Slashdot Mirror
Spam Hits 95% of All Email
An anonymous reader writes "Commtouch released its Email Threats Trend Report based on the automated analysis of billions of email messages weekly. The report examines the appearance of new kinds of attachment spamsuch as PDF spam and Excel spam together with the decline of image spam, as well as the growing threat of innocent appearing spam containing links to malicious web sites. Image spam declined to a level of less than 5% of all spam, down from 30% in the first quarter of 2007; also, image pump-and-dump spam has all but disappeared, with pornographic images taking its place."
The link referenced in the posting goes to a summary page that is a little light on details. At the bottom of that page is a link to the PDF-formatted report. There's a lot more information there, including some screenshots of example SPAM and malware sites, trends in attack vectors, zombie systems, etc.. Interesting stuff.
Huh? Where? Man, all I ever get are stupid Viagra spam and "O3M S0FTWARE!" (and variants thereupon).
Humpfh. Everyone gets pr0n spam but me.
Dan Aris
Fun. Free. Online. RPG. BattleMaster.
Thank God for Gmail and its excellent spam filtering! I don't think I've had any spam hit my inbox in 2 years. :-)
The game.
While I'm not denying spam etc. is an annoyance and does cause a lot of people some problems, do we really want to accept at face value some words from an organisation that could well have a vested interest in making the problem appear more threatening than it really is?
Personally I'd prefer to teach people how to avoid spam/virus infection - in the same way we teach people how to avoid clinical infection, than to go around wailing about how bad the problem is.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
I highly doubt that, "All Email"?
Did they track private networks? Encrypted Email?
All I ever get is spam.
Most of the subjects are as follows:(filtered for privacy)
Courses next term
[Course name here] Grades
IMPORTANT: Calculus Final Exam Time
Hello from [Relative name here]
[Subscribe newsletter here]
Funny pictures
Why wont it stop?
I work at an ISP and we do SPAM detection and elimination at our border routers. We scan both incoming and outgoing email, and will auto blacklist our own internal IPs if we detect SPAM.
The highest two-week percentage of rejected incoming email that I've seen broke 97% a few months ago. It's normally between 90% and 95%.
It's loads of fun dealing with this crap.
Comment removed based on user account deletion
Comment removed based on user account deletion
We were at 95% spam back in June. September and October so far are 98%. Meanwhile, November 2006 was 89%.
Wasn't "95% of email is spam" reported by the BBC back in 2006?
And Security Focus has a great article that shows how all of these numbers are totally made up.
I didn't know there was still spam out there? I got CanIt from Roaring Penguin and don't see spam anymore.
Kernel Krunch - Part of a Complete OS
If the financial incentive is removed the problem should go away. The spammer is not the root cause, the entity hiring the spammer and benefiting from the people responding to the advertisement appears to be the root cause and is easier to identify.
The entity initiating the process is identifiable ( the contact information must be accurate in order to effect the sale ) unlike the spammer that can utilize many techniques to avoid identification.
ISPs are in the perfect position to sniff traffic and identify infected machines that are part of botnets. It's obviously technically possible since the government does it at AT&T. You don't even need to sniff ALL traffic, SYN packets are enough. Most tech savvy businesses already sniff all their traffic with IDS systems, it's not a big leap.
ISPs should also be blocking outbound port 25 traffic from dynamic addresses (and if you need to use an external mail relay, use a tunnel or port 587.) Some ISPs do this already, many don't.
To all the whiners that don't like the port 25 blocking: Dynamic IP space is already "damaged goods", and you have multiple workarounds available to you. Any sane mail admin (including many large ISPs) already blacklist dynamic space therefor you can't effectively run a mail server on dynamic IP space.
The solution that stops 90%+ spam is out there, but it costs a little money to implement. It's still less money than what we currently are spending fighting spam. What are they waiting for - government mandates? Fines? Lawsuits? Getting their netblocks in 2,000,000 private blacklists that they have no chance in hell of getting out of?
Checking my mail stats, since 4 am this morning, I've received 51985 emails, 51909 of which were filtered as spam. That's 99%. Checking the bandwidth monitor, the spam has consumed a steady 100Kbit/s since 4 am, despite being mostly blocked in SMTP envelope via SPF and reputation (SPF blocks forgeries, reputation blocks spammers with the balls to use their own domain).
Is this any different then the stats of the dead tree style of spam that appears in my mailbox every day?
And we have seen the huge (cough) progress made in removing that snail mail spam from the system.
Honestly, there seems to have been more progress in weeding out the digital spam then the paper sort.
Even vague sort of laws and protections and such.
This is hardy new. Anyone with an old (>10 years) domain name is on every spam address list in the galaxy and likely gets 99.99% spam. All my mail server does is run spam assassin and clamav and a few times per day, actually delivers a real message.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Anecdotally, I don't think mine is an unusual scenario, which causes me to wonder: how many people are getting 96-100% spam, in order for this average to hold true? I mean, are there folks out there being inundated with a daily 100%-spam diet, just on the off-chance that they get a spot of lean steak one day?
Poor bastards.
