Spam Volume Jumps 35% In November

gregleimbeck writes "Spam volume soared another 35% in November, an e-mail security vendor said Thursday, and the month saw spam tactics that reduced the efficiency of traditional anti-spam filters. 'There's been a huge increase in spam volume,' says David Mayer, a product manager at IronPort Systems, 'from 31 billion spams a day on average in October 2005 to 63 billion in October 2006. But in November, we saw two surges that averaged 85 billion messages a day, one from Nov. 13 to 22, the other from Nov. 26 to 28.'"

I'd say more than 35%

[twiggy]

Maybe it's just me, but my spam volume seems to have jumped at least 200% in recent months.

Are we finally going to reach a point where only trusted addresses can email us? Seems the arms race is being severely lost. I've got a pretty good spamassassin config and I can't keep up anymore, I find myself having to manually delete literally hundreds of messages a day now.

Re:I'd say more than 35%

[sam_paris]

i'd say try a different webmail provider. I get a LOT of spam per day, (about 100+) and 99.9% is categorised at spam by gmail. In the last month i would estimate i've had 2 spam messages hit my actual inbox. The rest were filtered out by gmail.

Re:I'd say more than 35%

[mcrbids]

I'm using greylisting and a number of RBLs, including DUN and SpamHaus.

I see perhaps a dozen or so spams/day despite my email address being plastered all over the Intarweb for the last 6 years. (I've made no effort to hide it)

This combination stops a ridiculous percentage of all inbound email.

Re:I'd say more than 35%

[tacocat]

Even that can be spoofed. And people will complain that they can't engage the customers and that's hurting the economy.

There was a guy who proposed something called RSS-mail a few years back. It was the same guy who came up with SPF I think.

Anyways the idea was that I would send you a notification that there was an email waiting for you to pick up on my server. Similar to how RSS passes data. If I was interested in reading that message I could call upon your server to deliver the email to me and then I could read it.

The key is that now the sender has to own the email. He can't just shoot off 20 million random messages. He now has to store all of them on his server for some period of time so that you can pick them up. Cheap for you, expensive for him. It also means that he has to be honest about his RSS feed otherwise you'll never be able to pick up the email and read it. This also makes it easier to track them down.

Personally, I think spammers won't go away easily. They make a lot of money off pathetic fucktards who think they can get a bigger dick with a pill. The real damage is done by the people who purchase via spam making spam a viable marketing tool.

Re:I'd say more than 35%

[epiphani]

You're missing the point - the spam rate is BEFORE filtering, not after.

I got around 100 per day back a few years ago. When i started forwarding to gmail, I average a spam folder of 4000 (it deletes spam after 30 days).

In the past two months, its gone from between 5000 and 6000 to over 15,000. I would agree, hella higher than 35% though. At my place of employment, we have a million mailboxes. We started running into a lot more problems with spam than usual about 6 weeks ago as well.

Re:I'd say more than 35%

[jrumney]

No, its not just you.

I've always preferred to run my own spam filters, I trust myself not to filter out a genuine email by mistake more than I trust my ISP, but last week the spam level got to the point where I'd go away for a couple of hours and there would be 200 new spams in my Junk folder, so I enabled the filter in my ISP's mail settings to try to get some bandwidth back. But as this article said, the latest batch seems to be evading conventional filters, so I'm still buried and thinking along whitelist lines myself (I had a whitelist system years ago, but one day found I had missed several important emails because of it).

Re:I'd say more than 35%

[CodeBuster]

I have noticed this as well and so have my friends and family. In fact, the number of daily spams caught and trashed by my Spam Bayes filter has nearly tripled in the last six months. The probable cause of this increase is a recent surge in the number of zombies now controlled by spam trojans in the bot networks. This was covered here on Slashdot last month in Bot Nets Behind Recent Spam Surge. As for the trusted email addresses, some of us are already doing this with whitelists, but as you say the good guys are losing right now. The one good thing, if you can call it that, that might come out of this whole scenario is that the spammers speed the coming of the day when classic e-mail is retired from general use and something better is put in its place. The greed of the spammers may ultimately prove to be their undoing as they collectively kill the goose that laid the golden eggs.

Re:I'd say more than 35%

[dgatwood]

That's definitely one approach. Unfortunately, it means that my mail would then be at the mercy of a thousand servers' bandwidth, and that reading my mail would take a lot longer on the average as a result.

