Slashdot Mirror
Spam Volume Jumps 35% In November
gregleimbeck writes "Spam volume soared another 35% in November, an e-mail security vendor said Thursday, and the month saw spam tactics that reduced the efficiency of traditional anti-spam filters.
'There's been a huge increase in spam volume,' says David Mayer, a product manager at IronPort Systems, 'from 31 billion spams a day on average in October 2005 to 63 billion in October 2006. But in November, we saw two surges that averaged 85 billion messages a day, one from Nov. 13 to 22, the other from Nov. 26 to 28.'"
Maybe it's just me, but my spam volume seems to have jumped at least 200% in recent months.
Are we finally going to reach a point where only trusted addresses can email us? Seems the arms race is being severely lost. I've got a pretty good spamassassin config and I can't keep up anymore, I find myself having to manually delete literally hundreds of messages a day now.
http://www.babysmasher.com
http://www.openingbands.com
If Bush wants to regain some popularity he should consider nuking some of the spammers.
It's not going to stop. It's a multi-billion dollar industry.
It appears to me that the increase is almost all due to a small number of messages swamping us. One advertises the stock symbol PHYA and has no link. The scam is that if you Google for that symbol, there will be a full-width paid ad for a fake broker/analyst site. About 10% of my email for the last couple of weeks (i.e. over 100 of 1000 spams/day) advertises this stock symbol.
If it wasnt bad enough get 10 to 15 stock "tips" via spam a day, in mid-December, i started getting the same stock spam via SMS! Yes, SMS! I got a burst of 6 one morning, then another 5 later in the day. Theres $1.10 of SMS fees courtesy of Cingular. I cancelled my SMS service (which they enable automatically) immediately. Wonder how many people are unknowing getting charged for these messages. Starting January 07, Cingular will start charging 0.15/sms -- perahps a response to record SMS revenues :-) ?
I remember when there was just one... http://groups.google.com/group/rec.autos.antique/b rowse_thread/thread/5a53273717099e12/c43de9e0b0e50 166?lnk=st&q=nike%40indirect.com&rnum=200&hl=en#c4 3de9e0b0e50166
Works great, even though some spams get through they do seem to identify and eliminate quite a bit of spam.
I'm still worried why so much spam recently though. Is there anyone out there who seriously READs this garbage and actually considers sending money to these people? Seems like the problem with spam is only going to get worse and worse until the big email providers can come up with some mechanism to prevent spam that still allows independent non-business email servers to still serve their purpose. I don't see this happening any time soon.
Meet new people, and kill them.
I use (amongst other thing) spamhilator. It's free, and its pretty reliable. The trouble I have is that I *have* to allow everyone to mail me. When you run a business, you *do* occasionally get people guessing your email address from your domain and sending you a potentially vital email. I just can't afford to block emails by default. And anything (like captchas or auto-response systems) that makes it hard for my customers to contact me is just BAD.
I don't see why we are always fighting this problem at the reception end, rather than the source. Spam filters can work quite well, but why are they mostly applied right at the very endpoint of the chain?
I'd be very happy for some basic filtering to take place on my outgoing mail at the ISP level. If it meant the odd automatic email with a captcha saying "are you sure you intended to send this mail?" before a spammy-looking email went out, thats fine with me, and wouldn't that approach cut down on all those twits whose PC's are part of a botnet without them realising it?
Bah, why is firefox suddenly getting me to spell check in American?
DRM-free indie games for the PC and Mac: Positech Games
"Two years from now, spam will be solved" - Bill Gates
Did you ever notice that *nix doesn't even cover Linux?
I'm no MS fan, but I have to admit, a quick bit of maths show that Outlook gets over 95% of my spam. Gotta hand it to them.
Man wird am besten für seine Tugenden bestraft.
Apparently, image spam beats a number of spam filters. But not all. Try another filter. I haven't done an extensive test in the post-image-spam era but OSBF-Lua is the best available filter I know of, and I haven't noticed that it is compromised by image spam. It is free.
Spam has had a tendency to spike around election time for one reason or another.
Not to mention this is the 4th quarter, when everyone and his cousin is trying to
sell holiday gifts. How about some data for the past 6 months?
Non sequitur: Your facts are uncoordinated.
Actually, 95% is pretty aweful. If you can't get to 99% then you are selling yourself short. The tools for identification of spam are very effective these days. 95% is junk.
Well I'd just switch to a white list of e-mail addresses and everything else be damned! Captcha based filtering for application to join my white list if I wanted it too.
Shh.
I don't know of ANY reputable person or business that uses pictures to send email. For some reason email filters (either product or service) let this stuff through.
Why ?
I haven't emptied my spam box on gmail for the heck of seeing how many spams are in the box in the last 30 days. For most of last year it hovered around 2000-2400. Then over a week it doubled. Right now there's 5700+ unread spams in the spam box.
Pretty crazy seeing the growth first hand. It's an interesting metric to have right there to see how bad things are getting. Plus, I'd say there's 2-6 spams in the inbox each day. I guess that's alright, wouldn't mind none though.
J
The great irony of the spam arms race is that the better we get at filtering the spam, the more garbage the spammers send out just to get the same return. You can't stop filtering it, because the mail you want would be buried in a torrent of spam. But filtering more just raises the bar for the next round of spam.
Eventually it may get to the point where (a) email is unusable or (b) spammers have to send such a massive volume of cr@p that it no longer becomes a cheap business, and it ceases to be worth spamming. Until then, things will keep escalating.
#1. Aggressively whitelist - since I have the records of all the email received I can just send my users a list of all the email addresses that have sent mail to them and they can pick out the legitimate addresses.
#2. Block email during SMTP transmission - this is where the whitelists and blacklists come in. Everything else gets greylisted. I also use fake addresses to create my own blacklists.
