Slashdot Mirror
Spam is Back With A Vengence
Ant writes "The Red Tape Chronicles reports that just last December (2006), the FTC published an optimistic state-of-spam report. It cites research indicating spam had leveled off or even dropped during the previous year. It now appears spammers had simply gone back to the drawing board. There's more spam now than ever before.
In fact, there's twice as much spam now as opposed to this time last year. And the messages themselves are causing more trouble. About half of all spam sent now is "image spam," containing server-clogging pictures that are up to 10 times the size of traditional text spam. And most image spam is stock-related, pump-and-dump scams which can harm investors who don't even use e-mail. About one-third of all spam is stock spam now."
There's an interesting artical at Extreem tech about the wave of spam that hit us last year:7 ,00.asp
http://www.extremetech.com/article2/0,1697,206027
Most admins were able to find ways to eliminate that eventually: http://blog.fastmail.fm/?p=580
but now I notice a new trend. Some spammers are actually putting news headlines in the subject field.
On top of that the black hats are now finding ways to spam emule search results.
Every search you make in Emule will return a fake hit... something like *_using_emule_multimedia_toolbar.exe. If you exectute that program your machine will be infected with a virus.
Why not just block e-mails that contain .gif attachments?
640YB ought to be enough for anybody.
Who is even dumb enough to make their purchases based on spam mail. I mean, surely everyone must know what spam is by now? How can one be so dense as to trust a completely random, badly worded, illarticulated e-mail full of spelling mistakes from someone you don't know to make informed decisions about what stock they should buy?
It simply makes no sense to me. As long as people remain so completely clueless that they will fall for spam, there will be spam.
Just like with the war on drugs, eh? Yeah I see how raising the punishment really helps. No wait. Shit, it doesn't. I guess we're fucked now.
What I think would help is ISPs taking confirmed zombie machines offline. It's done in Sweden by some ISPs, and most people don't seem to have a problem with that.
Old fashioned 'pump and dump' scams were fairly easy to track, as they would go after the brokers who pushed the stock, and then it was a simple task to just follow the money. As we all know emails can be awfully hard to trace back to their creator.
I used to wonder why people would fall for such scams, 'how could they fall for these things time and time again?'. Well, a couple of years back I was having a conversation with a woman who was distressed that an 'old friend' of her husband had contacted him again. Apparently, this guy has sold (taken) her husband on a variety of pyramid schemes, 'mlm's, and many other 'get rich quick plans. Later, ss nicely as possible I confronted him on 'why' he let this happen. He was a little angry with me, but without any hesitation, he told me that 'one day it will pay off' That day I learned a little something about some people's nature. He knew that these were scams, but he worked them anyways. To the best of my knowledge, he wasn't a crook, and he never approached me with those affairs. So I'm guess that he had hoped that if he just participated, someone else would do the dirty work which would make him rich.
I suspect that the reason why these latest 'pump-and-dump' scams seem to work (otherwise why would you be seeing so much of it), is not action by those easily duped, but by those who hope that they could exploit the 'opportunity'.
The force that blew the Big Bang continues to accelerate.
We have no way of knowing how many legitimate delivery failures are caused by greylisting. That's because, as the parent points out, messages are rejected a priori and there's no quarantine to check. If you reject and for whatever reason it is not retransmitted, your mail is lost. Maybe this "shouldn't" happen but it does, and it happens often enough that it is not entirely obvious that its false positive rate is less than that of a spam filter.
It is also trivial for a spammer to defeat greylisting. Perhaps they don't at this time, but at any moment they could flip a switch and render your approach useless. Contrary to popular belief, state-of-the-art spam filters aren't so easily defeated.
Blacklisting doesn't suffer from the immediacy problem of greylisting, but it shares the problem of an unknown false positive rate, and mediocre false negative rate.
A big problem with most spam filters, especially the open source ones, is that they're single user. They're trying to work out from the content what's spam. Systems like gmail (and Spamcop before IronPort bought it) look at spam addressed to a large number of addresses. When roughly similar material starts showing up at a few hundred different addresses, the probability that it's spam is very high.
Here's a thought. Mail servers should, on receiving an SMTP connection from an IP address, probe that IP address to see if it's a Microsoft consumer-grade operating system. If so, reject the connection. That would put a dent in the zombie problem.