Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spam is Back With A Vengence

Posted by CmdrTaco on from the bring-me-my-bazooka dept.

Ant writes "The Red Tape Chronicles reports that just last December (2006), the FTC published an optimistic state-of-spam report. It cites research indicating spam had leveled off or even dropped during the previous year. It now appears spammers had simply gone back to the drawing board. There's more spam now than ever before. In fact, there's twice as much spam now as opposed to this time last year. And the messages themselves are causing more trouble. About half of all spam sent now is "image spam," containing server-clogging pictures that are up to 10 times the size of traditional text spam. And most image spam is stock-related, pump-and-dump scams which can harm investors who don't even use e-mail. About one-third of all spam is stock spam now."

5 of 510 comments (clear)

  1. Use FuzzyOCR and be mostly done with image spam by BigJim.fr · · Score: 4, Informative

    Last month I installed the FuzzyOCR on my Spamassassin setup it and I can now testify that rare is the image spam that gets through. I wrote a article about it if you want more detail : http://serendipity.ruwenzori.net/index.php/2006/12 /19/fuzzyocr-hits-debian-unstable-and-eradicates-i mage-spam

  2. Re:Spam spam spam spam. Lovely spam! Wonderful spa by Smallpond · · Score: 4, Informative

    Score:1, Redundant

    By definition, shouldn't any post about spam be marked redundant?

    Anyway, I run a mailserver. What I see is surges of email for whatever happens to be the current scam. Last year it was mostly mortgage offers (Get a cheap, misspelled mortqaq3 today!!!) Spamassassin + RBLs eliminate about 70% of the flood. Image-only email is flagged by spamassassin. Now random text is added to get past the Bayesian filters. The arms race continues.

    BTW, if you are the type to send copies of spam to abuse addresses, I advise you to remove identifying info and post it through an anonymous account to avoid retaliation. ISPs tend to forward it to the spammer.

  3. Spam filters can still cope by gvc · · Score: 5, Informative

    The volume of spam is definitely up, and most of it is pump and dumps from a very few distinct sources. In December, about 20% of the 30,000 spams I received were for one particular stock.

    http://it.slashdot.org/article.pl?sid=06/12/21/231 4241

    But it is wrong to say that this new spam requires radical new filtering techniques. That's what the spam solution vendors (whose press releases drive these /. articles) want you to believe so you'll buy their products. In general, word salads, obfuscated words and image spam do not defeat state-of-the-art statistical filters.

    See, for example, the recent TREC tests: http://plg.uwaterloo.ca/~gvcormac/trecspamtrack06

    These results show that filters achieve about the same results on 2006 spam as on 2004 spam, and those results are pretty good. Ongoing tests show that the effectiveness of filters is unchanged for 2007. In general, the volume of spam has increased, and spammers have tried various methods of defeating spam filters. But their efforts have not been particularly successful against statistical filters.

  4. Re:SpamAssassin still works by antifoidulus · · Score: 4, Informative

    SpamAssasin is great, but it only solves part of the problem. We installed SpamAssasin where I work in July and it's a good thing we did it then, we have seen the spam we receive on a daily basis rise at an exponential rate starting in August(we have maybe 100 or so users). It does solve the spam problem from the end users point of view, SpamAssasin has almost no false positives or false negatives, but the increased volume of spam has still caused headaches. The bandwidth is obviously one, but another is that we installed spamassasin on an older server, naively thinking we wouldn't see said exponential increase in spam. However, now that 90+% of the messages that we receive are spam, the machine is starting to struggle. We are still ahead, but the fear is that if this rate of growth keeps up, the messages will come in faster than we can process them, which means more spent on hardware, manpower, electricity etc. The costs of spam are really being forced on the users of email.....

    --
    Monstar L
  5. Filtering is wrong by Dion · · Score: 4, Informative

    What you are doing to filtering, it is wrong because all it does (when it works) is to keep you from reading spam and cost you CPU time.

    The bandwidth already been spent once the spam reaches your filter.

    A much better approach (IMHO) is to use greylisting along with a few fast spamtrap driven RBLS, this way the mail doesn't even get transmitted to my server and I save both CPU, bandwidth and time.

    Since I switched I have gotten a max of 2 spams pr. day, some days the count is even zero.

    There are two reasons this approach is so great:
    1) The greylisting on its own will weed out all the non-compliant MTAs, most spammers use zombies that don't care if their payload gets delivered, so they never retry.
    2) The real MTAs that spam might get to me before hitting a spamtrap, but the greylisting tells them to come back a bit later, by that time they have hit one or more spamtraps and get blocked by an RBL.

    I have yet to think of a way for spammers to defeat this scheme and the cost to legitimate mail is a 10 minute delay the first time someone sends me mail.

    --
    -- To dream a dream is grand, but to live it is divine. -- Leto ][