Meta will eat itself
I know how you feel.. ;-)
"The solution that stops 90%+ spam is out there, but it costs a little money to implement. It's still less money than what we currently are spending fighting spam. What are they waiting for - government mandates? Fines? Lawsuits? Getting their netblocks in 2,000,000 private blacklists that they have no chance in hell of getting out of?"
I can actually understand the ISPs on this one. Yes, spam costs a huge amount of money to the economy as a whole, however it's not such a major cost to the ISPs themselves. As businesses, they can't make a case [to their stockholders, etc.] to spend a bunch of cash fixing someone else's problem. If the businesses that were paying the huge tolls created a fund to pay ISPs to fix the problems, then you might see something. Otherwise, government mandates are probably the only solution. As far as ending up on blacklists, major ISPs aren't all that worried; so long as they aren't blocking each other, their customers will be happy. Most people will blame whatever random business is blocking their email rather than their own ISP (after all, most of their email gets where it's supposed to go).
G
>Let me guess: You don't run a business.
Or his business uses a, you know, web form for contacting him with a captcha. Once they pass that stage they get whitelisted.
and what goes on the business card, the press release and other similar locations? or you think you can run a business that has no email address and ignores emails sent blindly to sales@ info@ and webmaster@ not to mention support@ ?
DRM-free indie games for the PC and Mac: Positech Games
JapScat images just popped into my head there...
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
- ObDisclaimer: I deal with email at an ISP.
The brute force style of filtering spam disappointed me alot as it makes innocent websites completely helpless to communicate with their members who use yahoo mail. Now that all my important messages go into spam folder and spam mails go into my inbox, the effectiveness of Yahoo spam filter becomes 0. (Yes I know I can unblock my website in my own account settings, but how about mails being sent to other people?)
Yahoo Mail sux and I am switching to GMail.
Why pay money when the amount of 'mail recipients' is down to 5% because filters have become so efficient?
That empties the possible pool of suckers out there so you might as well give up and find some other scam. (Remember, there zipper-heads want to get your money for free. If they can't... Well fuck it...)
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Since most slashdotters are libertarians for some reason (and I could argue even I am to some degree) my question is: where's the technological efficient solution to this.
:P ), but that's where it ends.
We've seen some "free market" solutions which basically required that you pay a fee to every mail provider so they don't trash your email. And this didn't particularly help spam either.
I come to the conclusion that spam as an issue is one of two things, or both of those things:
1) Not that big of a problem (hard to believe if you are a mail provider / ISP yourself)
2) Impossible to solve by means of free market solutions, and requires cooperation and standardization of new technology.
Point 2 is hard to happen since every little startup that comes with a mini solution, trumpet it on their own and hence they are only a nuissance to deal with in the big picture (due to lack of a single standard, it's impossible to have clients which make the process of whitelisting easier and even half automatic).
Here are couple of solution which would get us half-there, but are only quarter-implemented right now:
1) Whitelist SMTP servers by talking back to the supposed mail of origin and comparing IP-s. The SMTP may return list of IP-s this host responds from. This is then cached and used for further authentication on this domain. It *may* lead to DoS if many hosts do a first-time check simultaneously, but it's unlikely (and less problematic, given we're eliminating 95% of bad emails this way).
2) Test-for-human-intelligence in your first email to a new email. Such as, I don't know, some sort of CAPTCHA you fill-in? Once this is done, communication can proceed without further tests between those two emails. The receiver still has the option to block you, lest you employ a mechanical turk.
Those solutions are boring, they're incomplete in a way, they introduce hassle, but if we *all* agree on those, they can be made less of a hassle, and still not lose their efficacy.
That would require the likes of AOL, Hotmail, Gmail and so on free mail providers to cooperate with the likes of Microsoft, Apple, Linux devs and so on, to implement this on both the clients and servers.
Right now, I could see Hotmail cooperating with Microsoft (.. wink, wink..
Anyone else getting a lot of spam in German? I don't think the spammers know that I can speak German, but I would say that at least 25% of my spam these days is in German.
We can't stop it because we aren't addressing the real problem. Spam is an economic problem. People send out spam because they make money off of it. And they will therefore continue to send out spam as long as they make money off of it.
If you want to stop spam, you have to remove the economic incentive. To do that, you need to cut off the co-conspirators that are allowing the spamvertised domains to be established and hosted. If you can either prevent them from getting a cut off the action, or punish them severely for taking their cut, then you can stop spam.
Until then, if all we do is try to filter spam out, we'll just continue to see the costs of inaction. Beyond that, we're ignoring the fact that filtering has real costs, as well. Filtering doesn't prevent the spam from traversing the internet, and furthermore it requires human time to update as the spammers change their tactics.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
As email asymptotically reachs 100% spam, we will have essentially created a mechanism whose sole goal is to deliver us undesired ads and scams. Talking about spam detectors and blockers and blacklists is irrelevant. Why devote all of this energy to ensure that maybe 5, 10, or 20 people can contact you or your business a day? Or even 20,000, which only highlights the issue that separating spam from valid emails is just bad juju. Simply put, there is no solution to asynchronous communication that is not too tedious or too restrictive. We'd be a lot better off if we blew up all the email servers, and put all of the energy and cost savings into developing encrypted telepathy. You think I'm kidding.
