Slashdot Mirror
Spam is Back With A Vengence
Ant writes "The Red Tape Chronicles reports that just last December (2006), the FTC published an optimistic state-of-spam report. It cites research indicating spam had leveled off or even dropped during the previous year. It now appears spammers had simply gone back to the drawing board. There's more spam now than ever before.
In fact, there's twice as much spam now as opposed to this time last year. And the messages themselves are causing more trouble. About half of all spam sent now is "image spam," containing server-clogging pictures that are up to 10 times the size of traditional text spam. And most image spam is stock-related, pump-and-dump scams which can harm investors who don't even use e-mail. About one-third of all spam is stock spam now."
Last month I installed the FuzzyOCR on my Spamassassin setup it and I can now testify that rare is the image spam that gets through. I wrote a article about it if you want more detail : http://serendipity.ruwenzori.net/index.php/2006/12 /19/fuzzyocr-hits-debian-unstable-and-eradicates-i mage-spam
In spite of the rise in spam, you can still keep everything but the stray message or two a day hitting your inbox if you configure SpamAssassin well. Get a guide like McDonalds' SpamAssassin and follow the steps for the usual configuration based on examining headers and referring to Razor. Then, take a massive collection of all sorts of spam, from text pump 'n' dump to image spam, and feed it into sa-learn, SpamAssassin's Bayesian training system. A good setup with extensive Bayesian training will cut out almost everything. And it's not too hard. If you can install a Linux distro, you can configure SpamAssassin.
However, this is obviously only to filter spam coming into your own box. When I am travelling, I try to force myself to leave my laptop behind in order to truly relax, but that means that I have to use my e-mail provider's web interface. And when I see that my Inbox has 500 messages after just 36 hours, then I start to understand the grumbling that SMTP is broken and we need a drastically reformed protocol.
Score:1, Redundant
By definition, shouldn't any post about spam be marked redundant?
Anyway, I run a mailserver. What I see is surges of email for whatever happens to be the current scam. Last year it was mostly mortgage offers (Get a cheap, misspelled mortqaq3 today!!!) Spamassassin + RBLs eliminate about 70% of the flood. Image-only email is flagged by spamassassin. Now random text is added to get past the Bayesian filters. The arms race continues.
BTW, if you are the type to send copies of spam to abuse addresses, I advise you to remove identifying info and post it through an anonymous account to avoid retaliation. ISPs tend to forward it to the spammer.
The volume of spam is definitely up, and most of it is pump and dumps from a very few distinct sources. In December, about 20% of the 30,000 spams I received were for one particular stock.
1 4241
/. articles) want you to believe so you'll buy their products. In general, word salads, obfuscated words and image spam do not defeat state-of-the-art statistical filters.
http://it.slashdot.org/article.pl?sid=06/12/21/23
But it is wrong to say that this new spam requires radical new filtering techniques. That's what the spam solution vendors (whose press releases drive these
See, for example, the recent TREC tests: http://plg.uwaterloo.ca/~gvcormac/trecspamtrack06
These results show that filters achieve about the same results on 2006 spam as on 2004 spam, and those results are pretty good. Ongoing tests show that the effectiveness of filters is unchanged for 2007. In general, the volume of spam has increased, and spammers have tried various methods of defeating spam filters. But their efforts have not been particularly successful against statistical filters.
This shouldn't come as a surprise to anyone One Last Spamhaus Warning Before The End
The images are being 'peppered' with background noise.
Not only am I seeing more Spam hitting my inbox.. I am seeing more spam on WordPress Blogs. This is where I am seeing the most problems.
The email server I use tags and filters spam, but the WordPress Blogs are filling up with Spam, plus it is clogging up MySql databases for comment spam that it uses all the processing power up - so the other services on the box as well as the webserver crawl to a slow. Even with other programs such as Akismet marking the comment psots as spam, the problem lies in the database being tied up.
Go on try that... and your boss will shoot you. Mails from financial sites use gif attachments.