What we really need is E2EASMTP: End-to-end Authenticated SMTP. The design is basically just the existing SMTP. The only changes are as follows:

1. All mail servers require an SSL key. This is assigned by the registrar when you purchase a domain. This key may be shared among multiple hosts within the same domain.
2. All mail servers must require SMTP-Auth for outbound traffic.
3. All mail servers must sign each piece of mail as it passes through their systems. This signature must sign the complete message, including the signatures of previous servers in the path.
4. All mail servers must support an automated abuse handling mailbox, autoabuse@domain for responses to spam messages.
5. All mail servers must forward automated abuse messages appropriately by verifying its own email signature (sending an abuse bounce-back if it does not match) and then forwarding the abuse report to the mail server that send the message to it in the first place.
6. Upon receipt of a certain number (determined as a site policy) of reports of spam or other junk emails from a given user, the mail server should automatically email that user to notify him/her that his computer is compromised and block any and all emails from that user until it is reset.
7. All ISPs should take reasonable care not to reinstate mail sending privileges until they are sure that the user's computer is clean.
8. ISPs are encouraged to manually look at any blocked accounts as soon as they become blocked to make sure that the messages really are spam/phishing.

The key is that the entire abuse reporting process should be automated and that no email messages without an initial host signature should be delivered. This will make it impossible for continued operation of spam zombies in two ways:

1. It will prevent them from sending mail directly by running an SMTP server on the compromised computer.
2. It will prevent them from continuing to send mail through an ISP's mail server by ensuring that the mail messages can be traced back to a single individual user of the originating ISP, where the messages will be automatically blocked in a timely fashion.

In effect, by ensuring a trusted (albeit not necessarily encrypted) path for all email messages, you make spamming orders of magnitude harder with minimal performance impact. Best of all, I think that this could be implemented with relatively minor additions to the SMTP protocol and phased in over a period of time, ensuring a smooth transition from the spam nightmare we have now to a more modern, usable email infrastructure.

Re:I'd say more than 35%

[YGingras]

Kick spamassassin, rules based filters are not what you need to keep-up. Install greylistd and spamoracle. No more than 0.5% of the spam hits my inbox. Spamoracle will detect anything that isn't an image. Greylistd for some reason kill 99% of the images. Yeah spamers are lame and they could get around this setup but for now you have a pretty good solution that will take 30 mins to setup.

Re:I'd say more than 35%

[daeg]

Combined with an idea like Hashcash (although not a direct copy), you could send a computationally-intensive hash of the message body combined with the recipient's e-mail address. When the receiver picks up the message, the client can verify the notification hash with the message hash. If they don't match, throw the message away (or notify the user, etc).

Re:I'd say more than 35%

[shadowmas]

this is an excellent idea. but rather than having the registrar generate the SSL keys why not add them to the dns like in spf. this would allow the admins to generate the keys the way they want and if somehow a key is compromised (one of the mail servers gets stolen/hacked) they can quickly and easily generate a new key. also it would be valuable if you could have different keys for different servers.

Re:I'd say more than 35%

[nuzak]

I could analyze your FUSSP point-for-point, but let me just whack at the most flawed point:

All ISPs should take reasonable care not to reinstate mail sending privileges until they are sure that the user's computer is clean.

Any ISP that actually gives enough of a shit to care what is coming out of their network and manage their users like this has already managed the spam problem. How much spam do you see coming from AOL IPs? Yeah, it's because they got people like Carl Hutzler who actually took the problem seriously and they gave him real power to implement solutions.

I see armchair admins come up with these oh-so-clever solutions every day, but the reality is that solutions exist now, and what stands in the way of their implementation is nothing more than incompetence and greed. Comcast, Brazil Telecom, Orange/TPnet, all of them could stop their massive armies of zombies overnight, but it's just too expensive. Their cost-benefit analysis lets them keep polluting our mailboxes with direct-to-MX zombie connections rather than deal with the support costs of the 0.01% of users that will ACTUALLY have a problem with port-25 blocking.

We have to make it expensive for ISP's to continue letting their zombies send us spam. That is my FUSSP.

Re:I'd say more than 35%

[lnjasdpppun]

The hard thing about coming up with a way to deal with spam is not requiring 'all mail servers' to do something. As soon as a prevention method requires all mail servers to start doing something at the same time it becomes too difficult to implement because people/companies hate missing emails and if they stopped receiving email from non-verified servers emails would be missed/lost.

There are a few ways the deal with most spam already deployed but because they require all mail servers to do the same thing (and it's very hard to get ALL mail servers, even the legitimate ones, to do something) they have to allow the standard SMTP protocol to function as normal otherwise they will lose emails.

Re:I'd say more than 35%

[walt-sjc]

Only problem is that this would allow spammers to make up any number of keys which would completely kill the effectiveness of this idea.