Must be nice not need to hear from customers. Or legit vendors. Or old friends who changed their e-mail addresses. I'm jealous.
I can't even the use apparently moderately effective "blacklist Chinese and Russian IPs" technique. We correspond all over the world.
I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
Good luck with that. Particularly with the avoiding spam part. If you come up with a foolproof method that actually involves using e-mail... I'm sure you'll be a lot richer than I am.
I have a modest proposal: Hitmen. And Hitwomen. It's simple enough. Everybody using email who are frustrated with spam donates a buck or so a year. The millions of dollars are used to hire teams of investigators who track down those sending spam, then you hire somebody to dispose of them.
This includes programmers that write worms that use email, people who operate illegal botnets* to send out spam, etc...
Word of the day: Defenestration
I don't read AC A human right
Other have pointed out other problems with your post. I'll point out that most spam does not originate in US ISPs. Even if the spammers themselves are in the US, they use ISPs in places where there are virtually no legal checks on what you do with your computer to generate the traffic (or spread the botnets to generate the traffic).
I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
To all the whiners that don't like the port 25 blocking: Dynamic IP space is already "damaged goods", and you have multiple workarounds available to you. Any sane mail admin (including many large ISPs) already blacklist dynamic space therefor you can't effectively run a mail server on dynamic IP space.
/29 netblock processed a few days later. All good, right? With everything setup on my end, I send out a few test messages to my personal ATT email account (hosted by the folks at Yahoo), and it gets the 'YahooFiltered: Bulk' treatment 4 out 5 tries.
Agreed, but it's worth pointing out that fixed addresses aren't exactly the cat's meow, either.
When I signed up for a DSL account with SBC/ATT, I asked for static addresses and and got my delegation request for tiny
Granted, Yahoo uses DomainKeys, but a cursory Google search will reveal any number of problems from all sorts who have gone to the trouble of setting up DKIM, SPF, etc. and run into problems with their email being tagged as spam by Yahoo, Hotmail (especially problematic), or any of the other large email services.
The lesson seems to be is that if you expect your mail to be delivered, have someone else host it, or alternatively (if you don't want to use your ISP as a smart host), pay for one.
Either ISPs are common carriers (the postal system is a prime example, I get lots of 'junk mail' for every legitimate piece of mail, but at least they're getting paid to deliver the crap,) or they aren't (and NOBODY wants that.)
Its like the telephone itself.
Its NOT the phone company's problem if people call you in the middle of the night and threaten to cut off your balls.
They're just the messenger.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
...before it reaches the level of spam I get in the mailbox in front of my house. I swear, if we want to save the trees, we need to start by arresting the people putting all those unwanted 20-100 page sales catalogs in everyone's mailbox every day.
Comment removed based on user account deletion
I have a GMail account I created for my business that started getting spam almost immediately.
(Some of the spam is REALLY funny [Hello {company name} why is your dick so short {no proper punctuation}]).
The amazing thing is that I have NEVER given out that address to anyone, at anytime, for any reason.
NOBODY knows it but the spammers so I claim the best/worst mail/spam ratio: 0% mail/100% spam.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Seriously.
:)
I hate to bring up anecdotal evidence, but, while I still get spam, my flood has gone down to a relative trickle simply by plugging postgrey into postfix. I could probably reduce it to zero with a bayesian filter, but I won't bother. Scanning through my logs, my server rejects literally thousands of spams every day, and I'm just one guy with two email addresses and a handful of aliases.
So, it would come as no surprise to me that spam volume is that high, I just never see it. I almost want to turn off my filter for a day just to see what would happen.
Well, maybe not.
Read: Rabbit Rue - Free serial nove
Spammers then incorporate. You can have 1-person corporations.
Just like the "War on Drugs" !
Get up!
-Lok
Despite all the recent hoopla about Russian criminal gangs the article makes it clear that the US leads the world in zombied boxes.
My point is not that Americans are evil, but rather than we need to look a lot closer to home in tackling these problems rather than looking for some grand criminal conspiracy to crack.
The conspiracy may exist but if local ISPs simply refused to route packets from zombied boxes then their owners would soon work out they had to do something.
try to use cellpoint product to secure mail gateway to protect email. it has capability to filter out email threats unmatcheds by traditional firewalls.also provides a complete secure mail reporting and management. it is a 7 A's of secure email protection which is anti-spam, anti-virus, anti-spyware,anti-phishing,anti-relay,anti-DoS, and anti-hacking.
I think there's more to the spam problem then the usual people we blame for it.
I have a personal email address on my own domain that used to NEVER get spam. I moved into my own apartment a month ago and I signed up a new phone number with Bell Canada and a new account with my local city utility company. I gave that email address to both without thinking- usually I give one of my alternates. Well, now that address is getting tons of spam of the worst kind.
So, either Bell or my local utility sold my address. Two companies that are supposed to be reputable and trustworthy. They both have privacy policies that say they don't sell or share your personal info. Apparently that's bull.
Oh wait, the other option is that I was sent an evite from evite.com to that address. The spam might be coming from them. Gee, you can't even trust your friends not to give out your address.