Perhaps the SEC could require stock brokers and other companies issuing penny/OTC/pink sheet stocks to log whoever buys or sells them. There should be a discernible pattern among pump-and-dump traders that the SEC could backtrace to identify the perpetrator. I would imagine the perpetrator would not purchase the stock too far in advance, as market fluctuations during that time could make their scheme fail. They probably buy the stock only a few days or maybe weeks beforehand, and then sell immediately after the spike. Their initial purchase is probably sizable as well, more than your average investor. For most people who never deal with OTC stocks, their privacy is ensured. For those who do choose to deal with these types of stocks, it would be part of the cost of business for dealing in such a risky and crime-ridden market. The SEC needs to figure this one out sooner rather than later...
Slashdot's first reaction to VMware
What you are doing to filtering, it is wrong because all it does (when it works) is to keep you from reading spam and cost you CPU time.
The bandwidth already been spent once the spam reaches your filter.
A much better approach (IMHO) is to use greylisting along with a few fast spamtrap driven RBLS, this way the mail doesn't even get transmitted to my server and I save both CPU, bandwidth and time.
Since I switched I have gotten a max of 2 spams pr. day, some days the count is even zero.
There are two reasons this approach is so great:
1) The greylisting on its own will weed out all the non-compliant MTAs, most spammers use zombies that don't care if their payload gets delivered, so they never retry.
2) The real MTAs that spam might get to me before hitting a spamtrap, but the greylisting tells them to come back a bit later, by that time they have hit one or more spamtraps and get blocked by an RBL.
I have yet to think of a way for spammers to defeat this scheme and the cost to legitimate mail is a 10 minute delay the first time someone sends me mail.
-- To dream a dream is grand, but to live it is divine. -- Leto ][
Then you contact your ISP and make arrangements, after you convince them that you're not a spammer.
Fairly simply. Though today it should be able to tell the difference between legitimate bulk email* and spam
Such as mail-type discussion groups, business relations like people who want to receive tiger direct's adds, etc...
When you're having to post random segments of encyclopedias and put your actual message into an image to get through the filters, it's a clue that you're not wanted.
Those types I'd like to see shot. Heck, I'd shoot them myself.
Oh, and I don't believe that spammers are truly a dime a dozen. I think that if we removed the 10 worst spammers we'd drop spam in the USA by 50% or more.
I don't read AC A human right
Rule 1: never forward spam, even to abuse addresses, and absolutely never to the 'unsubscribe' address.
The only exception I know of is spamcop as they're (I think) trustworthy.
I implemented SURBL recently, and it's helped a lot. Your filter extracts url's from the *body* of the e-mail, and checks them against SURBL's blacklist. The idea is that most spam is trying to get you to click on a link, and although they can forge the From: line, they're still constrained to give the address they want you to click on. This has been amazingly effective for me, and it's really nice because there are essentially no false positives. It won't necessarily work with pump-and-dump scams, though, since it's possible for them to say "buy SCOX," without giving a URL.
Find free books.
Better hope you never get a package from UPS, FedEx, etc... I forget which one, but there was an article a few years ago stating that one of the big delivery companies was developing a signature database.
-- I'm old enough to have lived through six different meanings of the word "hacker."
Greylisting doesn't work anymore. You might block a few spammers but I do greylisting with the latest version of postgrey and I still wind up with about 50 spams a day that get through to my spamassassin... Spammers take non-fatal error returns and add them to the end of the list. X-Greylist: delayed 58065 seconds by postgrey-1.27 at xxxxx; Mon, 15 Jan 2007 10:58:49 UTC X-Greylist: delayed 48829 seconds by postgrey-1.27 at xxxxx; Mon, 15 Jan 2007 11:42:10 UTC X-Greylist: delayed 8054 seconds by postgrey-1.27 at xxxxx; Mon, 15 Jan 2007 13:18:46 UTC That's from my spamassassin folder.
That would be "median American", not "average American". Not that there is a big difference when min and max are so close and the size of sample set is so large but still...
