Slashdot Mirror
Spam Hits 95% of All Email
An anonymous reader writes "Commtouch released its Email Threats Trend Report based on the automated analysis of billions of email messages weekly. The report examines the appearance of new kinds of attachment spamsuch as PDF spam and Excel spam together with the decline of image spam, as well as the growing threat of innocent appearing spam containing links to malicious web sites. Image spam declined to a level of less than 5% of all spam, down from 30% in the first quarter of 2007; also, image pump-and-dump spam has all but disappeared, with pornographic images taking its place."
The link referenced in the posting goes to a summary page that is a little light on details. At the bottom of that page is a link to the PDF-formatted report. There's a lot more information there, including some screenshots of example SPAM and malware sites, trends in attack vectors, zombie systems, etc.. Interesting stuff.
Huh? Where? Man, all I ever get are stupid Viagra spam and "O3M S0FTWARE!" (and variants thereupon).
Humpfh. Everyone gets pr0n spam but me.
Dan Aris
Fun. Free. Online. RPG. BattleMaster.
Thank God for Gmail and its excellent spam filtering! I don't think I've had any spam hit my inbox in 2 years. :-)
The game.
While I'm not denying spam etc. is an annoyance and does cause a lot of people some problems, do we really want to accept at face value some words from an organisation that could well have a vested interest in making the problem appear more threatening than it really is?
Personally I'd prefer to teach people how to avoid spam/virus infection - in the same way we teach people how to avoid clinical infection, than to go around wailing about how bad the problem is.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
I highly doubt that, "All Email"?
Did they track private networks? Encrypted Email?
All I ever get is spam.
Most of the subjects are as follows:(filtered for privacy)
Courses next term
[Course name here] Grades
IMPORTANT: Calculus Final Exam Time
Hello from [Relative name here]
[Subscribe newsletter here]
Funny pictures
Why wont it stop?
I work at an ISP and we do SPAM detection and elimination at our border routers. We scan both incoming and outgoing email, and will auto blacklist our own internal IPs if we detect SPAM.
The highest two-week percentage of rejected incoming email that I've seen broke 97% a few months ago. It's normally between 90% and 95%.
It's loads of fun dealing with this crap.
Comment removed based on user account deletion
Wasn't "95% of email is spam" reported by the BBC back in 2006?
And Security Focus has a great article that shows how all of these numbers are totally made up.
If the financial incentive is removed the problem should go away. The spammer is not the root cause, the entity hiring the spammer and benefiting from the people responding to the advertisement appears to be the root cause and is easier to identify.
The entity initiating the process is identifiable ( the contact information must be accurate in order to effect the sale ) unlike the spammer that can utilize many techniques to avoid identification.
Checking my mail stats, since 4 am this morning, I've received 51985 emails, 51909 of which were filtered as spam. That's 99%. Checking the bandwidth monitor, the spam has consumed a steady 100Kbit/s since 4 am, despite being mostly blocked in SMTP envelope via SPF and reputation (SPF blocks forgeries, reputation blocks spammers with the balls to use their own domain).
Is this any different then the stats of the dead tree style of spam that appears in my mailbox every day?
And we have seen the huge (cough) progress made in removing that snail mail spam from the system.
Honestly, there seems to have been more progress in weeding out the digital spam then the paper sort.
Even vague sort of laws and protections and such.
and what goes on the business card, the press release and other similar locations? or you think you can run a business that has no email address and ignores emails sent blindly to sales@ info@ and webmaster@ not to mention support@ ?
DRM-free indie games for the PC and Mac: Positech Games
Since most slashdotters are libertarians for some reason (and I could argue even I am to some degree) my question is: where's the technological efficient solution to this.
:P ), but that's where it ends.
We've seen some "free market" solutions which basically required that you pay a fee to every mail provider so they don't trash your email. And this didn't particularly help spam either.
I come to the conclusion that spam as an issue is one of two things, or both of those things:
1) Not that big of a problem (hard to believe if you are a mail provider / ISP yourself)
2) Impossible to solve by means of free market solutions, and requires cooperation and standardization of new technology.
Point 2 is hard to happen since every little startup that comes with a mini solution, trumpet it on their own and hence they are only a nuissance to deal with in the big picture (due to lack of a single standard, it's impossible to have clients which make the process of whitelisting easier and even half automatic).
Here are couple of solution which would get us half-there, but are only quarter-implemented right now:
1) Whitelist SMTP servers by talking back to the supposed mail of origin and comparing IP-s. The SMTP may return list of IP-s this host responds from. This is then cached and used for further authentication on this domain. It *may* lead to DoS if many hosts do a first-time check simultaneously, but it's unlikely (and less problematic, given we're eliminating 95% of bad emails this way).
2) Test-for-human-intelligence in your first email to a new email. Such as, I don't know, some sort of CAPTCHA you fill-in? Once this is done, communication can proceed without further tests between those two emails. The receiver still has the option to block you, lest you employ a mechanical turk.
Those solutions are boring, they're incomplete in a way, they introduce hassle, but if we *all* agree on those, they can be made less of a hassle, and still not lose their efficacy.
That would require the likes of AOL, Hotmail, Gmail and so on free mail providers to cooperate with the likes of Microsoft, Apple, Linux devs and so on, to implement this on both the clients and servers.