I'm not impressed. In fact I'm pissed. If I can't avoid spam by being selective about who I give my address to, then I'm not sure there's anyway to avoid it. If I wasn't a web developer, I think I'd give up email permanently. As it is I have about 10-15 addresses for various things, yuk.
I keep seeing statements, including one in the PDF report from TFA, that Win+IE users can get their machines infected with malware just by visiting a web site, without even clicking their mouse on anything in the site. However, these statements always seem to come from people who make money in the security business, and they never seem to say anything about what the actual IE vulnerabilities are. I'm very skeptical, although I haven't run Windows in a decade, so maybe I'm just naive. Can any slashdotters with expertise in Win+IE security explain more about this? Does this only apply to IE6, not IE7? Versions earlier than Vista? Does it apply to a default install of Windows, or only to misconfigured systems? When a home user buys a machine with Windows these days, doesn't it basically come configured so that security updates are offered automatically, and all the user has to do is click OK? Are these vulnerabilities in ActiveX? Are they buffer overflows? Flaws in the basic Windows security model? In any case, the whole thing seems faintly ridiculous to me -- if IE+Win security is really this bad, you'd have to be an idiot not to switch to Firefox, and yet many security companies are proposing that users do expensive and/or time-consuming things to work around vulnerabilities in Win+IE.
Find free books.
When I signed up for a DSL account with SBC/ATT, I asked for static addresses and and got my delegation request for tiny
May contain traces of nut.
Made from the freshest electrons.
> anyone know of any major ones that still don't block port 25?
Comcast, Cox, Cablevision, a good chunk of Roadrunner (they're spotty about it), any European ISP owned by Orange telecom, any IP in China, most of Korea...
Done with slashdot, done with nerds, getting a life.
*sigh* I try to do this. But there's only so many email addresses I can keep track of.
My account on my own domain doesn't get much spam, that is because the username is fairly unusual. HOWEVER the amount of spam the server gets is rather larger. It is offcourse rejected as it silently drops email for a non-existing account. Now it all depends on how well known your domain is, I had obscure ones that barely got touched and popular ones were I needed a seperate machine to just deal with it all. I don't even bother reading the admin email, you should as this is the official way to get in touch with you, but geez gods, who has the time to read all that crap. (Filter it an a real complaint might get dumped because a complaint about YOUR server spamming often includes the spam, triggering the filter)
You can imagine that if you operate a mailserver for a large group of people, who all go around putting their emailadress all over the place, that the amount of spam is far far greater.
I don't find these figures at all suprising, I happen to know several people who still work for ISP's and I have been hearing this for a long time. Oh it might be 90% or it might be 99%, it is a HUGE amount and out of control.
Don't think to lightly of it either, YOUR isp bill has to pay for techies with no other job then to keep email going (without spam even national ISP's could do this with a partimer), pay for ever more powerfull hardware to handle it all, pay for then bandwidth etc etc.
It is easy for you to say that YOU don't get much spam on YOUR account, but we are talking here about figures reported by systerm administrators for large networks.
To give you a basic idea how bad it is, couple of years ago I decided to monitor the traffic from our mailservers at a large company. Like most offices we close at night, so you would expect a downfall in the amount of traffic right? WRONG. No way was that legit email, we were a local office with no real business emailing to the rest of the world. So how come the mailserver didn't show a massive drop in traffic and load at night? Spam.
So who gets 95% spam? The poor smuck running your mailserver.
Is it really that figure? Oh that depends on so much, how well is your domain known, how widely are your email accounts spread etc etc, lets just say that we have for a long had to deal with the fact that the fast majority of emails are spam.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Are you stating that filtering spam is ineffective, like the "war on drugs", or are you stating that removing the economic incentive would be ineffective like the "war on drugs"?
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Some ISPs are doing a little - mostly with inbound. Occasionally with outbound. What kills me are the ISPs that reject inbound mail from dynamic IP space but don't block direct outbound (port 25) mail from dynamic IP space. Hello!?! Can I beat you over the head with a clue-by-four?
Looking at my corporate mail servers, it's obvious that many of the major ISPs are not filtering. In the US, Comcast is one of the WORST offenders, but Verizon, Road Runner, and others are pretty damn bad too. It's a world-wide problem.
But it's not just mail - it's botnets in general that need to be discovered / blocked / nuked. If someone is port scanning large portions of your network, firewall them. If it's from inside your net, suspend their access.
ISP's transmit data, I really don't want them to be starting to be clever. What next, RIAA requests that people are limited to X posts to usenet so they can't post large binaeries? Limit P2P traffic? Sniff traffic in general for undesired elements?
In a way, my PC becoming a spam zombie is part of the price of freedom. Do you really want the internet to be regulated?
Oh sure, you can start light, but in the end sooner or later someone will abuse it and push for ever more stringent restriction, all in the name of the common good.
For instance, limit each IP to no more then say 6 outbound connections, that should be enough, you can request more, and they will know you are a dirty P2Per who needs to be reported.
No my friend, let ISP's remain in their role as dumb data carriers, we got to fight spam another way then by given up freedom.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
The first day on my new job with a brand new email, it got barraged with spam. Instantly. The company has spam filtering and when I checked the spam folder they dated back to my start date. So somehow the spammers had access to the company directory. I configured Outlook to turn off the preview pane because that is how embedded executables run when you open an email.