If something is rejected, my phone number is included on the rejection notice. A person will see it and can call.
#3. Monitor the reject logs to see any names that may be useful (legit and fake). You'd be amazed at how many times the spammer's software trashes an address in a unique enough way that you can use it as a spam trap.
#4. Use anti-virus on anything that makes it this far.
#5. Use SpamAssassin on anything that makes it this far that is not on a whitelist.
These practices won't help so much with a personal account. But they've cut almost eliminated the spam where I work. But we don't sell over the Internet. 90%+ of our email is with the same people at the same mail servers and the same IP addresses every day.
Spam has become such a problem where I work that it has completely flooded the corporate Internet connection. I personally feel they should host an external mail server and spam filter off-site someplace. For my personal server I use various RBLs and country blacklists, like blocking all of China, Korea, Russia, Nigeria and a few other countries. Those seem to block most of the spam from even entering my mail server.
I know people talk about legal solutions not working, but I think if law enforcement made use of existing laws and went after these people it might make a difference. I'd love to see the FTC go after the pump and dump spammers and confiscate everything they own before locking them up, or the food and drug administration go after all the enhancement pill spammers. Also, perhaps a law to fine idiots who buy from these spammers.
Just change the federal law to let some of the state laws take effect, i.e. defeat the Can-spam act.
I think if law enforcement made a good effort to go after these spammers and lock them up then it might make a difference.
-Aaron
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
If for example each spam message was around 1k of info, that's on average 63 tera bytes of info! Using the new Seimans 107gb speed record connection, that would take almost 10 minutes to transfer all that spam! I just wonder how much faster the internet would be without spam.
This looks interesting but it's in a really obscure language. WTF is Lua and why didn't anyone have the foresight to make this into a simpler to use module?
If this was simply written in C you could at least use it in C or port libraries to other languages
Yeah, pretty sneaky. The message is non-spammy text with a spam message in an embedded picture. I block images by default, though, so I all see if a broken image icon.
I think Lua's pretty easy to download & install, but if you want a good filter written in C, try Bogofilter.
And that's why the US Treasury announced a surplus, from all the fines collected from all that spam violating the CAN-SPAM Act. We're funding free WiFi for every American, while exterminating all the spammers!
--
make install -not war
He's got 9 days left!
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
I know there's instant messaging, but I think the way of messaging by e-mail also has its place. Maybe it's time for a standardizing organization to pick up on this with a new "e-mail"-like standard and try get it backed by a lot of software company software. It could be with e.g. HTML, can it be done again, or do the current companies carry too big egos, only believing in their own solutions? There was some hope with both Google and Yahoo using the Domain Keys initiative, but since it's so little supported pretty much everywhere else, it's still a completely useless standard like so many others. :-(
Beware: In C++, your friends can see your privates!
If you don't do business outside the US, filtering by geographic registration for the subnet works wonders. A little hard to set up but once you use the geographically filtered email to train your Bayesian filter, you really get 99.9% or better. Currently getting approx 99.97% accuracy and very little false positives. Pleased as punch.
That's an underestimate.
You have to wonder what drives these idiots sending so much junk?
not really, not since spammers wised up on the spam blockers and have been using embedded images. 99% maybe six months ago or so, but now I'd say 95% isn't bad at all.
I frequently get spam with these kinds of headers, changing slightly every few days -
Irvin Zimmerman Irvin wrote:
Vonda Hoskins Vonda wrote:
Donald Key Me again Key
Kimberly Slater Me again Slater
Marianne Whitney Marianne
Marlon Wilkinson Marlon
Lizzie Longoria it me Lizzie
Odis Lund it me Odis
Ismael Waters Waters message
Russel Huggins Huggins message
. . . you get the idea. there is so much of it that the pattern on your mail app stands right out.
where do these spammers get off thinking nobody would see through their tactics?
regards,
"sorry. no refunds"
With a little effort, it's possible to prevent over 98% of all spam a server gets from ever reaching a user's inbox. And that's with absolutely no false positives. Many of these systems are self-learning, so they get better with time, and with the more mail they filter.
Spoken like someone who hasn't tried to maintain spam filters for a large number of users.
I daresay that Fidelis Assis -- the author -- wanted to spend his time as effectively as he could building the best spam filter he was able. I can't say that he made the wrong choice as his filter is outstanding. He did take the trouble to make it an available open-source project, which allows anybody to repackage it as they see fit.
Spammers are scum. Introduce the death penalty for them - I'll gladly throw the switch, however I would argue a new extra painful method of execution should be devised just for them.
Although there are many very effective antispam techniques, some common methods are worse than the problem they are attempting to solve.
Content filters are code that effectively say "I know spam when I see it." Given that people can't say exactly what spam is, why would they trust code written by humans to do the same. Likewise, blacklists are dangerous. We have a mail list machine that hosts hundreds of thousands of subscribers. A lot of people classify any email they don't want as spam, so we occasionally get blacklisted, because a handful of people weren't expecting something (though many ISP's have whitelisted us).
We deal constantly with people who lose email because they set antispam measures as paranoid as possible (alternatively, their mail admins do this for them without their knowledge). This inevitably intercepts a certain amount of legitimate email. Then they get upset because they presume email is 100% reliable and mission critical communications are getting lost.
Only accepting mail from trusted senders is hopeless unless you already know everyone you need to communicate with. Frankly, anyone who knows everyone who needs to be in touch lives in a pretty closed world......
I notice you didn't consider updates to various MTAs in various distros as a possible vector. There may well be flaws in Vista (which isn't completely new code, btw), but to say that there's (potentially) a huge exploit, which is widely distributed (to so many spammers) but yet has gone completely unnoticed seems exceptionally unlikely.