Re:I'd say more than 35%

[MobyDisk]

Yes, but at least they couldn't send the spams without exposing what domain the generated the keys from. Then someone could notify the registrar and have the person's credit card pulled.

Re:I'd say more than 35%

[kenb215]

When i started forwarding to gmail, I average a spam folder of 4000 (it deletes spam after 30 days). In the past two months, its gone from between 5000 and 6000 to over 15,000.

That is because gmail doesn't delete old spam anymore. I'm not sure if it is because the deletion function broke, if the old spam is being used to help train filters (i.e. spam that the user had to mark), or something else. If you go to the spam filter and look at the oldest messages, they should be from around October 23 at 7:00 AM (GMT).

Re:I'd say more than 35%

[Darkforge]

What we really need is E2EASMTP: End-to-end Authenticated SMTP.

Your post advocates a

(x) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
(x) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
(x) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(x) Huge existing software investment in SMTP
(x) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
(x) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(x) Countermeasures must work if phased in gradually
( ) Sending email should be free
(x) Why should we have to trust you and your servers?
(x) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!

Re:I'd say more than 35%

[clem]

Maybe it's just me, but my spam volume seems to have jumped at least 200% in recent months.

Ah, but my spam volume decreased by 130%. So it all works out, you see?

Re:I'd say more than 35%

[heinousjay]

That's because you've been trained by Hollywood and Slashdot and all the other happy lefty bullshitters to believe anyone in business must be a liar and a thief. It's a generalization that isn't even close to true, but that doesn't stop it from being propagated in the name of populism. Unfortunately, the idea of the noble poor is just as much a myth.

Everyone has equal potential to be scum. It's just easier to make people hate successful scum.

Re:I'd say more than 35%

[Just+Some+Guy]

This comes up a lot, so skip this if you've read my take on the matter before.

One of my clients has a website that features an opt-in email newsletter. Each message is roughly 1MB in size (many pages, lots of images, etc.). He has about 25,000 subscribers. This means that near the first of each month, he's sending about 25GB of email out to people who want to get it. Under SMTP, this is no big deal - just give Postfix a list of recipients, and let it work out the delivery details. The mail queue gradually shrinks over time, and in the case of many customers at the same domain, his server can group all of those recipients into a single connection.

Under DJB's plan, he would send out 25K notices that the newsletter is ready. Whenever people arrive at their office in the morning and check their mail, his WAN connection would catch on fire as they all try to simultaneously download the message (or at the least overwhelm it in predictable waves: 9AM EST, 9AM CST, 9AM MST, 9AM PST). His service would completely fall apart.

Not only would spammers hurt under this plan, but so would every legitimate bulk sender (such as my friend and every mailing list operator). That's a price I'm not willing to pay.

Pump & dump for PHYA

[gvc]

It appears to me that the increase is almost all due to a small number of messages swamping us. One advertises the stock symbol PHYA and has no link. The scam is that if you Google for that symbol, there will be a full-width paid ad for a fake broker/analyst site. About 10% of my email for the last couple of weeks (i.e. over 100 of 1000 spams/day) advertises this stock symbol.

Re:Pump & dump for PHYA

[gvc]

P.S. Feel free to Google PHYA and click the ad. It costs them money.

Re:Pump & dump for PHYA

[cashman73]

Stock ticker PHYA belongs to Physicians Adult Daycare, Inc. They recently put out this announcement saying that they have nothing to do with the email spammers, and are trying to catch them.

Basically, the way this scam works is that the scammers buy a bunch of worthless stock (as in a few cents/share), then email fake stockbroker advice websites and fake advice emails to people, trying to get them to buy the stock. When the stock is worth a decent amount of money, the scammers sell and leave everyone else that bought into their so-called, "advice," with worthless stock.

Re:Pump & dump for PHYA

[cashman73]

According to Yahoo Finance, their ticker symbol is actually technically PHYA.PK. Yahoo's list of exchanges shows that the PK suffix is the United States Pink Sheets Exchange .

Also, in a bit of irony, did anybody catch the Avoid Scams link at the top of the PHYA info page that google links to?

Re:Pump & dump for PHYA

[IL-CSIXTY4]

Generally, these scams are done against "over the counter" or pink sheet stocks, which are not traded as part of any exchange.

Re:Pump & dump for PHYA

[Pharmboy]

Also be sure to go to Yahoo.com and MSN.com and do the same, since they use their system that charges seperately.