My personal email account gets zero spam. ZERO. The personal address is given only to friends and family, never to a website or business. I have auxilary accounts that are reserved for those websites that insist on an email to join, or when I place an order over the net with a business. Sort of a layer between potential spam and me. None of my friends/family have those account addresses so I check them far less often, and on the rare occasion there is an email that requires my attention, I forward it to my personal account.
That has been very effective in keeping spam out of my inbox. My webmail is also effective in that it is text based and I never see HTML or embedded images, a popular tactic with spammers. It also can't autorun embedded viruses.
I can confirm that Yahoo! is the worse offender. I have a special account that only Yahoo! has. Their TOS claims they will not spam my account or sell the email address to 3rd parties. Either they are lying or someone has access to their email address database because that account has been barraged with spam and only Yahoo! has that address.
Eternity: will that be smoking, or non-smoking? I Corinthians 6:9-10
In fact, a simple regular expression matching "der" or "mit" would be a better test for legitimate mail than Thunderbird's crappy heuristics.
On se Internetz nobody noes your German.
I don't think anything's going to curb the problem, short of a full-scale military invasion of russia and china.
Hey, now there's an idea... if we start labelling spammers as terr'ists something might get done about it.
From what I understand, what an ISP blocks can vary widely from location to location, but soon after Time Warner took over for Comcast in the Cleveland Area, I was able to send out over Port 25 because I was playing around with sendmail. I can't tell you if that's still so as I haven't screwed around with my own mail server since, though they still don't block port 80.
"Our opponent is an alien starship packed with atomic bombs. We have a protractor."
(Again...)
The company's URL goes on the business card. At that URL are the aforementioned forms where one may contact "sales", "info", "whoever", and perhaps even initiate one's placement on the company's white list.
Are you stating that filtering spam is ineffective, like the "war on drugs" - Yes.
Get up!
EXACTLY. Very unreliable, not due to spam but to spam filtering. Frankly I prefer reliability with 90% spam to what we've got now. At least I'd get to choose my own filtering and have noone to blame but myself for choosing it, if it's lousy. But then, I'm not an ISP who cares more about his bandwidth costs than he does his customer's email reliability...
A good point, but it doesn't really invalidate the idea of whitelisting personal e-mail addresses. As someone mentioned above, spam is an economic problem. If the only e-mail addresses that weren't using whitelisting were business e-mail addresses (a small fraction of the total e-mail addresses out there) then it would no longer be profitable to send spam.
Good point-- how about setting up a "waiting period" for getting a domain name?
In other news, grass is green and the sky is blue.
Spam Probably Ain't an acronyM.
You see? You see? Your stupid minds! Stupid! Stupid!
Nobody pointed out "problems" with my statements. One claimed that ISPs (at least one he works for) are ALREADY doing filtering, but anyone with good reading comprehension knows that I didn't say that NONE of them do. Also, Did I limit my post to only talk about ISPs in the US? No, I didn't. Everyone is already aware that it is a world-wide problem.
It depends. Some brain-dead ISPs (PacBell / SBC) use a reverse DNS naming scheme that does not differentiate static versus dynamic. Worse, they use the same address blocks for both dynamic and static. All I can suggest is that you don't use a brain-dead ISP - especially if you want to run a mail server. In most of SBC land, there are DOZENS of good alternatives.
I've made it several YEARS with absolutely no spam, following the same procedure as you. And then, late last year, my grandmother submitted my email address to a web site set up to harvest email addresses, under the guise of offering "free stuff" to folks whose email addresses you submitted. The jerks would send multiple emails per day, and finally I looked up contact info for the owner of the domain, and called the guy up at 2am. He was apologetic, and promised to remove my address as we spoke.
For the next 6 months, my private address was clean, but then one spam showed up. Then another. Now I guess I need to just admit that my private address is probably in the wild, and will eventually attract hundreds of spams per day.
For your sake, I hope your friends and family know better than to give your email address out to anyone, or never CC your address, lest it go to someone else whose machine gets pwned and harvested...
If I had it all to do over again, I would assign individual addresses for everyone, including family and close friends.
I think the spammers would happily wait for their domain names to clear and then start using them nefariously.
So if you want my opinion (and I'll give it to you either way) on registration, I think the registrars should be forced to keep true and accurate records of who they sell domains to. There are well-known spammers who are known to use aliases when registering domains, and they seem to know complacent registrars that will let them do that. If the registrars actually required accurate identification for each customer - even if they didn't make it publicly available through WHOIS - they could watch out for repeat offenders. The spammer known as "Leo Kuvayev" , aka "BadCow" , aka "Alex Rodrigez", has registered thousands of domain names through a handful of registrars. If the registrars were obligated to actually watch who they sell to, they could stop this problem at the registrar level and it would largely go away.
But as it is, the registrars are of course getting a cut of the pie - at least in registration costs. So there is no incentive for them to stop selling to the known offenders. If we could make it no longer profitable for the crooked registrars to do this, we could start bringing the machine down.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
SPF for the moment, transitioning to DKIM as quickly as possible.