Or you were just trolling.
someone enlighten me please!
i dont understand why there is so much spam! 90% of the spam i get, EVEN IF I WANTED TO READ IT, i dont understand it!! its just full of crappy stories, spelling mistakes and stupid stuff....
WHAT FOR??
is someone on the other side just getting pleasure in annoying people all over the world? (seems like a bofh story, or dilbert strip)
I'm not so sure what everyone is complaining about. I'm using SpamSieve as a plug in to Mail.app, and it catches just about everything without much in the way of training. Currently, my statistics as of 2006-11-01 say it's 97.1% accurate (with 71% of my total mail volume being spam, but that includes some legitimate marketing mail that I no longer really want, and I'm too lazy to track down the list maintainers), and that number gets higher every day.
On Windows, I'm using either Mozilla Thunderbird (usually), or SpamBayes as a plug-in to Outlook 2003 (when I have to), and I get similar results.
Of course, what we really need to do is rethink the way that the whole email system is designed, just in terms of MTAs that work separately from MDAs, etc. This kind of filtering really needs to take place at what we currently call the MTA level, with a configurable corpus for each user. The filtering should be done before the mail is permanently accepted, so that the impact on storage resources is as minimal as possible. Granted, it still takes a lot of processing power.
Another thing I need to spend some time thinking about is how RFC822 messages are structured in general. I'm just pulling this out of my ass right now, but the fact is that message envelopes are much to easy to spoof. Why have a separate message envelope to route the mail when the addressing information is already supposed to be contained in the headers? With the way spam is going, the message needs to be processed in its entirety in any case, so perhaps the envelope has outlived its usefulness?
I'm sure that it'll go back down to normal levels real soon now. Why heck, it may even withdraw from the Internets.
--
My God! It's full of tubes!
"You'll get nothing, and you'll like it!"
In october and november the volumes have rocketed. There was a weekend alone where I saw over 80000 messages being trashed. At some point procmail was too slow to digest the message as they arrived and I had to install a hook to "help".
Here are my monthly stats for over the last year on my own personal domain, that has the unfortunate privilege to be in every blasted spam file ever.. These are pre-rejected spams, some still pass to the "next level"...
http://oomz.net/spam-monthly.png
The only association I've seen so far between Vista and spam is an insane number of messages offering "discount" copies of the OS.
Wow... Yeah, umm, wow.... What more can one say?
Anti-MS zealot: "The increase in spam is caused by Vista".
MS Fanboy: "Don't be silly - it was obviously the 2.6.18 kernel release that did it".
IT Professional: STFU, both of you.
Fuzzy OCR for Spam Assassin. It does a pretty great job on it.
The spammers are 'self-learning' as well. Spam blocking has the same effect on spam as antibiotics have had on bacteria. Only the spammers who know how to get around the blocking software survive--but they soon multiply. Since everyone has some sort of spam blocker today it is sort of futile. Until we write and enforce laws against spam this problem will only get worse. I'm not saying we ban spam. I suggest something like a nationwide do not email list. Anyone who violates that can be subject to nuclear bombardment.
nt
No need. As I've been saying for several years, only servers really need to have a cert. If every server had a cert and no messages from machines without a cert were accepted, spammers would have to have a cert or would have to send through normal channels through people's ISPs.If they get a cert, you know who and where they are and you can arrest them.
If they don't get a cert and their spam bots go through people's ISPs, you can set up an automated "this is spam" reply mechanism that would stop the spam bots at the source much faster than existing measures, thus making the amount of effort needed to maintain zombie botnets orders of magnitude greater because they'd be going offline after sending a much smaller number of messages and would be affected by email message rate throttling at the ISPs.
Either way, spam becomes much, much harder....
Check out my sci-fi/humor trilogy at PatriotsBooks.
The image spam is the one thing that gets through my (and gmails) spam filtering. I know people are working on OCR solutions, but spammers are already actively avoiding this with all the random dots and lines you see over their stock spam images.
So what I'm wondering, and I'd be interested if anyone on Slashdot knows about or is working on this - surely it wouldn't be too hard to detect the presence of these anti-OCR techniques? The standard way seems to be putting extra lines and edges, and a spotty background to throw OCR recognition off - why not look for those signs in an image, and add to the "Spam" score if this is present?
I got my first ever spam today in 12 years!!!
Content-Type contains "multipart"
or Content-Type contains "text/html"
and not in address book.
What those don't catch, along with a couple filters for non-english, Thunderbirds filters do. Haven't had a false positive yet. It gets all that image spam, and before that, it caught all that HTML. That same logic working in Mail.app.
- Adam L. Beberg - The Cosm Project - http://www.mithral.com/
Something worth pointing out to people who don't want to use gmail, is that you can use gmail as an enterprise grade anti-spam filter for your personal inbox.
Simply forward all of your mail on to gmail, and then either collect it from gmail using POP3, or set gmail to forward it back to a "clean" account on your server that you can pick mail up on. You can set gmail to delete the mail after it forwards it, so you essentially get one of the best anti-spam filters out there, for free.
Of course, what is annoying me is all of the penny stock image spam that gets through most spam filters. It's getting to the point where I really am considering stripping image attachments from messages. See this post further down for a bit more on my thoughts on image spam.
We use Postgrey to filter the spams out.
It works wonderfully even without additional filtering (blacklists, for example.. Which we do still use, though).
Postgrey is a grey-list system por Postfix (for a description on how it works, click here), and there are probably other good greylist filters around.
We've had (like everyone else has) massive amounts of spam going through Spamassassin, our server was down its knees all the time.
Now the machine is typically 95-98 percent idle and the spams we receive (remember I've said we use blacklists aswell) is only the ones which come from our intranet (from hijacked machines we quickly disable when discovered).
That tool saved the day.
Eventually those bastards will have a way around it, but for now it works very well.
He's got 9 days left!
Nine days ought to be enough for anybody.
