Slashdot Mirror
The New Yorker On Spam
aqk notes an article in the Aug. 6th New Yorker surveying the spam problem up-to-date. The New Yorker may not be exactly the MSM, but it is pretty influential. The author got only one fact wrong that I noticed: Canter and Siegel's seminal spam was propagated through Usenet and not email. Still, it's a good look at the history of spam and the scale of the problem today. The amount of spam that "spam king" Robert Alan Soloway, indicted under the CAN-SPAM Act, is accused of sending over a period of four years is now pumped out about every 30 seconds, around the clock, around the world.
I have friends that automatically bounce emails back for whitelist verification. This annoys me, but helps them. It also keeps them from getting a lot of needed email, like site automated site registration stuff. And the spammers would eventually beat that technology too.
Get a gmail account. It works. Our university spam filtering quality goes up and down, but I get maybe one spam a week in my inbox in gmail.
I used to periodically get some crazy communist manifesto spam, all in spanish. I miss that one...
How is the New Yorker *NOT* MSM? it's practically on every newsstand from here to Moscow (and yes, I have traveled that far, and seen it there) It's lasted for over 80 years so far and has won more than just a handful of nationally and internationally recognized awards for journalism.
If anything the New Yorker is a good way to reach people that might not be quite as technically proficient or knowledgeable.
I will not give in to the terrorists. I will not become fearful.
It's not just that this idea is unpopular, in my mind it is untenable. The nature of a decentralized system such as the internet is such that it, by its nature, resists control. So you want to require every internet user to have an ID for verification purposes? How would that be enforced internationally? It only takes one China or Nigeria to fail to comply, and the solution becomes worthless. Even if 100% compliance was possible, how long would it take for the system to be hacked? Imagine waking up one morning and finding yourself without internet access because someone else had been spamming using your credentials. I would contend that, if spam is a crime, there would need to be a larger burden of proof than simply seeing someone's credentials attached to an email. The lack of centralized control of the internet simply forces us to face the reality of human nature - when not controlled, some of us will choose to do good of our own devices, and some of us will choose to do bad. I rather enjoy this kind of environment - it allows the true nature of individuals to sally forth, it shows who is to be trusted and respected and who is to be avoided, and it grants free expression without forcing us into a cookie-cutter mold that some centralized authority would impose upon us. With all due respect, if you seek the kind of solution you state, move to China. I hear their network is very secure. Good luck logging into slashdot, though.
The person that ran the linux systems at school showed me the daily log for spam blocked once. It normally reaches 10,000+ a day. He said he contemplated turning it off one time if another user bitched about the 10 spam emails that got through on some days to most user accounts. So if the number of messages that get past the filter is less than 20, even if it fluctuates, is still high quality filtering.
I'm in the middle of starting up a small business and was talking to someone about marketing. This individual (Not an in-duh-vidual - a Ph.D.) suggested that I send out mass emails. I told him that I can't do that because I'll be a spammer and my ISP will yank my account. He then mentioned that they're are ways to mask my origins. I said if I get caught doing that, I'll be in even more trouble. Besides, I DON'T want to be a spammer.
My point? Spamming has become so standard and everyday that people don't even give it a second look now and just consider it an annoyance at worst. The only people who really care are those of us in IT.
I prefer Flambe as apposed flamebait.
Well, they're trying to send a lot, but with a proper setup at and around your mail server, you will not be seeing much of it anyway.
Simple greylisting helps a lot, supplemented with greytrapping-generated blacklists (with 24 hour expiry) it's even fun to watch. The last 2-3 percent that actually makes it through to be seen by content filtering gets converted back to free electrons.
I've had a series of blog entries over at bsdly.blogspot.com about this and the conclusion is clear - with a competent system administrator, Spam is a solved problem (Links to other refs inside, follow links).
-- That grumpy BSD guy - http://bsdly.blogspot.com/
This is definitely a start in the right direction, but it's not the whole story. I'm convinced that a massive part of the problem is that there's a widespread belief that spammers make millions of dollars.
No doubt, a very few do. A very few have mansions and island retreats in the Bahamas. But these people are like the Michael Jordans of spammers, the people who have spent an incredible amount of time and effort into honing their spamming skills not just into an art, but a lucrative profession.
The problem is that most spammers aren't the Michael Jordans of spam. They're just people who have heard that spammers make millions of dollars, and they want in on that action. They go out and download the latest scripts and fire off a few million e-mails. No one responds. So they fire off a few million more. After enough times, someone will respond, and they've made $20 bucks. Flush with the thought of new mansions, they fire off millions more. Whoops, that $20 was charged to a stolen card, so they're back to zero.
The point is that the world has changed. Back in the day, there was a lot of money to be made from spam. Now, though, you have a very few scummy individuals who have made massive amounts of money. You have thousands of scummy individuals who think they can do they same thing, but fail miserably. It doesn't matter, though, all you need are the few who do make millions to keep the perception alive that spam = TONS of money, and you'll have people lining up to do it.
What need to happen is that they need to stop focusing so much on the spam "kings" and go after the regular guys who send it out. The people without the million-dollar houses. The people who think that it doesn't hurt anything to fire off a few million e-mails to try to sell some Vigara (yes, I misspelled it deliberately). The press need to cover those stories too. (They really need to cover them more.) People stop seeing Bill the multi-millionaire spam king and start seeing Ted the worthless loser who was so desperate that he thought he could make a million dollars by sending spam.
It's not enough to make spam unprofitable. People have to know it's unprofitable, and that when caught, they'll end up in jail for nothing.
Nope. They can't fake the IP address if you don't have pipelining turned on. It's coming from their IP's.
That's the problem. You cannot "trust" Hotmail or GMail because they ARE used by spammers.
And there is no technological reason why they could not address that issue. They know that spammers will open accounts with them. Yet they take no steps to mitigate that. Even limiting the outbound emails from each account would help. And having an automated process for reporting and blocking spam from them would pretty much solve the rest of the problem with them.
No doubt, a very few do. A very few have mansions and island retreats in the Bahamas. But these people are like the Michael Jordans of spammers, the people who have spent an incredible amount of time and effort into honing their spamming skills not just into an art, but a lucrative profession. Replace "spammers" with "drug dealers" and the statement is still true.
In fact, I think many, if not most, illegal activities are driven by the same motivation. It's a lottery; people rationally know that their chances of 'winning big' (being the multi-millionaire spammer sitting in the Bahamas, or the drug dealer who becomes a rap star, or whatever) are ridiculously small. But they do it anyway, because they think they can be that one in ten million.
I strongly suspect that if you look at the pay-per-hour of spamming, that it -- like drug dealing -- often turns out to be a sub-minimum-wage job. The people sending spam could probably make more money doing something legitimate, but they're pursuing the (irrational) hope that they can beat the odds and become extremely wealthy without working hard instead. (And, ironically, end up working much harder for the little that they do make.)
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Have you put both the "From" and the "Reply-To" addresses on the mailing list into your Gmail address book? I've found that seems to keep mail in my Inbox instead of in Spam. (I think it's only the "From" that matters, but you can put both in there to be sure.)
I'm not sure it's an automatic 100% non-spam rating, but it does seem to be worth some points at some point in Google's filtering process.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."