Unfortunately, the largest sources of the problem (comcast, rr, attbi, etc.) believe they derive income from NOT stopping viruses, worms, and spam, and they aren't held accountable for damage caused by their greed. So their misinformed and incompetent staff are not going to implement any fixes.
If you haven't implemented SPF, and aren't seriously studying DKIM, you should not be a mail service provider. A person shouldn't expect a plumber's apprentice to perform a colonoscopy properly, after all.
But armchair libertarians often forget that laissez-faire capitalism only functions properly when all customers are perfectly informed. Most people never heard of standards-based anti-spoofing technologies and do not understand how preventing spoofing impacts spam management; so they cannot make the informed choices that would allow "the invisible hand of the marketplace" to become an iron fist crushing the incompetent service providers.
I knew somebody would bring up greylisting. :) During the business day[1], I work for a company that produces several widely-used anti-spam appliances and a service-based filter as well. We see about 2,000 networks a week, and get a pretty good feel for spam trends and countermeasure effectiveness. I can say with all honesty that in my experiences, greylisting hurts more than it helps for most organizations.
Basically, greylisting is putting an email transaction on hold to see if the sender will retry. The idea is that if the sender is illigitimate, they won't bother resending. However, spammers have been onto this method for as long as it's existed, much moreso lately. All they have to do is take greylisted hosts and move them to the end of their script for later processing. The second time around, the spam gets through anyway. Even with its meager benefits, most organizations want email to come through as quickly as possible, and greylisting delays email by its very nature. It's also much less effective than existing technology that won't hinder most legitimate mail like DNSBL and/or SPF, spamwords+OCR (for image spam), and blocking on unknown recipients.
To summate, if greylisting makes you happy, then don't let me dissuade you from using it. it does indeed stop some spam. But please don't give the false impression that it's a magic bullet; most of the complaints we receive are from clients who've enabled greylisting and can't figure out why their mail is delayed.
[1] I am also a consultant to another firm who hosts manged email with spam filtering. Due to the complaints above, we have also disabled greylisting there. It was only effective at stopping about 5% of spam reliably, but a delay is put on all mail that isn't otherwise whitelisted. There are plenty of other methods which are both more effective and don't slow down the mailflow or tie up much resources on the MTA.
Working in a DevOps shop is like playing in a band made up entirely of keytarists.
We see a lot of junk hitting our greylist at the gateway, but 95% just ends there.
OpenBSD's spamd is a wonderful greylister, and it offers a few other options which will
make a dent in the reminaing few if you can be bothered to set it up. See my blog at
http://bsdly.blogspot.com/ and links from there for some examples.
-- That grumpy BSD guy - http://bsdly.blogspot.com/
Actually, greylisting seems to be a magic bullet for I, an individual, since all the other methods don't work nearly as well (possibly because I'm using older stabler versions of e.g. spamassassin on Debian). As an added bonus, the only record of the transactions are in the logs-- not in my spam maildir, so grepping for blocked emails is A LOT faster.
I'm sure you have seen reduced spam as a result of greylisting, since many spammers currently won't retry. That said, the heavy-hitters all do. Additionally, the newer versions of automated spam scripts floating around have all improved on their greylist bypassing, as described in my earlier post on this thread. They simply move your MX to the end of their long spam list and hit you again later. So, while greylisting may be fairly effective for you presently, even the lesser spammers and zombie PC are adapting to greylisting. Over time, you'll see that method only continue to degrade in effectiveness. Also, you are adding a delay to each email. So while that is viable for you (I don't mind a delay either), for many companies it's not even an option.
Working in a DevOps shop is like playing in a band made up entirely of keytarists.
I predict the spam percentage will keep growing as long as no ISP is willing to spend the resources it takes to stop it. Companies, who think they can make money from fighting spam are never going to help. Rather it is companies that provide other services (such as email), who have to start understanding their obligation to spend some of their income on fighting the abuse that could be done through their service.
First of all when you sign up for a connection, the contract should state, that you are not allowed to send spam, and you are liable for the cost to track you down, if you do. It could be done by paying some reasonable deposit when signing up. And when ISPs make peering agreements, responsibility to track down the origin of spam has to be part of the agreement. If ISPs were willing to operate this way, it would just require one recipient of a spam message to contact his own ISP about it, and the source of that mail would be tracked down and disconnected from the net. (Same solution could be used for flooding and IP spoofing, which are also things that can only be stopped at the source).
It just ain't gonna happen. Because end users don't understand how it works. And as long as end users don't understand, they are going to choose the cheapest provider, which is the one who does not spend resources on fighting spam. Oh, maybe they have a socalled spam filter, which based on some heuristics throws away some of the messages to their own customers, and the customers will be happy (and blame the sender of messages, when the filter discards legitimate messages).
I feel we are now at the point, where the problems caused by spam filters blocking legitimate email are growing faster than the spam itself. And we will have to witness a total meltdown of the email system, before anybody will grab the problems by the root and solve it.
Do you care about the security of your wireless mouse?
Anything that is important may go by the snail mail, the email may work if it's signed.