I suggest that you use a statistical spam filter instead. Training its (few) errors is all-in-all less work and more effective than composing ad hoc rules. Even if you use Spamassassin, just turn the Bayes way up and forget the ad hoc rules. But there are better statistical filters. OSBF-Lua is the best (at least the best available) and Bogofilter is also very good, and more mature.
This is a really easy one. Get 2 email addresses. Make one private, and only give it to people you actually need to be in contact with, and make one public. Use it for posting, signing up, one for everyone else to email you, what not. Use GMail for said public address, and now your SPAM is almost completely redirected to a GMail spam box. Problem solved. It's what I do, I haven't gotten a junk mail in my Thunderbird's junk mail folder in weeks. And I use my public email address all over the place.
:(){
I get an average of 1 untagged spam in my inbox every couple of days. The systems I'm using to block the spam are trapping an average of about 5,000 spams a week that's actually addressed to me personally. Exactly one of those messages has been image spam in the last month.
Those systems are:
milter-greylist
SpamAssassin
SpamHaus and other DNS Blacklists
That's it. Just those three systems in place, and I'm trapping better than 99% of the spam that's getting sent to me. That's with out-of-the-box configurations on milter-greylist, and an SA sensitivity of 2.0. Most of it doesn't even reach my server, as my mailserver is refusing connections from anything in the blacklist, and is only accepting the "RCPT TO" line of any message that doesn't come from a whitelisted server. I could probably cut the amount of spam significantly if I changed the greylist error time to something like 4 hours instead of half an hour, but that would come at the cost of usability: I can't be waiting half a day for an e-mail from somebody I've never heard from before. Maybe on personal e-mail, but it's simply not feasible for business purposes.
I'd still say that 95% is utter crap. You should be able to trap a lot more than that, if your sysadmin knows what he/she is doing.
If you believe everything you read, you'd better not read. - Japanese proverb
I couldnt be bothered setting up SpamAssassin on my server so just forwarded all 100+ emails a day to Gmail where it filters. It was a fast, 0-effort, way to get effective spam prevention. Plus with 2.7gb I dont think I'll run out of legit space anytime soon.
Content-based spam filters can be much more accurate than humans. In particular, they can have lower false positive rates. That is, a good spam filter is less likely to discard good email than a human is to overlook good email in a sea of spam.
I'm not exactly sure how the article supports the title "It's not worth worrying about spam." Does this mean you freely distribute your email address, and you simply sort through all your messages by hand, and you've never overlooked a good email, and you have some way of knowing whether or not this is the case?
If you want to test your own ability to separate spam from good email, visit www.spamorham.org
I use Thunderbird and after about a month of training the filters, it gets about 90% of my spam. The only thing is that if someone who hasn't e-mailed me before e-mails me, it goes to spam. :( It seems to be so strict that it only trusts people I e-mail. At least it figured out which e-mails are REALLY from eBay, PayPal, and Bank of America and which ones aren't. I've learned not to click any links from e-mail but to go straight to the address. Still, I check every single spam message I receive (400 a day or so), just to make sure. It's such a pain. If I ever get my hands on someone who writes the trojans that do all this, I'm going to have to beat their face into a pulp. It's caused me way too much trouble.
Parent does not understand grandparent. The Google ad points to a stock market manipulator, not PHYA.
It's not actually pump-and-dump in this case. It's using social engineering to trick people into looking at an ad they might otherwise not see. I'm sure the Google adword price for PHYA was very low.
Need a Python, C++, Unix, Linux develop
Your right!
I just passed that through Perl and wouldn't you believe it, it created a word processing program. Damn your good.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Maybe the best solution is to stop filtering at all for a bit. Let everyone know just how bad the problem is. This was a technique used in the Usenet community every once in a while to let more people know just how much work is being done behind the scenes.
I propose that we turn off all RBLs and filters for 24 hrs the day before congress sits for the 1st time in the new year.
The real disease is: those vast botnets. Really, it's a scary thought. We are lucky that they only being used for spam and the usual phishing scams and the like - as far as we know! Imagine if the terrorists buy themselves some botnets for some nefarious purpose, or the Chinese or North Korea government corner the market on them to run millions of bots to steal corporate secrets or IDs or who knows what? What I'm saying here is that the large increase in spam should be triggering off alarm bells everywhere. The spam is not the problem - it's the botnets. Why in the world don't responsible world governments unite to put a swift end to this problem? Really - it could be dealt with swiftly and effectively in a hundred different ways that I will up to the imagination of the reader. I am just astonished this hasn't happened. I mean - couldn't our friend and champion of democracy George W. include this in his initiative against terrorism? He would probably have more luck tackling this problem then he is having in Iraq. What if he put that on his agenda - and set loose all his military might along with the help of some coalition of the willing? Perhaps he could salvage what's left of his image? Are you listening Mister Bush?
http://www.magma.ca/~gtaylor/AudioTestFileGen.htmBummer. That means I would have to hit it with a script instead of a mouse to cause them any pain. That would be really hard to do.
= CMeN9bSEpYkCFQdZYQodZiTxOA. I'd have to sleep for a few, possibly random, seconds. Then I'd have to rinse and repeat. Until I walked into the office tomorrow morning, and hit CRTL-C. If a few (hundred) people were to do that, for a few days, it might cost them some serious money.
I'd have to wget or curl http://www.stockmarketenews.com/s/PHYA.html?gclid
But that would be evil. I'd better not do that.
What you do with a computer does not constitute the whole of computing.
I was thinking of using some light side tech (hey, I can't turn to the dark side completely in just 3 months, right?) and setting up a home server with Debian/Sendmail using the guidelines of fighting spam (graylisting and others) laid out at acme dot com. Does anybody know if those work well outside acme? I mean, they obviously do work, but has anyone have any experience to share?