Right now, I could see Hotmail cooperating with Microsoft (.. wink, wink..
We can't stop it because we aren't addressing the real problem. Spam is an economic problem. People send out spam because they make money off of it. And they will therefore continue to send out spam as long as they make money off of it.
If you want to stop spam, you have to remove the economic incentive. To do that, you need to cut off the co-conspirators that are allowing the spamvertised domains to be established and hosted. If you can either prevent them from getting a cut off the action, or punish them severely for taking their cut, then you can stop spam.
Until then, if all we do is try to filter spam out, we'll just continue to see the costs of inaction. Beyond that, we're ignoring the fact that filtering has real costs, as well. Filtering doesn't prevent the spam from traversing the internet, and furthermore it requires human time to update as the spammers change their tactics.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
As email asymptotically reachs 100% spam, we will have essentially created a mechanism whose sole goal is to deliver us undesired ads and scams. Talking about spam detectors and blockers and blacklists is irrelevant. Why devote all of this energy to ensure that maybe 5, 10, or 20 people can contact you or your business a day? Or even 20,000, which only highlights the issue that separating spam from valid emails is just bad juju. Simply put, there is no solution to asynchronous communication that is not too tedious or too restrictive. We'd be a lot better off if we blew up all the email servers, and put all of the energy and cost savings into developing encrypted telepathy. You think I'm kidding.
Must be nice not need to hear from customers. Or legit vendors. Or old friends who changed their e-mail addresses. I'm jealous.
I can't even the use apparently moderately effective "blacklist Chinese and Russian IPs" technique. We correspond all over the world.
I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
...before it reaches the level of spam I get in the mailbox in front of my house. I swear, if we want to save the trees, we need to start by arresting the people putting all those unwanted 20-100 page sales catalogs in everyone's mailbox every day.
Comment removed based on user account deletion
As what happened with e-solutions, the Russian mobsters in charge of spam will simply hire better hitmen and eliminate the ones you send, until no one will take the contracts you offer anymore.
Seriously.
:)
I hate to bring up anecdotal evidence, but, while I still get spam, my flood has gone down to a relative trickle simply by plugging postgrey into postfix. I could probably reduce it to zero with a bayesian filter, but I won't bother. Scanning through my logs, my server rejects literally thousands of spams every day, and I'm just one guy with two email addresses and a handful of aliases.
So, it would come as no surprise to me that spam volume is that high, I just never see it. I almost want to turn off my filter for a day just to see what would happen.
Well, maybe not.
Read: Rabbit Rue - Free serial nove
I knew somebody would bring up greylisting. :) During the business day[1], I work for a company that produces several widely-used anti-spam appliances and a service-based filter as well. We see about 2,000 networks a week, and get a pretty good feel for spam trends and countermeasure effectiveness. I can say with all honesty that in my experiences, greylisting hurts more than it helps for most organizations.
Basically, greylisting is putting an email transaction on hold to see if the sender will retry. The idea is that if the sender is illigitimate, they won't bother resending. However, spammers have been onto this method for as long as it's existed, much moreso lately. All they have to do is take greylisted hosts and move them to the end of their script for later processing. The second time around, the spam gets through anyway. Even with its meager benefits, most organizations want email to come through as quickly as possible, and greylisting delays email by its very nature. It's also much less effective than existing technology that won't hinder most legitimate mail like DNSBL and/or SPF, spamwords+OCR (for image spam), and blocking on unknown recipients.
To summate, if greylisting makes you happy, then don't let me dissuade you from using it. it does indeed stop some spam. But please don't give the false impression that it's a magic bullet; most of the complaints we receive are from clients who've enabled greylisting and can't figure out why their mail is delayed.
[1] I am also a consultant to another firm who hosts manged email with spam filtering. Due to the complaints above, we have also disabled greylisting there. It was only effective at stopping about 5% of spam reliably, but a delay is put on all mail that isn't otherwise whitelisted. There are plenty of other methods which are both more effective and don't slow down the mailflow or tie up much resources on the MTA.
Working in a DevOps shop is like playing in a band made up entirely of keytarists.
- Spammer sends a spam.
- Spam gets delayed by 5 minutes.
- Lazy Spammer neglects to resend. EOM.
- Spammer gets put into a DNSBL sometime during the day.
- Creative Spammer resends several hours later.
- Rejected as bad host, due to DNSBL.
Also, postgrey, like most greylist plugins, will automatically whitelist an IP that has had several successful deliveries over the course of a few days. It regularly purges this list every 30 days, so if a spammer accidentally gets whitelisted, that doesn't last long. And like I said, DNSBL is checked *before* the greylist is invoked. So, 95+% of spam sent to me every day, never makes it past my SMTP server. And if I bothered to bolt a bayesian filter on top, I'd probably get a handful of spam per year, but I can handle deleting the half dozen that make it through every week. It may not work for everyone, but Email Purgatory seems damn good to me.Read: Rabbit Rue - Free serial nove
If you want to stop spam, you have to remove the economic incentive. To do that, you need to cut off the co-conspirators You're right, but for the wrong (IMO) reason. Spam has economic incentive because all the costs of email are borne by the recipient. Botnets have made it even cheaper. You must remove that if you want to really fix the problem.
If you do not remove the economic incentive, nothing will work because it will just be an arms race and the "good guys" will necessarily always be on the defensive side.