It's just too bad that even big outfits has fallen to spam relaying even today. Checked the mail log and it contained an entry from mail5.warnerbros.com.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
!#@%*)anks for hanging up the phone, dear.
Ah, yes, Mr. Guiliani, it looks like you forgot to take your tourette's meds today. Oh well, I'll answer your comment anyways.
The point I was making is that many of the spamvertised domains are registered to prolific spammers. We don't need to worry about the intent of new people registering domains nearly as much as we should pay attention to repeat customers. If the crooked registrars like pacnames.com and bizcn.com would actually track their customers they would find that they are repeatedly selling domains to criminals. And if they were held liable for this, they may even consider not doing it. But if instead they just take money and turn to look the other way, then the spammers will always have safe harbors to turn to, to keep their enterprises running.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
(again)
so the fact that I'm bob.smith@software.corp goes where? or does the poor bastard webmaster have to guess what email is for who? and the customer has to guess what email format we use?
DRM-free indie games for the PC and Mac: Positech Games
- Spammer sends a spam.
- Spam gets delayed by 5 minutes.
- Lazy Spammer neglects to resend. EOM.
- Spammer gets put into a DNSBL sometime during the day.
- Creative Spammer resends several hours later.
- Rejected as bad host, due to DNSBL.
Also, postgrey, like most greylist plugins, will automatically whitelist an IP that has had several successful deliveries over the course of a few days. It regularly purges this list every 30 days, so if a spammer accidentally gets whitelisted, that doesn't last long. And like I said, DNSBL is checked *before* the greylist is invoked. So, 95+% of spam sent to me every day, never makes it past my SMTP server. And if I bothered to bolt a bayesian filter on top, I'd probably get a handful of spam per year, but I can handle deleting the half dozen that make it through every week. It may not work for everyone, but Email Purgatory seems damn good to me.Read: Rabbit Rue - Free serial nove
If you want to stop spam, you have to remove the economic incentive. To do that, you need to cut off the co-conspirators You're right, but for the wrong (IMO) reason. Spam has economic incentive because all the costs of email are borne by the recipient. Botnets have made it even cheaper. You must remove that if you want to really fix the problem.
If you do not remove the economic incentive, nothing will work because it will just be an arms race and the "good guys" will necessarily always be on the defensive side.
I'd like to see a solution a bit more involved than simple whitelisting. This may fall into that famous "Why your idea to stop spam can't work" rubric, but I'll suggest it anyway.
I'd like a system where all incoming email was accompanied by some chain of validation. For instance you may have a root set of friends' addresses from which you accept, and each of them would have an identifying/authenticating code. Then you may decide to allow your friends' friends, in which case those emails would have two codes, and so on, up to a certain number. Subscribing to any online entity that requires an email address would also require another unique code in order for their mail to not bounce. The idea is that in order for any mail to arrive at your box, it has to have some connection to an entity you already trust to not spam you. If it turns out that you do receive spam, you simply look at the offending mail's chain of codes and determine which one was too broad in its decision to grant further people right-of-way to your inbox.
This would make establishing new relations out-of-the-blue more difficult, as does normal whitelisting, but is more flexible. It would also provide an easy way to categorize messages. So, I could post my email to a project's wiki, along with a code, and revoke that code if spam gets through using it. It would also make it impossible for companies to sell/share your email with their associates without you knowing who was responsible.
If this type of thing became widespread, then as you said, the only people without such filters and who are thus susceptible to spam, would be people who require unrestricted communication via email and hopefully know enough not to support the business model.
Evidently, the key to understanding recursion is to begin by understanding recursion. The rest is easy.
The vast majority of the spam I see going through our servers at work comes from dynamic address space. There are LOTS of unpatched boxes connected to broadband service just waiting to be taken over (and over and over...) by bot-masters. It seems to me that the bulk of the problem could be solved if ISPs would simply apply egress filters for port 25 to traffic from their dynamic address space(s).
its gettin to be a mighty high signal to noise ratio,
but people will still keep using email, because...
The will is not set upon a surplus of pleasure, but upon
the amount of pleasure that remains after getting over the pain.
This is the essence of all genuine will... It reaches its goal
though the path be full of thorns. It lies in human nature to
pursue it so long as the displeasure connected with it
does not extinguish the desire altogether.
The question is not whether the pleasure to be gained is greater
than the pain, but whether the desire for the goal is greater
than the hindering effect of the pain involved... for the will
is not set upon a surplus of pleasure, but upon the amount of
pleasure that remains after getting over the pain.
This still appears as a goal worth striving for.