The existing laws are strong enough (once it is officially recognized that "spam tactics that reduce the efficiency of traditional anti-spam filters" are simply another version of computer cracking), if the government simply enforced them often enough to make spamming risky.
/. If the government wants us to respect the law, it should set a better example.
Easy: people like myself who run their own mailserver won't pay for a cert. And if certs are free, every spammer will get one.
The FBI/Interpol ought to advertise spam services and then give out huge prison sentances to people who attempt to hire them. I think it would help people to think twice about hiring a spammer.
This, of course, would not stop the people who are using spam to send "stock tips" for pump and dump schemes or otherwise promoting their own shit, but it might help reduce some spam.
I use the spam filter in Apple's Mail client. It is basically worthless. It blocks many legitimate emails and lets lots of spam through. The filter we have at work on our Exchange server is worse, though. It has marked every legitimate email I have ever received from outside the company and let through about 50% of the spam.
Avoid Missing Ball for High Score
If the messages are the same (or very nearly), the amount of space used drops pretty quickly. In fact, it probably doesn't cost any extra space to the spammer because the only non unique part of the email is the name or the address, and he already had to store that list.
And unfortunately the tracking down idea I think wouldn't be too useful either, as spammers are just using zombie boxes anyway. Maybe a system could be built (with the help of ISPs) that would disconnect boxes that were spamming and in that sense making it easier to find them is a plus, but it will never catch the spammer.
It's a tough game.
Relax I just want some peanuts.
I manually block spammers. I use several RBLs, Spamassassin, and I also get my anti-spam list from a good friend at a major university who hates spam even more than I do. Still, I've seen a big jump in spam. I'm seriously paying attention to this discussion -- something's got to work.
Zhrodague.net - I do projects and stuff too.
Well the FDA can't really do anything because what's being sold are "supplements" that are of course "not designed to treat, diagnose or cure any disease." But... for those who are selling actual products, I would like to see more authorities purchasing the products and then giving american express a call to find out where that money went and then seizing whatever they find there. I don't know how to deal with the pump and dump spam (maybe the FTC) but if someone is accepting credit cards, they should just get hammered. And if we can force them to only use paypal, which would severely impact their bottom line, I think that's a step forward too.
Relax I just want some peanuts.
I'm writing this from my chateau in France. I flew here earlier today from my horse farm in Virginia in my new Gulfstream. Can't believe my good luck: couple of months ago, I discovered this unsolicited stock tip in my email. The stock was cheap and the tip seemed pretty solid, so I invested my life savings in it. And my grandmother's life savings, too; I have her power-of-attorney. The next day, I got nervous. Remembered the old line about if it seems to good to be true, it probably is. So I decided to unload the stock. Damned if the price hadn't gone up 6000 percent! In one day! Incredible! Anyway, I sold it all ... and here I am. Grandma's taking a round-the-world tour in her Gulfstream -- we bought a matched pair.
...that we can't get the IRS to audit the pump-n-dump scammers - I doubt they are reporting their income from these scams. The IRS has got to be good for something.
Remember, Al Capone was finally brought down for tax evasion.
This month's incoming spam is incredibly uniform. A very small number of spammers are generating most of the volume. There's the stock pump and dump guy with the noisy backgrounds. There's the text only stock spammer. There's the pill guy, with the same ad in different formats. Those three are probably generating half the spam on the Internet right now.
What we need is for some of the big mail operators, like Google and AOL, to put a million dollars or so into investigating each one of those annoyances. They may have to hire ex-FBI and ex-SAS people and fly them all over the world, and work the diplomatic circuit when some country needs to be leaned on to get cooperation. But it would be cheaper than adding whole buildings full of servers just to handle the spam.
Spam sucks, but a big part is giving out your email on webforms. My yahoo mail is interesting...it lets you create fake emails at will. But they're tedious to set up. the new firefox has TrashMail plugin which allows u to just right click in an email entry field and say 'Paste disposeable email address' then it puts a bullshit email, which you then get 2 emails from that address forwarded (in 48 hours) and then it deletes itself. It's all so automatic, and you get whatever password you want from the website but nothing else. It's fantastic.
I wish ISPs would cut off home users who send mail beyond some threshold, say 1000/hr. I've been fiddling with mail filters a lot the last couple months, and watching the logs scroll by, it's clearly dynamic IPs that send the bulk of the SPAM.
BTW. Greylisting still works pretty well. Now if only I could figure out how to compile milter-greylist with DNS block list support on my RHEL VPS...
An important feature that is used by the spammers to verify that the email has been sent and read is external
images, if you completely block those they cannot use the servers statistics/unique session id to figure out
which mails worked or didnt.
2. Use those remote image location to flood their session stats and pollute their databases and tell their ISPs to drop them too.
Liberty freedom are no1, not dicks in suits.
Someone please make a virus that blocks port 25 outgoing that is different to the one that is configured in the
outlook/thunderbird / default route to ISP range.
Product Specs.
1. use every method possible
2. once in, update the firewall windows settings and/or other firewall products.
3. Delete self on next reboot.
Liberty freedom are no1, not dicks in suits.
Its one thing to do that, but theres a lot of stupid admins that have no clue
around the world. Yes, their upstream major ISP should terminate their pipe if spam is known to be coming from them
or drop their pipe to 64kbps so they will NOTICE the spam.
Liberty freedom are no1, not dicks in suits.
I'll keep this short and to the point:
The problem isn't that we have too much spam. The solution isn't getting better filtering. The solution is finding an annihilating the problem.
The problem and source of probably 95% of all spam is sent directly from Windows zombies. Prevent Windows computers from turning into zombies. To do anything else is like taking Advil when you have cancer and expecting it to cure you just because it makes a symptom or two much less noticeable.
