Slashdot Mirror
Spam is Back With A Vengence
Ant writes "The Red Tape Chronicles reports that just last December (2006), the FTC published an optimistic state-of-spam report. It cites research indicating spam had leveled off or even dropped during the previous year. It now appears spammers had simply gone back to the drawing board. There's more spam now than ever before.
In fact, there's twice as much spam now as opposed to this time last year. And the messages themselves are causing more trouble. About half of all spam sent now is "image spam," containing server-clogging pictures that are up to 10 times the size of traditional text spam. And most image spam is stock-related, pump-and-dump scams which can harm investors who don't even use e-mail. About one-third of all spam is stock spam now."
Last month I installed the FuzzyOCR on my Spamassassin setup it and I can now testify that rare is the image spam that gets through. I wrote a article about it if you want more detail : http://serendipity.ruwenzori.net/index.php/2006/12 /19/fuzzyocr-hits-debian-unstable-and-eradicates-i mage-spam
I'm sorry but your message from articles.slashdot.org was REJECTED because it has been flagged by our system as spam. You may not be the source of the spam, but our servers do not respect SPF flags and therefore accept, process and then bounce almost any old slutty slice of bits that get hucked our way. We blame you, the owner of the spoofed domain.
To get a hard copy of this message please send $1 to Happy Dude, 742 Evergreen Terrace, Springfield.
Promotional consideration has been provided by the Russian Mob.
These stories are free but worth money.
Akismet is what a lot of Wordpress users (and many other bloggers) use to prevent comment spam. They've got a pretty neat stats page that shows the volume of spam they have blocked from their creation. They are relatively new, so the fact that the graph trends upwards so quickly also has to do with the fact that their userbase is still growing. But it's unquestionable how large a spike I saw in the end of November and December. Particularly over the Thanksgiving/Christmas holiday weekends. I have a personal server in my house that was MELTED by the amount of hits to my dinky little blog. It would go up and then 30 seconds later would be unresponsive and have to be forcefully rebooted. It even killed my D-Link router.
I'm posting AC so slashdot doesn't melt my server again...
Score:1, Redundant
By definition, shouldn't any post about spam be marked redundant?
Anyway, I run a mailserver. What I see is surges of email for whatever happens to be the current scam. Last year it was mostly mortgage offers (Get a cheap, misspelled mortqaq3 today!!!) Spamassassin + RBLs eliminate about 70% of the flood. Image-only email is flagged by spamassassin. Now random text is added to get past the Bayesian filters. The arms race continues.
BTW, if you are the type to send copies of spam to abuse addresses, I advise you to remove identifying info and post it through an anonymous account to avoid retaliation. ISPs tend to forward it to the spammer.
That applies to most guys on Slashdot.
The volume of spam is definitely up, and most of it is pump and dumps from a very few distinct sources. In December, about 20% of the 30,000 spams I received were for one particular stock.
1 4241
/. articles) want you to believe so you'll buy their products. In general, word salads, obfuscated words and image spam do not defeat state-of-the-art statistical filters.
http://it.slashdot.org/article.pl?sid=06/12/21/23
But it is wrong to say that this new spam requires radical new filtering techniques. That's what the spam solution vendors (whose press releases drive these
See, for example, the recent TREC tests: http://plg.uwaterloo.ca/~gvcormac/trecspamtrack06
These results show that filters achieve about the same results on 2006 spam as on 2004 spam, and those results are pretty good. Ongoing tests show that the effectiveness of filters is unchanged for 2007. In general, the volume of spam has increased, and spammers have tried various methods of defeating spam filters. But their efforts have not been particularly successful against statistical filters.
Well then I know what to do about my pesky competitors, just have some spammers send spam in their name! Problem solved!
So who do you want to monitor everybody's commerical actions? Actually, to know that the person bought a product because of spam, we'd need to monitor them whenever they check their email. Big Brother go!
In the name of Karl Popper, though, I appreciate your proposals.
SpamAssasin is great, but it only solves part of the problem. We installed SpamAssasin where I work in July and it's a good thing we did it then, we have seen the spam we receive on a daily basis rise at an exponential rate starting in August(we have maybe 100 or so users). It does solve the spam problem from the end users point of view, SpamAssasin has almost no false positives or false negatives, but the increased volume of spam has still caused headaches. The bandwidth is obviously one, but another is that we installed spamassasin on an older server, naively thinking we wouldn't see said exponential increase in spam. However, now that 90+% of the messages that we receive are spam, the machine is starting to struggle. We are still ahead, but the fear is that if this rate of growth keeps up, the messages will come in faster than we can process them, which means more spent on hardware, manpower, electricity etc. The costs of spam are really being forced on the users of email.....
Monstar L
Who is even dumb enough to make their purchases based on spam mail. I mean, surely everyone must know what spam is by now? How can one be so dense as to trust a completely random, badly worded, illarticulated e-mail full of spelling mistakes from someone you don't know to make informed decisions about what stock they should buy?
It simply makes no sense to me. As long as people remain so completely clueless that they will fall for spam, there will be spam.