(R. Steiner, Philosphy of Freedom)
I agree that DKIM can help (http://dkim.org/) BUT it's not going to solve all the problems. the point is that dkim is specially useful to authenticate the sender. I see two problems with this, 1) Many spammers aren't afraid of being authenticated. actually operating from some remote country it doesn't bother them to be identified. 2) The problem of zombies, spam today is principally generated from botnets and so on. This means that the spam could be sent from very legitimate addresses. I believe some simple solution would be to make people pay per email they send. This is mainly the reason we don't receive tons of junk at our door everyday. Spammers can't afford to send millions of emails a day if they have to pay for it and the zombie PC owners would spend more money to protect their systems if they have 100$ bills to pay every month. I know that this is completely different from the current approach of free email but I believe over time this is the best solution to change the economics of spam. I see it as a lost of innocence of Internet :-)
In my experience, the best email filter is Cloudmark.com, for Outlook or Outlook Express. It doesn't use a challenge message (which I've found few people respond to, so I end up having to carefully review the trash heap). Cloudmark is a community-policing approach. If a spam message slips through into my inbox in Outlook Express, I simply click on a "spam" link in the tool bar (installed by Cloudmark), and the message is moved to the "Spam" folder where Cloudmark has automatically placed other items considered "spam" by others in the community. Such a designation is tagged on the sender's messages, automatically sending their messages to the "spam" folder on the other user's accounts so they never see it. An individual participant's credibility rating is weighed in whether or not a message is actually flagged as spam for the other members of the community. They have a 15-day free trial. In the first month I used it, only four legitimate messages made it into the "spam" folder, where I then clicked on the "unblock" button in the tool bar, to send it to the inbox. That is far less than any of the other filter services I've used. I've not had anything legitimate land there for a week. And what's nice about it is that they are all in one folder (the "spam" folder), and it is easy to visually scan down through them to make sure nothing legitimate is there. I can scan about 1000 spam messages in about a minute. I get around 800 spam/phish/virus messages a day. Of those, probably around 15-20 spam messages make it into my inbox. I only get about one phish message every three to four days in my inbox. One downside of this method is that all of my email (including the volumes of spam/phish/virus email) is being downloaded onto my computer, making my Norton pop up virus interception messages nearly every time Outlook Express cycles to retrieve new mail each hour. With SpamArrest, only the cleared emails were downloaded. Overall, with Cloudmark, I spend much less time tending to the junk mail each day. Cloudmark Desktop is the first and largest spam-fighting community in the world, which contributes to the speed and accuracy in tagging spam/phish/viruses.
Tomorrow's news yesterday -- the bleeding, visionary edge.
No, I didn't read TFA but if they analyzed billions of messages, how do they know which ones are spam? I mean, for sure? And why do I still have a couple of false negatives with my Bogofilter if such a technology exists?
charon
Phone is only reliable if used correctly. People dial wrong numbers and leave a voice mail message for a total stranger, without even listening to the recorded message. This happens on my office number, even though I have a very clear recorded message identifying myself and the company I work for.
Letters get lost, and only become moderately reliable when you use a registered post system. Even then, you're only guaranteeing that the item has arrived at the address. You don't know if it'll be received or read by the intended recipient.
Faxes are subject to plenty of reliability issues. Wrong numbers, or poor print quality.
Email can be reliable so long as you use it correctly. If you require confirmation, ask for it in your mail. If you don't receive a reply within the time specified, email again or use an alternate contact method.
-- Using the preview button since 2005
And *none* of the ADSL addresses are in fact dynamic. Whether you're connected 24/7 or not, you always get the same address.
IMO what's brain-dead is the way the RBLs manage this (and/or the way filters misuse the RBLs).
There's no reason any host on the network should be any different from any other.
May contain traces of nut.
Made from the freshest electrons.
I got several MP3 spams this morning. I listened to one (after sandboxing it just in case it was an MPEG decoder exploit) and it was a female synth voice reading the text of a standard pump-and-dump stock spam.
Most spam is blocked by spam filters like spam assassin and spamd, so it never reaches anyones inbox. Still it is profitable for the spammers because it costs them almost nothing. They just set up 10,000 unpatched Windows boxes on their botnet, and bingo, 15 million V1a6ras a day. All of the cost is borne by the owners of the botnet PCs, their ISPs, and the ISPs of the people who receive the spam. All the spammer has to do is set up a crappy server to handle the few people who respond to the spam that gets through, and ??? profit!
What is the one thing all spam has? A URL to their server, of course. Otherwise, how would you be able to buy anything from them? What if the spam filters scanned the filtered spam for the URLs, and automatically sent opt-out requests to them, one for each filtered spam? Slashdotted by their own botnets!
"Be grateful for what you have. You may never know when you may lose it."
Wow! 95%?! impressive..somebody must do something. i really hate spam. i always get stupid & useless spam in my inbox..X(
If you can control the ruleset of your spam content filtering system, then implementing ham passwords is easy: just add a rule for the ham passwords, and maybe another rule for the reply indicator.
But if you can't manipulate your spam content filtering system, you can still implement ham passwords. Most mail systems have a simple rule system that can let you search subjects (and bodies) for specific phrases, and then if those phrases are included, directly move that message immediately into the Inbox or some other folder. That's all you need to implement ham passwords. People already use these mechanisms so that, for example, they can automatically get messages that mention a topic they're keenly interested in, or presort their messages into different folders, or trash certain spam, so the necessary mechanism is already widely implemented and understood by many. Many systems (like Runbox) even let you prioritize these rules, so it's easy to make searching for the ham passwords a high-priority rule that supercedes many other rules. Here are a few examples:
95% of spam huh? quite bad rite..this link contains information how can you reduce amount of spam in ur inbox=) http://www.lib.lsu.edu/systems/software/spam_info.html =))