Re:Pump & dump for PHYA

[Dunbal]

When the stock is worth a decent amount of money, the scammers sell and leave everyone else that bought into their so-called, "advice," with worthless stock.

      So what happens if I short the stock every time I get one of those damned emails? :)

Plus, SMS Spam

[SRA8]

If it wasnt bad enough get 10 to 15 stock "tips" via spam a day, in mid-December, i started getting the same stock spam via SMS! Yes, SMS! I got a burst of 6 one morning, then another 5 later in the day. Theres $1.10 of SMS fees courtesy of Cingular. I cancelled my SMS service (which they enable automatically) immediately. Wonder how many people are unknowing getting charged for these messages. Starting January 07, Cingular will start charging 0.15/sms -- perahps a response to record SMS revenues :-) ?

Re:Plus, SMS Spam

[j00r0m4nc3r]

I wouldn't be surprised if Cingular was behind it

Re:Plus, SMS Spam

[QuantumRiff]

Cingular charges for incoming SMS? Wow, my cell phone company, as well as all the others I know of in my area (no cingular) only charge for OUTGOING SMS messages.. Just for that reason! Cause pretty much any spammer can send an email to 1234567890@email..com and have the email forwarded as an SMS to your phone..

Re:Plus, SMS Spam

[ArcticFlood]

You don't have to answer the phone when someone calls you. With SMS, you cannot reject it to save money.

Re:Plus, SMS Spam

[Constantine+Evans]

Interestingly enough, even not answering the phone can still result in charges for the receiver of the call with US providers. T-Mobile USA, for example, charges a few dollars per call for calls to cell phones roaming outside thet US even if they aren't answered.

Re:Plus, SMS Spam

[Alioth]

You get charged for *incoming* text messages? Ye gods! Run, don't walk - to a better cell phone provider who doesn't rip you off for what is essentially almost a penny a byte.

Why do we fight this at the end?

[cliffski]

I use (amongst other thing) spamhilator. It's free, and its pretty reliable. The trouble I have is that I *have* to allow everyone to mail me. When you run a business, you *do* occasionally get people guessing your email address from your domain and sending you a potentially vital email. I just can't afford to block emails by default. And anything (like captchas or auto-response systems) that makes it hard for my customers to contact me is just BAD.

I don't see why we are always fighting this problem at the reception end, rather than the source. Spam filters can work quite well, but why are they mostly applied right at the very endpoint of the chain?
I'd be very happy for some basic filtering to take place on my outgoing mail at the ISP level. If it meant the odd automatic email with a captcha saying "are you sure you intended to send this mail?" before a spammy-looking email went out, thats fine with me, and wouldn't that approach cut down on all those twits whose PC's are part of a botnet without them realising it?

Bah, why is firefox suddenly getting me to spell check in American?

Re:Why do we fight this at the end?

[robinvanleeuwen]

And if i hack into your computer and turn your computer into a zombie delivering
a few milltion mails a day you won't mind paying the bill for a couple of million?

or would you mind?

i have some objections to it.

kind regards,

The NEW 640k quote...

[illuminatedwax]

"Two years from now, spam will be solved" - Bill Gates

Outlook

[milo_a_wagner]

I'm no MS fan, but I have to admit, a quick bit of maths show that Outlook gets over 95% of my spam. Gotta hand it to them.

Re:Outlook

[drinkypoo]

I don't know, but it looks like you get more than 100% spam... over 198%. How did you manage that?

Re:Outlook

[tb3]

That seems only fair. According to a random sample of spam headers, Outlook Express has sent an average of 100% of the spam I've received.

Re:It's that damn picture spam

[gvc]

Apparently, image spam beats a number of spam filters. But not all. Try another filter. I haven't done an extensive test in the post-image-spam era but OSBF-Lua is the best available filter I know of, and I haven't noticed that it is compromised by image spam. It is free.

White List.

[headkase]

Well I'd just switch to a white list of e-mail addresses and everything else be damned! Captcha based filtering for application to join my white list if I wanted it too.

Who reads it?

[Kelson]

Is there anyone out there who seriously READs this garbage and actually considers sending money to these people?

The great irony of the spam arms race is that the better we get at filtering the spam, the more garbage the spammers send out just to get the same return. You can't stop filtering it, because the mail you want would be buried in a torrent of spam. But filtering more just raises the bar for the next round of spam.

Eventually it may get to the point where (a) email is unusable or (b) spammers have to send such a massive volume of cr@p that it no longer becomes a cheap business, and it ceases to be worth spamming. Until then, things will keep escalating.

Re:Who reads it?