I can see you've never worked at an ISP. A customer who is cut off could not care less about why, all they want is to be reconnected immediately and with no work on their part. They will threaten leaving your service, lawsuits, and practically death threats if you do not reconnect them.
Seriously, why won't this work?
Primarily it becomes an issue of volume. One call to a customer with an abusive machine will eat up the profit from that customer for months. You can't just call them and say "fix it", you have to handhold them through the process or you will almost certainly lose their revenue altogether.
It happens, but not that often. When they catch one, law enforcement does a dog and pony show and we applaud wildly. But they just keep coming.
Arrests don't seem to happen that often. Do a google for "spammer arrested", and most of the hits are about the Buffalo spammer. He was arrested back in 2003 to much fanfare. However my mailbox is still full of. Maybe there is more than one of them out there?
I'm guessing spammers spam because they know the chance of them being caught is nigh on zero. Yet, this is a criminal racket just like any other criminal racket. If some serious money is put into law enforcement, then spammers might finally get the shakes. Apart from pump-n-dump stocks (get off yer asses SEC), spammers aren't hard to catch. Consider Mortgage spammers. If you reply to a Mortgage spam (I am told) you will later be called by a seemingly unrelated mortgage agency. They have bought your contacts off the spammers. Everything can be traced, and if we have the feds seeded spammers with 1-use-only phone numbers, buying stuff and tracking it just like they do any other illegal contraband, of course they can bust it. Make receiving spammed contact details an offence too: The recipient must be reasonably confident that the leads they received are not spam. Harder to prove, but if there is a reasonable chance of prosecution buyers of spam harvests will become shyer and the market dry up. Lets make it a legal requirement that ISPs have to report spamming users to the feds.
And let's get beyond "fines" for offenders. Fines for any profitable business are merely an operating expense. What really scares company directors is Jail time. This has been used in L.A. to force companies comply with laws they'd otherwise have simply paid out. If a spammer thinks there is a 0.0001% chance of him being caught (and then let off with a warning), they will do it. If they think they probably can't sell their harvest, have a 50% chance of being caught and will definitely go to Jail, they won't!
So why isn't this happening? (1) It's not an issue for politicans. I want to see Obama/Hillary/McCain arguing about Spam!!! and so... (2) The money isn't budgeted for law enforcement. With some Elliot Nesses on Spam, I reckon we can crack this. How do we let the politicians know this is an issue for us?
Just like with the war on drugs, eh? Yeah I see how raising the punishment really helps. No wait. Shit, it doesn't. I guess we're fucked now.
What I think would help is ISPs taking confirmed zombie machines offline. It's done in Sweden by some ISPs, and most people don't seem to have a problem with that.
1) many of the companies that are promoted in the pump and dump schemes are not involved and often dont know for months that they are also victims of the spam. basically its hard to know who really is (spam coming from open relays etc)
2) most of these stocks are what they call pink slip or OTC (over the counter) stocks not traded on exchages like the NYSE or CME, thus not falling under the SEC (i think, please correct me here im no stock expert)
3) it appears that these spams are more of a scam to drive people to brokerages, or stock advisors. if you google one of the symbols in the spams, you will find very shady looking, hastily constructed sites who's sole purpose is to grab the #1 google ranking for the word "spam" and the symbol in the email.
I could be wrong about the purpose but I think there is more to this scam than pump and dump. ymmv.
meep
My ISP (www.ntlworld.com) doesn't allow you to use www if your connection has a high amount of outgoing port 25 action. I know this because a PC here got infected with a mass-mailer trojan once. Instead of seeing the webpage you're trying to see, you are shown a page telling you that you've been infected, along with access to several tools for removing these kind of infections. If ALL ISPs did this, I would think that spam traffic would be heavily reduced.
I wonder if these "pump and dump" schemes are still working? This round of image spam has been going on for months now, so I'd expect that people just delete them. Even shorting these stocks may not be profitable at this point, which is why I think you are right, there is something else going on here. I wonder if this is some type of money laundering scheme?
As for retribution, if these are "shady looking, hastily constructed sites", then they are your targets. If I was more skilled and so inclined, I would be "analyzing" those sites.
In the land of the blind, the one-eyed man is usually crucified.
What you are doing to filtering, it is wrong because all it does (when it works) is to keep you from reading spam and cost you CPU time.
The bandwidth already been spent once the spam reaches your filter.
A much better approach (IMHO) is to use greylisting along with a few fast spamtrap driven RBLS, this way the mail doesn't even get transmitted to my server and I save both CPU, bandwidth and time.
Since I switched I have gotten a max of 2 spams pr. day, some days the count is even zero.
There are two reasons this approach is so great:
1) The greylisting on its own will weed out all the non-compliant MTAs, most spammers use zombies that don't care if their payload gets delivered, so they never retry.
2) The real MTAs that spam might get to me before hitting a spamtrap, but the greylisting tells them to come back a bit later, by that time they have hit one or more spamtraps and get blocked by an RBL.