Either use Linux () or better yet... close the holes like MS has been trying to do for so long.
Lastly, ISPs should block outgoing connections on port 25 if they think that their customers should not be sending mail directly and give them a server to relay through instead. This is better than blindly dropping e-mail they think is spam and leaving sender+receiver to wonder whats going on. ISPs should also be more proactive in notifying their customers of infected computers by looking for port scanning and large volumes of traffic on port 25.
I have also, the last three to six months, seen a skyrocketing of spam (a few per week, to many dozens per day) despite a properly-configured spamassassin. It's almost forcing us to move to gMail, where Those in Power can more easily subpoena ad infinitum records of our our emails... <end theory>
The secret is that I reject all but a few hundred of those 11000 spams in SMTP envelope. Correspondents must have some form of id, currently one of:
- a valid rDNS
- a valid RFC 2822 HELO that resolves to connect IP
- an RFC 4408 sender policy (SPF) with a PASS
If you can't get one of the three right, you should fire your email admin.That gets 3/4 of the garbage. Next, SPF FAIL is rejected, including for HELO. You'd be surprised at how much spam has my own domain for the HELO! For SPF SOFTFAIL, since the sender is requesting debugging info, I send a DSN to the purported sender reporting the SOFTFAIL. For senders with no SPF, I match domains with HELO and rDNS, and look at MX to try to get a match - which is then treated like and SPF pass. For SPF neutral, I do a CBV, and blacklist the sender if it fails.
This reduces the spam from 11000 to several hundred. The content filter is auto trained. A honeypot mailbox provides spam training. Messages from (verified by SPF PASS) senders that users reply to provide ham training. Users have a web interface to the quarantine.
The false positive from content filtering is extrememly low. The biggest problem is VIP correspondents with clueless email admins who are unwilling to educate or fire them. (E.g. one admin insisted I didn't know what I was talking about and "JUPITER" was a valid HELO name...) In these cases, I have extensions to the sendmail access database to provide policy exceptions. I can also provide local SPF records for correspondents to get them a PASS.
One customer had to resort to spamsoap.com because they were getting 2 million spam connection attempts a day, and my python based filter could only process 80000 or so on his 400Mhz server.
Since we believe that spammers are targetting a very small section of society who actually reply to this crap, we could try to identify who those people are.
...well, we could hope.
A 'good guy' at the ISP could set up a deliberate fake-Spam-sending operation to his own customers intentionally bypassing the ISP's spam filters - and in a form that uses techniques similar to the ones the real spammers are using. The general community would be somewhat inconvenienced by this - but we don't intend to do it often - each customer would only get a handful of extra spams per month - they'd never notice. The plan is to use these 'white hat' spams as a honey pot for Spam-respondants. They want to take up these fake offers - so they reply to the email - or visit a fake web site set up by the ISP. Either way, the ISP now knows who the idiots are.
Because our 'White hat' spams bypass the ISP's spam filters - but they test the client's filters realistically, they reach a wider number of respondants than a real spammer could - but they don't reach people who are effectively filtering current spam techiques. The honeypot will therefore capture a wider number of gullible idiots than the real spammer ever could - the offers the white hat spam makes can be even more tempting than real spammers can afford to be.
Now the ISP has a list of his customers that are gullible idiots who are likely to respond to spam. He could just cancel those people's service - or send them notices pointing out that they are the cause of all the problems. There aren't many of them - so the ISP isn't going to make a big dent in his bottom-line. If all of the ISP's did this, it would have a long-term effect on Spammer's profit margins. The idiots would be kicked out and blacklisted by ISP after ISP getting more and more inconvenienced and spending less and less time online until they either find they can't get an email account anymore or they learn that what they are doing is antisocial - so they stop. Company email providers can use training and actual punishment of employees who abuse company email systems for these purposes.
Perhaps an even better solution is to offer to give this list of idiots to known spammers and offer not to filter email to those people - ON THE CONDITION THAT THE SPAMMER NOT SEND EMAIL TO ANY OTHER OF THE ISP's CUSTOMERS! The spammer would have a ready-made list of high-grade customers. That's gotta be more profitable than going through the hassle of blasting out millions of emails. By letting him do what he actually wants to do - we can avoid the anti-social consequences of the lengths he is normally forced to go.
The spammer gains because he can "go legit" and talk only to people who are very likely to respond. The ISP gains because they lose that big spam burden. People who don't respond to spam win because they don't get anywhere near so much spam anymore and the idiots who respond to spam are (presumably) happy because they are getting more "valuable stock tips" offers to buy "fake Rolexes" and more opportunities to deal with Nigerians with unlikely amounts of cash to transfer.
The ISP could actually deliver encrypted addresses to the spammer for the gullible idiots and decrypt them in the ISP's mail server. If the spammer is found to continue to spam addresses not on the list then the decryptor for those primo addresses could be turned off as punishment.
Ultimately, if this worked, we'd evolve into an opt-in advertising infrastructure that would allow ultra-cheap advertising rates with "no questions asked" - with ISP's, "busnessmen" and customers working together.
Steve
www.sjbaker.org
[sig]
In November I went from never getting a single spam to getting about 100 per day on my Blackberry. Roger's Wireless automatically gives you a blackberry email address (in addition to any others you may set up) and doesn't give you the option to disable it from being pushed to your phone. Their filter system is too simple and insufficient to do what I need it to, so I have been forced to turn off message notification and just check and delete every half hour or so throughout the day. Rogers has not been helpful on the phone or via email. They tell me they're working on it. I'm ready to chuck my $600 phone out the next open window I see.
Hell, Shrub and the old Nixon crowd are just waiting for somebody like you to talk loud enough. You think they like people being able to use the web to network information and grow beyond their ignorance? --That's how the world learned of all those U.S. secret prison camps, (oh, sorry, wrong century), detention facilities dotted all over the globe. (More specifically, the secret flights which service them. Discovering that was an internet job. We wouldn't know about it today if that story hadn't been broken by the people for the people, without the media.)