[SQL+Error]

Most spam is sent out using hijacked Windows PCs - zombie networks - and costs the spammers nothing. So they ain't gonna stop.

Having said that, the level of obfuscation they have to use even now makes their ads almost unreadable. You want me to 3nl@rg3 my what?

I use a different approach.

[khasim]

#1. Aggressively whitelist - since I have the records of all the email received I can just send my users a list of all the email addresses that have sent mail to them and they can pick out the legitimate addresses.

#2. Block email during SMTP transmission - this is where the whitelists and blacklists come in. Everything else gets greylisted. I also use fake addresses to create my own blacklists.

If something is rejected, my phone number is included on the rejection notice. A person will see it and can call.

#3. Monitor the reject logs to see any names that may be useful (legit and fake). You'd be amazed at how many times the spammer's software trashes an address in a unique enough way that you can use it as a spam trap.

#4. Use anti-virus on anything that makes it this far.

#5. Use SpamAssassin on anything that makes it this far that is not on a whitelist.

These practices won't help so much with a personal account. But they've cut almost eliminated the spam where I work. But we don't sell over the Internet. 90%+ of our email is with the same people at the same mail servers and the same IP addresses every day.

Re:I use a different approach.

[whoever57]

If something is rejected, my phone number is included on the rejection notice. A person will see it and can call.

I don't know why it is, but I have found that many quite intelligent people are utterly incapable of reading rejection notices.

Re:I use a different approach.

[Nogami_Saeko]

I'm running my own mail server and using a system I read about which delays the initial SMTP "HELO" for 20-30 seconds before acknowledging the incoming connection.

If someone is sending spam, they're not going to wait that long before starting a new connection (it would slow them down something fierce, to maybe only sending 1 or 2 emails a minute).

This catches about 75% or more of the spam coming in - anything left is mopped-up by either spam assassin at the mail server level, or POPFile before my email client.

Sort of a 3-tiered approach. Very little (maybe 1 or 2) spams per-week get through.

N.

Filled corporate Internet pipe

[AaronW]

Spam has become such a problem where I work that it has completely flooded the corporate Internet connection. I personally feel they should host an external mail server and spam filter off-site someplace. For my personal server I use various RBLs and country blacklists, like blocking all of China, Korea, Russia, Nigeria and a few other countries. Those seem to block most of the spam from even entering my mail server.

I know people talk about legal solutions not working, but I think if law enforcement made use of existing laws and went after these people it might make a difference. I'd love to see the FTC go after the pump and dump spammers and confiscate everything they own before locking them up, or the food and drug administration go after all the enhancement pill spammers. Also, perhaps a law to fine idiots who buy from these spammers.

Just change the federal law to let some of the state laws take effect, i.e. defeat the Can-spam act.

I think if law enforcement made a good effort to go after these spammers and lock them up then it might make a difference.

-Aaron

Bandwidth

[tef]

If for example each spam message was around 1k of info, that's on average 63 tera bytes of info! Using the new Seimans 107gb speed record connection, that would take almost 10 minutes to transfer all that spam! I just wonder how much faster the internet would be without spam.

Re:Bandwidth

[Dunbal]

I don't know about YOUR spam, but I just looked at my mailbox. You're off by a factor of about 20 as far as size is concerned. My average size for spam is around 20kb (out of 30 spam messages in my bulk mailbox). Now let's say we pretend that the entire internet is running at 107Gbs - which is not true, this was an experimental situation - we're talking 1260 Tb. Assuming your calculation is correct this would take 200 minutes, not 10 minutes. There are 1440 minutes in a day, so 200/1440 = 14% of the day is spent sending spam. And remember we're running everything at a theoretical speed of 107Gbs. That's a fair chunk!

Re:Why does 'Picture Spam' get through ?

[Kelson]

It gets through for two reasons:

1. It's harder to extract useful data from an image than from text or a markup language like HTML. OCR is possible, but wasn't worth the effort until the volume jumped up recently.
2. Without that meaningful data, it looks a lot like messages that people forward each other. A picture sent from a cell phone, for instance, or the latest funny animation, or pictures from last week's party, or whatever. The filter is left with header info and not much else.

Filters aren't just acting on spam vs. business mail -- they're also acting on spam vs. personal mail.

Victory Conditions

[Doc+Ruby]

And that's why the US Treasury announced a surplus, from all the fines collected from all that spam violating the CAN-SPAM Act. We're funding free WiFi for every American, while exterminating all the spammers!

Re:Don't be hasty!

[vertinox]

He's got 9 days left!

