, stupid! by Dun+Malg · · Score: 4, Insightful
      Instead we should be going after the money. It doesn't matter if the source of the SPAM is offshore or not. The products they are selling have some sort of presence in the US -- otherwise, why spam Americans?
      The majority of my spam is pump-n'-dump penny stock scamming. There is no product. Just a "wow! this stock is going to take off and go up fifty points! Invest now!" message, and some daytrader jackass somewhere waiting for it to go up half a point so he can sell and make a couple thousand bucks.
      --
      If a job's not worth doing, it's not worth doing right.
    4. Re:It's the bottom line, stupid! by kalpol · · Score: 4, Insightful

      This is a truth rarely pointed out in discussions of spam. I see many many comments along the lines of "if only losers would stop buying their product, spammers would go away..." No, as long as there is hope, some idiot will pay some spam gang to blow a load of email across the face of the net hoping that he'll get rich quick. There could be zero purchases, and the guy will just give up, but what do the spammers care? They have their money and there's always some new moron out there with a grand scheme.

      --
      12:50 - press return.
  2. Re:ban images? by Shakrai · · Score: 4, Insightful

    Yeah, cuz it's not enough that I can no longer relay e-mail directly from my machine. It's not enough that I now have to have reverse DNS otherwise my e-mail gets rejected. It's not enough that e-mails that aren't SPAM get dropped/flagged. It's not enough that many e-mail providers drop useful attachments and scan so intrusively into them that I need to encrypt them if I want the e-mail delivered.

    Let's take away yet more functionality due to spam! That's a great idea. Seriously, I hate SPAM but the zeal to stop it has ruined many useful features of SMTP.

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.
  3. Using Clamav against the images by rutger21 · · Score: 4, Insightful

    Since about two weeks I am using the image-spam repositories of MSRBL, and of Sanesecurity. Using a cron script to fetch the data and keep Clama's database up-to-date works quite well!

  4. Wrong. by aussersterne · · Score: 4, Insightful

    It's not up to the recipient, it's up to the recipient's service provider; most recipients have no idea what is or isn't happening to their email before they get it.

    And we have lost a tremendous amount of functionality due to SPAM. There was a time not so long ago when I could send to a family member: email with an attached photo, email with an attached document, email sent from my own PC and handled with my own SMTP daemon, email that was only two or three lines long, etc.

    Now all of these are likely to be rejected. Even plain text email sent with a large subscription SMTP server is now getting blocked by some friends and family members' service providers simply because the domain of the address (my personal web domain) is not whitelisted and this hits the SPAM score where it hurts. A phone call is great... unless you were hoping to do one of the many useful things you used to be able to accomplish by sending attachments (i.e. send an article you're working on to a friend to have them read it and mark it up with revisions before sending it back).

    So I suppose your answer is that we should all get an @gmail.com account, have to use it via the Web interface to send plain-text only email with zero attachments that's at least five but no more than twenty sentences long and doesn't use the words "sex," "free," or "mortgage."

    Fine, but don't pretend that email hasn't lost a significant amount of functionality due to SPAM or that these restrictions are being imposed democratically by the consensus of common users. Functionality has indeed been lost and the decisions are made by admins at major email providers trying to save costs and manage the tremendous problem that SPAM has become.

    The proper solution isn't to filter more. The proper solution is the death penalty for SPAMmers. I'm quite serious. We execute far too many blue collar criminals in this world and not nearly enough white collar ones. SPAMmers should be first among these.

    --
    STOP . AMERICA . NOW
  5. WE INVITE YOU TO COME SEE THE 2020 by Serious+Callers+Only · · Score: 4, Insightful

    If everyone turned off images, html and anything else, we'd get text only spam instead.

    The real problem is authentication in email. While mail servers accept email with any arbitrary 'from' address, this problem will persist.