Knowledge about the Diebold voting scandal was also entirely thanks to the internet. (The last election was won by the Democrats, buy there were still about 3,000,000 votes which went snafu, which only means that they won because the number of people pissed off by Bush was greater than the number of planned votes to be stolen. And that only happens when people are informed!
The U.S. admin would positively orgasm if they could find an excuse to impose massive controls over the internet!
Can you imagine trying to learn something real about the world if we went back to the bullshit paper and television media? Man, we'd be like a bunch of ignorant twits living in the Eighties all over again.
Whose direction are those spammers working under, exactly?
-FL
I've been getting messages that I think are from within my company until I read them through a couple of times. We have six other branches and I don't know everyone's names. Some of these messages are like "Hi everyone, I just wanted to let you know that I can now be reached at ext. 233. Hope all is well at the Calgary office." Then it will give a full phone number and sometimes an address. I traced one of the addresses to a mortgage brokerage in Toronto. It's almost as if they've been reading my legitimate mail and then making crap up that fits the profile of a typical message to me. And they're spoofing the "to:" field too. I hate that.
That's right "Nail some sense into 'em".
Maybe it is time to simply shut down all email servers and invent some new ways of communication.
Patents Drive Free Software as Hurricanes Drive Construction Industry
"A spam-free world by 2006? That's what Microsoft Corp. chairman Bill Gates is promising."
i n595595.shtml
http://www.cbsnews.com/stories/2004/01/24/tech/ma
Microsoft could have solved Spam by leveraging their monopoly for good (instead of evil), but they didn't, and show no signs of doing so.
No sig today...
Its very hard on providers' side to fight spam, even more than the end user-side, with spamassasin and such.
First of all, it is very hard to discern legitimate email from spam with the recent tactics employed by spammers. an email with only a subject of "Re:" and 1.5 lines of text can be a reply from a friend, as well as viagra spam. Keyword rating, content examining (auto) can only take you so far, as you cant risk a client not receiving an important business related email.
Up to this botnet thing, we heavily relied on trustable blacklists to filter en masse instead, which did a very good job weeding out spam, due to defining the most-highest rated spammers. However with the advent of the botnet issue, blacklists are not much helping either. Incoming spam, (means spam that is able to bypass the rbl, and land in mail transfer agent) has really increased in dramatic rate in the last 1-2 months.
The solution to this lies on the botnet issue i believe - botnets are providing a means for spammers to unload much spam without the fear of getting blacklisted with their ips - like the old method of infected computers sending spam. If we can find a solution to botnet thing, we might be able to use the same method also in reducing the virus infected computer spam.
Read radical news here
Spam isn't effective and is the domain of bottom feeders. The big players like spam because it wears people down so they're more likely to spend money for other things. Every day, for years, you see -- sex enhancers, mortgage scams, credit scams, worthless herbal drugs, scams, gambling, etc etc etc -- it absolutely must wear people down. The next time they have to make a moral decision in life, the years of seeing this junk in their inboxes have to give it some sort of weight, even subconsciously. After years and years of daily seeing that the worth of men is solely based on their penis size, and that women are only sex objects, that has to make a certain percentage of people more susceptible to buying porn. The big players encourage spam because it essentially costs nothing - no reason not to have this fire-hose of desensitizing garbage being spewed into every inbox on the planet for years on end. No one makes money off of spam, I don't think, except the spammers themselves - it's just that bottom feeder frenzy for a few crumbs.
I assume you mean
How can you get this boolean setup working in Mail.app? As far as I can see it only lets me choose that "all" (A && B && C) or "any" (A || B || C) of the rules apply, neither of which result in the filter you're suggesting.
Yes, I agree that email in its current incarnation is pretty dead by now.
We need a new email. But we all know about the huge inertia surrouding email changes. To avoid being trapped in the email change inertia, we need a new system that:
- Can still use the current email infrastructure
- Does not require cooperation from everybody at once in order to be usable/useful
The protocol that can achieve this is EmailXT (http://www.emailxt.com/). It offers a seamless transition path from the current to the new system, even on the same mailbox. It adds new features to email, defeats most spam, viruses and phishing, and pretty much returns mailbox control to you.
However,
- Still in pre-alpha specification phase
- Bare-bones, buggy-prototype client application available
- No public protocol specification available, although claimed as a free, public protocol.
But I still see much promise in it, judging from my (rather limited) tests. We will have to wait and see if it reaches critical mass. For now it needs word-of-mouth. If you like it and want to make it grow tell your friends about it (actually that's what I am doing!)...
Sod it. Click them all. I know I did.
Merry Everybody!
This post contains benzene, nitrosamines, formaldehyde and hydrogen cyanide.
The increase in November of 35% is pretty accurate - but where the real story is is when you look at the 6 month trend.
In July of 2006, my enterprise was blocking approximately 20 million spam messages per week. Last week, we blocked 86 million spam messages - over 400% increase in 6 months.
Most of the growth occured in September & October. We're projecting to hit 100 million per week by the end of January.
The only good news here is that the amount of valid email that we're letting into our enterprise is remaining flat, indicating that pretty much the entire increase is successfully blocked by our anti-spam. *whew*.
-Lokatana
I now scrub mail for friends and familly through my Postfix mail server using Fetchmail, Fetchyahoo and Gotmail. Amavisd-new, Clamav, Spamassassin, various DNS blacklists includung URIDNSBL and a sprinkle of bayesian filtering have pretty much solved the problem as far as I'm concerned. The only remaining annoyance was image spam, but that has even been solved thanks to FuzzyOCR that is now in Debian !