Geographic filter is great

[caller9]

If you don't do business outside the US, filtering by geographic registration for the subnet works wonders. A little hard to set up but once you use the geographically filtered email to train your Bayesian filter, you really get 99.9% or better. Currently getting approx 99.97% accuracy and very little false positives. Pleased as punch.

Scum

[skinfitz]

Spammers are scum. Introduce the death penalty for them - I'll gladly throw the switch, however I would argue a new extra painful method of execution should be devised just for them.

Re:Scum

[Mogster]

new extra painful method of execution should be devised just for them. Just make them use the products they're hyping.. Make em use their penis enlargement pills, breast enhancement creams and hair tonic formulas while buying up endless stocks using money inherited from their rich second cousin's uncle-in-law from Nigeria.

It's not worth worrying about spam

[banerjek]

Although there are many very effective antispam techniques, some common methods are worse than the problem they are attempting to solve.

Content filters are code that effectively say "I know spam when I see it." Given that people can't say exactly what spam is, why would they trust code written by humans to do the same. Likewise, blacklists are dangerous. We have a mail list machine that hosts hundreds of thousands of subscribers. A lot of people classify any email they don't want as spam, so we occasionally get blacklisted, because a handful of people weren't expecting something (though many ISP's have whitelisted us).

We deal constantly with people who lose email because they set antispam measures as paranoid as possible (alternatively, their mail admins do this for them without their knowledge). This inevitably intercepts a certain amount of legitimate email. Then they get upset because they presume email is 100% reliable and mission critical communications are getting lost.

Only accepting mail from trusted senders is hopeless unless you already know everyone you need to communicate with. Frankly, anyone who knows everyone who needs to be in touch lives in a pretty closed world......

It's called a surge

[Ranger]

I'm sure that it'll go back down to normal levels real soon now. Why heck, it may even withdraw from the Internets.

--
My God! It's full of tubes!

Re:A correlation with Vista?

[afaik_ianal]

Wow... Yeah, umm, wow.... What more can one say?

Anti-MS zealot: "The increase in spam is caused by Vista".
MS Fanboy: "Don't be silly - it was obviously the 2.6.18 kernel release that did it".
IT Professional: STFU, both of you.

Re:It's that damn picture spam

[Conception]

Fuzzy OCR for Spam Assassin. It does a pretty great job on it.

Re:email2

[dgatwood]

No need. As I've been saying for several years, only servers really need to have a cert. If every server had a cert and no messages from machines without a cert were accepted, spammers would have to have a cert or would have to send through normal channels through people's ISPs.If they get a cert, you know who and where they are and you can arrest them.

If they don't get a cert and their spam bots go through people's ISPs, you can set up an automated "this is spam" reply mechanism that would stop the spam bots at the source much faster than existing measures, thus making the amount of effort needed to maintain zombie botnets orders of magnitude greater because they'd be going offline after sending a much smaller number of messages and would be affected by email message rate throttling at the ISPs.

Either way, spam becomes much, much harder....

They hide from OCR, so why not detect that?

[a16]

The image spam is the one thing that gets through my (and gmails) spam filtering. I know people are working on OCR solutions, but spammers are already actively avoiding this with all the random dots and lines you see over their stock spam images.

So what I'm wondering, and I'd be interested if anyone on Slashdot knows about or is working on this - surely it wouldn't be too hard to detect the presence of these anti-OCR techniques? The standard way seems to be putting extra lines and edges, and a spotty background to throw OCR recognition off - why not look for those signs in an image, and add to the "Spam" score if this is present?

Re:They hide from OCR, so why not detect that?

[Dr.Ruud]

procmail to the rescue:

    procmail code by Dr.Ruud
    -> procmailrc.anti-gifspam, or
    -> procmailrc.anti-gifspam.mini

1 filter, 99% of spam gone.

[Duncan3]

Content-Type contains "multipart"
or Content-Type contains "text/html"
and not in address book.

What those don't catch, along with a couple filters for non-english, Thunderbirds filters do. Haven't had a false positive yet. It gets all that image spam, and before that, it caught all that HTML. That same logic working in Mail.app.

Anyone can use gmail's anti-spam too!

[a16]

Something worth pointing out to people who don't want to use gmail, is that you can use gmail as an enterprise grade anti-spam filter for your personal inbox.

Simply forward all of your mail on to gmail, and then either collect it from gmail using POP3, or set gmail to forward it back to a "clean" account on your server that you can pick mail up on. You can set gmail to delete the mail after it forwards it, so you essentially get one of the best anti-spam filters out there, for free.