I have yet to think of a way for spammers to defeat this scheme and the cost to legitimate mail is a 10 minute delay the first time someone sends me mail.
-- To dream a dream is grand, but to live it is divine. -- Leto ][
Old fashioned 'pump and dump' scams were fairly easy to track, as they would go after the brokers who pushed the stock, and then it was a simple task to just follow the money. As we all know emails can be awfully hard to trace back to their creator.
I used to wonder why people would fall for such scams, 'how could they fall for these things time and time again?'. Well, a couple of years back I was having a conversation with a woman who was distressed that an 'old friend' of her husband had contacted him again. Apparently, this guy has sold (taken) her husband on a variety of pyramid schemes, 'mlm's, and many other 'get rich quick plans. Later, ss nicely as possible I confronted him on 'why' he let this happen. He was a little angry with me, but without any hesitation, he told me that 'one day it will pay off' That day I learned a little something about some people's nature. He knew that these were scams, but he worked them anyways. To the best of my knowledge, he wasn't a crook, and he never approached me with those affairs. So I'm guess that he had hoped that if he just participated, someone else would do the dirty work which would make him rich.
I suspect that the reason why these latest 'pump-and-dump' scams seem to work (otherwise why would you be seeing so much of it), is not action by those easily duped, but by those who hope that they could exploit the 'opportunity'.
The force that blew the Big Bang continues to accelerate.
Your post advocates a
(x) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(x) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
(x) Microsoft will not put up with it
( ) The police will not put up with it
(x) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(x) Asshats
(x) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(x) Huge existing software investment in SMTP
(x) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
(x) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
( ) Joe jobs and/or identity theft
(x) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(x) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
(x) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
(x) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(x) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
(x) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
I know of no good ISP that bans such servers. Nor would I use any that did - that's retarded... I'm paying for the bandwidth and it's mine to use.
Ok numbnuts, that's exactly the kind of attitude that spammers have. That they can do anything because they pay for it. You pay taxes for construction of roads and for schools, but that doesn't give you the right to drive 100 mph through a school zone. You have to have limits. There have to be rules.
I HATE these stupid 'form letter' responses. They make the poster look like they know-it-all, and they preclude any REAL thought or discussion about the idea. That said, I have a simple, foolproof idea to help eliminate spam.
Email certification.
If you want to be able to send Certified Email (CE), you apply for Certification from the company that gives you internet connectivity. They check you out, and 'Certify' you as being a legitimate emailer (ie: not a spammer). Then, you generate a private/public key pair and give them the public one. In the headers of all your email, is their certification, and an encrypted header line that's createdusing your private key.
When email arrives at the recipients server (or this could be done at the client level, as well), the server sees the certification, and connects to the certifying server to get your public key. It attempts to decrypt the header line. If it does it marks the email as 'certified', if it cannot, it marks the email as 'uncertified', and the email client can be programmed to filter messages based on that.
Due to the public/private key cryptography, there can be no certified email spoofing. (Assuming the private keys are secure, the keys are of decent length, etc.) All emails are traceable back to the originating server. CORRECTION- all CERTIFIED emails are traceable. Anonymous email is still possible. People can still set up email servers for mailing lists without "having" to get them certified. And people can still receive non-certified mail.
If an email server sends out spam, the complaints go to it's certifier. They can drop the certification, deleting the public key from their server. When this happens, ALL the email from the spamming server is now 'uncertified', and gets handled accordingly by email clients. If nothing is done, complaints go to THEIR upstream, etc. Individuals and groups can keep their own blacklists, if they wish, and anyone can choose to filter emails according to those lists.
Now, I've looked over that 'form email' that people like to post to shoot down anti-spam ideas. And nothing applies to this idea. (If something seems to apply, it's because I either left out details, or explained something wrong.) This idea does NOT need to be universally adopted, nor does it need to be adopted by everyone all at once. It's primarily a way of reliably tracing (certified) emails back to their originating server. The anti-spam part comes later: if you receive certified spam, complain and get the server un-certified. If you receive un-certified spam... well, just have your email client dump all uncertified emails in the trash. (Not nessisarilly, you could just use it's un-certifedness as a factor in filtering your email.)
This idea does not require anything be changed with SMTP. It simply requires a second connection be made to the certifying server. Now, before you bitch about the extra bandwidth, I'd like to remind you that, once this idea catches on, spam will be greatly reduced. This reduction will MORE than make up for the slight increase in bandwidth created in querying the certifying servers. Also, the certifying servers can set time limits on when the certifications expire, and need to be re-downloaded (kind of like DHCP leases). A 'new' company that just applied for certification might have it's certificate set to expire almost instantly. This way, every email they send requires a download of the certificate. This allows the certificate to be pulled rapidly if they start spamming. After a month or two, it could be set to expire weekly or monthly.
To sum up: Email Certification is reliable way of tracing the certified emails back to their originating server. This allows spammers to be identified unequivocally, and have their certification pulled. Email servers are NOT required to be certified, and anonymous email is still possible. Email recipients can, if they choose, set up their client to send uncertified emails to the trash, or to handle them however they wish. White lists and black lists