I you still have spam, it just means that you are not using the freely available tools to eradicate it. Just do it ! I found it is suprisingly easy and we have to thank Debian for that !
I use Cloudmark Desktop and it removes about 99.9% of the spam. I get one or two spam email each week, but thats about it. The best part is that it is virtually impossible for it for falsely hit on valid email (of course, anything is possible in certain situations though). The downside is that it runs on the client, not the server. And I'm not sure, it might be only for Outlook and Outlook Express. Not sure about support for other email clients. But, it works very well in my specific configuration.
All the image spam is gifs. I just toss anything incoming with a gif attached - which is easy to do with mimedefang-milter/spamassassin in front of sendmail. I have one relative who occassionally sends funny gifs so I should whitelist her, but what place is there for gifs in business correspondence?
Also, toss anything with "stocknews" as part of the sender e-mail - that's all from a huge botnet. Toss anything where the earliest received line claims it was received by one of my own domains - but without the machine name/subdomain that my actual mail servers list. And toss anything that includes machine names as domains in the To address (i.e. someone@sub.domain.com), since our "from" addresses never include the subdomain, but for some reason spammers like to include it. All that's done without notice. Stuff with high SpamAssassin scores gets bounced with notice. And everyone not on a whitelist gets greylisted.
The spam that gets by all this is only a couple a day.
"with their freedom lost all virtue lose" - Milton
Most proposed solutions attack at the wrong place. Spamming is not financed and made profitable by the providers or the spammers. The only way to stop it is to attack the source of the money paying for all this crap. One of the of big players (Google, yahoo Aol, MSN) who can withstand attacks and have the servers necessary needs to step up and offer to set up a database of the people paying the bills. Then the Internet community has to use frontier justice in the absence of real law to attack and destroy the sites owned by the spammers' clients. A million email responses for every one they send us; a million phoney orders for their product; 7/24 downloads of whatever they have on their site; DB hacking; DoS attacks, and anything else that will bring them to thier knees until they stop financing spam. Of course modt of that is illegal, and like passive societies throughout history we will continue to be beatup on by thugs and those who pay them until Marshall Google or Sheriff Yahoo goes into action. This thread is typical of what we see all over the web; spineless whining. All this because most of us are law-abiding and we continue to support general priciples of law or lack of law that protects the criminal but will put us in jail if we try to take effetive action agaisnst them.
What I wonder is, how vast are the botnets? If there are 1000 botted machines in one spammers botnet, how long would it take to build up a list of IPs for said machines?
... --to-ports 1234 ) to a secondary local SMTP server on an alternate port that will actually accept the message (once it finally gets through), and analyse it to update the spam filters of the primary SMTP server.
What I would like to do is keep a running list of dates + IP's. Any IP that's been in the list for the last 30 days should get the following rule in my firewall:
iptables -A INPUT -p tcp -s ${SPAMMY_IP} --dport 25 -j DROP
or if you want to be a little less friendly, set a rule that rate-limits your packets to about 8 to 32 bits/sec (1-3 bytes). The spammer's machine is going to waste a *LOT* of time sending it's data through. If you wanted to go further with this, a co-worker has suggested you could re-route these connections (iptables -A REDIRECT
Perhaps when I've some extra time I'll add some postfix+iptables fun to accomplish this.
I'm seriously considering setting my server to reject anything that isn't plain text. With OpenBSD you can also filter packets by OS type so dropping anything that comes from a Windows box on port 25 might work.
There are several major blacklist providers, like Spamassassin. I think it would be very worthwhile to publish a monthly list of the names and ADDRESSES of the top 10 spammers. Get it in one of those colorful charts the put in USA Today and other major dailys. This would publicize the problem, put a face on the problem, and put real fear into the hearts of the perpetrators. Another thought... Hasn't anyone tried setting a few honeypots and then sue for the per spam fines? If you got damages from suits like that you could really make some $$ (until the spammers sent their thugs with baseball bats after you!).
-- QED
It's hard for countries other than the US to threaten the US into getting their chickenboners under control.
-- To dream a dream is grand, but to live it is divine. -- Leto ][
even yahoo bounces e-mail from itself. the increase in volume is probably true that yahoo groups marked my yahoo e-mail as bouncing!
i would welcome a new better messaging system to replace the quite outdated e-mail system. i suspect, we cannot keep the cycle of upgrading bandwidth and server capacity just to filter all the spam. someone has gotta give (like a recent article where an isp just drops the e-mail.)
Live your life each day as if it was your last.
The spam-storm is picking up again as I type...
I've been advocating a solution for that for years, too, but I've never had the time or inclination to implement it. Dig around in the archives for a post about an open certification agency. Short version: you request a cert from a site that is paid for by donations and adwords and stuff.
The server generates a series of secret key values that are all unique. One key is sent by mail, one called in by phone, and one is sent automatically by the server in an email message. In order to get the cert, the person must then prove that he/she can receive postal mail at the provided address, phone calls at the provided number, and emails at the provided email address.
To this end, the cert server sends an email randomly to at least three people who haven't helped their quota of other people in the last year or two. It then provides them with the postal mail address and phone number of the requestor. Those three people make a phone call and print and mail a letter.
Once the requester has proven that the address/phone/email provided are legit, that person must send back a photocopy of a government-issued photo ID to any of the people who sent the postal mail to him/her. The lucky verifier would then key in the government agency into the certification site and would get a list of things to look for when verifying that the photo ID was legit. After verifying those details, that person would click the "verify user" button and would keep the copied ID on file for a minimum of ten years just in case.
At the end of this process, the requester gets a cert valid for three years. During that period, they agree to certify up to five people themselves. In effect, the cost of the cert is five minutes, five phone calls, five pieces of paper, five envelopes, and five postage stamps.
Check out my sci-fi/humor trilogy at PatriotsBooks.