Of course, what is annoying me is all of the penny stock image spam that gets through most spam filters. It's getting to the point where I really am considering stripping image attachments from messages. See this post further down for a bit more on my thoughts on image spam.

Re:Anyone can use gmail's anti-spam too!

[gknoy]

Can you REALLY trust GMail to Really Truly Delete the contents of your mail? I don't.

use Postgrey (works for me)

[keeboo]

We use Postgrey to filter the spams out.
It works wonderfully even without additional filtering (blacklists, for example.. Which we do still use, though).

Postgrey is a grey-list system por Postfix (for a description on how it works, click here), and there are probably other good greylist filters around.

We've had (like everyone else has) massive amounts of spam going through Spamassassin, our server was down its knees all the time.
Now the machine is typically 95-98 percent idle and the spams we receive (remember I've said we use blacklists aswell) is only the ones which come from our intranet (from hijacked machines we quickly disable when discovered).
That tool saved the day.

Eventually those bastards will have a way around it, but for now it works very well.

Re:Thanks, A-holes.

[phillymjs]

The thought of the idiots who receive the junk and buy the crap advertised in it.

~Philly

Re:Don't be hasty!

[Sponge+Bath]

He's got 9 days left!

Nine days ought to be enough for anybody.

Re:what for??

[KillerBob]

Just pulling numbers out of my ass... but let's say that one in a million people is dumb enough to fall for the crap they're trying to sell, and actually falls for what they're doing. Let's say it's your typical buy/dump scheme where they buy up, say, 50,000 shares of some penny stock. Net cost to them, $500 for the stock, and, let's be really generous and say $100 to send a million e-mails. Realistically, it doesn't cost them nearly that much to do it, but that's beside the point....

The idea is that they'll create a run on the penny stock. Create some demand on a stock that's worth $0.01 a share, even a little, and it might go up to $0.02/share. Not a significant jump, except when you consider that they could have $50,000 invested in the company already. That run would turn into $50,000 profit overnight. And that's assuming a relatively small one in a million people being dumb enough to fall for it. People in general are a hell of a lot stupider than that.

And here's the rub... it's not illegal to create a run on your stock like that. It's not fraud, it's not stock manipulating, it's not deceptive marketing. The company whose stock is being traded usually has absolutely nothing to do with the scheme. And thanks to overly relaxed laws in countries like China and the USA when it comes to bulk e-mailing, it's not illegal to send the spam. They word it in such a way that it looks, to an idiot, like they've received an e-mail they aren't supposed to have received, talking about some sure-fire hot stock, and enough people will fall for it that you're able to turn a profit.

Spam in general is like that. They don't care that 99.999% of the messages they send out get ignored. They care that 0.001% arrive in the inboxes of the criminally stupid.

Fallacy: automation can't better human

[gvc]

The assertion that a program must make as many mistakes as the human that programmed it is preposterous. I daresay I can write a program that computes a million sums and it'll get more of them right than your average human.

Content-based spam filters can be much more accurate than humans. In particular, they can have lower false positive rates. That is, a good spam filter is less likely to discard good email than a human is to overlook good email in a sea of spam.

I'm not exactly sure how the article supports the title "It's not worth worrying about spam." Does this mean you freely distribute your email address, and you simply sort through all your messages by hand, and you've never overlooked a good email, and you have some way of knowing whether or not this is the case?

If you want to test your own ability to separate spam from good email, visit www.spamorham.org

Re:MOD DOWN

[gvc]

Parent does not understand grandparent. The Google ad points to a stock market manipulator, not PHYA.

Re:Or server admins could just do their jobs.

[thogard]

Maybe the best solution is to stop filtering at all for a bit. Let everyone know just how bad the problem is. This was a technique used in the Usenet community every once in a while to let more people know just how much work is being done behind the scenes.

I propose that we turn off all RBLs and filters for 24 hrs the day before congress sits for the 1st time in the new year.

Spam is just the symptom...

[TropicalCoder]

The real disease is: those vast botnets. Really, it's a scary thought. We are lucky that they only being used for spam and the usual phishing scams and the like - as far as we know! Imagine if the terrorists buy themselves some botnets for some nefarious purpose, or the Chinese or North Korea government corner the market on them to run millions of bots to steal corporate secrets or IDs or who knows what? What I'm saying here is that the large increase in spam should be triggering off alarm bells everywhere. The spam is not the problem - it's the botnets. Why in the world don't responsible world governments unite to put a swift end to this problem? Really - it could be dealt with swiftly and effectively in a hundred different ways that I will up to the imagination of the reader. I am just astonished this hasn't happened. I mean - couldn't our friend and champion of democracy George W. include this in his initiative against terrorism? He would probably have more luck tackling this problem then he is having in Iraq. What if he put that on his agenda - and set loose all his military might along with the help of some coalition of the willing? Perhaps he could salvage what's left of his image? Are you listening Mister Bush?