Search RapidShare and MegaUpload!
How can one be so dense as to trust a completely random, badly worded, illarticulated e-mail full of spelling mistakes from someone you don't know to make informed decisions about what stock they should buy?
Greed can be a powerful motivator for some people, enough to overwhelm their sense, what little they have anyway, of logic and reason which tells them that this is a scam or that an investment promise is too good to be true. Why do people play the Lottery when they know or should know that they have a better chance of being struck by lightning on their way out of the liquor store? The appeal to greed is among the oldest in the charlatan's bag of tricks, it has worked for thousands of years and it will continue to work as long as there are humans on this planet to be duped. They know that spam is spam, but they want millions of dollars too and so they continue to get burned.
What I mean is, I'd like to change the protocol from:
.. time passes ...
Spammer: Here's some email
Server: Thanks!
Server: Hey, this is spam! Let's send it to jfengel!
to
Spammer: Here's some email
Server: Screw you. It's spam. (or "There's no such person here. I reject it now rather than having to call you back using the forged header.")
I suspect that the SMTP protocol already supports that. But in general, SMTP is heavily oriented towards store-and-forward in an intermittently connected, unreliable network, passing mail at midnight when the rates were cheap. Maybe that's still a good mode to support, since not everybody has high-speed lines and the network is still unreliable, but TCP and the backbone have solved the problem without some of the problems that come from store-and-forward.
Email has never been about "immediate, guaranteed delivery". Email can and will be delayed.
If you want immediate, use IM or make a phone call.
I can throw myself at the ground, and miss.
Two points:
1) Email has never been an instant messaging system, I've tried getting people to stop asking for an IRC/ICQ/MSN/AIM/whatever chat and just use email, but nobody listens.
2) Any mail server that doesn't retry when given a temporary failure code is broken and needs to be replaced, sooner rather than later.
In any case, I do review my mail logs (well I did the first two weeks of using the new system) and I saw exactly zero false positives.
The spamtrap driven RBLS I use all list and delist servers quickly, so they also cause no false positives, but if they ever do the user who sent me the unlucky ham will get a nice bounce message, so he will be able to retry the mail or call me.
I think getting bounce is much nicer than just having your mail eaten by a filter.
-- To dream a dream is grand, but to live it is divine. -- Leto ][
You seem to have missed the "+ RBL part".
Most spammers seem to hit a number of spamtraps with each zombie at some point, so using spamtrap driven RBLS in front of greylisting means that the RBLs will take care of the verified spammers.
greylisting gives the spamtraps some extra time to get hit, so rather than do actual blocking itself it augments the RBLs.
-- To dream a dream is grand, but to live it is divine. -- Leto ][
One of the great features of email is immediacy.
This is not in the spec.
I want that receipt for my airplane ticket right now, not in a few {minutes, hours, whatever}
Whilst this may happen there are plenty of reasons for it not happening. Including having outgoing email checked by a human being and sent as a batch job.
We have no way of knowing how many legitimate delivery failures are caused by greylisting. That's because, as the parent points out, messages are rejected a priori and there's no quarantine to check. If you reject and for whatever reason it is not retransmitted, your mail is lost.
Greylisting sends back a response which says "I can't process this now" try later. There are plenty of other reasons for an SMTP transaction to return this kind of response.
Maybe this "shouldn't" happen but it does, and it happens often enough that it is not entirely obvious that its false positive rate is less than that of a spam filter.
A "false positive" in this context is indictative of a broken MTA.
That's exactly what I said. The beauty of the phone is that it's intrusive, it disturbs you, it interrupts you. Exactly the properties you want when you need to talk to someone right now.
Also, e-mail is not immediate. It can be delayed any amount that the intermediaries want, for example, because the dial-up process doesn't run again until tomorrow at noon. Or maybe because your firewall and censors haven't read it and approved it yet.
If you insist on calling e-mail immediate, then you just don't understand the technology.
Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!