http://www.magma.ca/~gtaylor/AudioTestFileGen.htm

Bring It On

[JusticeISaid]

I'm writing this from my chateau in France. I flew here earlier today from my horse farm in Virginia in my new Gulfstream. Can't believe my good luck: couple of months ago, I discovered this unsolicited stock tip in my email. The stock was cheap and the tip seemed pretty solid, so I invested my life savings in it. And my grandmother's life savings, too; I have her power-of-attorney. The next day, I got nervous. Remembered the old line about if it seems to good to be true, it probably is. So I decided to unload the stock. Damned if the price hadn't gone up 6000 percent! In one day! Incredible! Anyway, I sold it all ... and here I am. Grandma's taking a round-the-world tour in her Gulfstream -- we bought a matched pair.

#1.1 Block REMOTE images!!! PERIOD

[cheekyboy]

An important feature that is used by the spammers to verify that the email has been sent and read is external
images, if you completely block those they cannot use the servers statistics/unique session id to figure out
which mails worked or didnt.

2. Use those remote image location to flood their session stats and pollute their databases and tell their ISPs to drop them too.

Authentication

[CustomDesigned]

I saw a huge increase in spam stats also. I currently get around 11000 messages a day. But I only have to manually delete 1 or 2 a day. My customers enjoy the same convenience despite 100000+ spams a day to their company. There is no administration of filter rules. I run my own filter software (pymilter) on a 600Mhz celeron with 256M ram. My content filter is quite old (dspam-2.5.6.2 with pydspam).

The secret is that I reject all but a few hundred of those 11000 spams in SMTP envelope. Correspondents must have some form of id, currently one of:

1. a valid rDNS
2. a valid RFC 2822 HELO that resolves to connect IP
3. an RFC 4408 sender policy (SPF) with a PASS

If you can't get one of the three right, you should fire your email admin.

That gets 3/4 of the garbage. Next, SPF FAIL is rejected, including for HELO. You'd be surprised at how much spam has my own domain for the HELO! For SPF SOFTFAIL, since the sender is requesting debugging info, I send a DSN to the purported sender reporting the SOFTFAIL. For senders with no SPF, I match domains with HELO and rDNS, and look at MX to try to get a match - which is then treated like and SPF pass. For SPF neutral, I do a CBV, and blacklist the sender if it fails.

This reduces the spam from 11000 to several hundred. The content filter is auto trained. A honeypot mailbox provides spam training. Messages from (verified by SPF PASS) senders that users reply to provide ham training. Users have a web interface to the quarantine.

The false positive from content filtering is extrememly low. The biggest problem is VIP correspondents with clueless email admins who are unwilling to educate or fire them. (E.g. one admin insisted I didn't know what I was talking about and "JUPITER" was a valid HELO name...) In these cases, I have extensions to the sendmail access database to provide policy exceptions. I can also provide local SPF records for correspondents to get them a PASS.

One customer had to resort to spamsoap.com because they were getting 2 million spam connection attempts a day, and my python based filter could only process 80000 or so on his 400Mhz server.

Real status from a Financial Institution

[Lokatana]

I run an enterprise level messaging department for a large financial institution.

The increase in November of 35% is pretty accurate - but where the real story is is when you look at the 6 month trend.

In July of 2006, my enterprise was blocking approximately 20 million spam messages per week. Last week, we blocked 86 million spam messages - over 400% increase in 6 months.

Most of the growth occured in September & October. We're projecting to hit 100 million per week by the end of January.

The only good news here is that the amount of valid email that we're letting into our enterprise is remaining flat, indicating that pretty much the entire increase is successfully blocked by our anti-spam. *whew*.

-Lokatana

Spam ? What spam ? Easy free tools eat spam !

[BigJim.fr]

I now scrub mail for friends and familly through my Postfix mail server using Fetchmail, Fetchyahoo and Gotmail. Amavisd-new, Clamav, Spamassassin, various DNS blacklists includung URIDNSBL and a sprinkle of bayesian filtering have pretty much solved the problem as far as I'm concerned. The only remaining annoyance was image spam, but that has even been solved thanks to FuzzyOCR that is now in Debian !

I you still have spam, it just means that you are not using the freely available tools to eradicate it. Just do it ! I found it is suprisingly easy and we have to thank Debian for that !