Slashdot Mirror
Are Spammers Giving Up?
sfjoe writes "Are spammers giving up the game? Google seems to think so. In an article at Wired, Google, '... says that spam attempts, as a percentage of e-mail that's transmitted through its Gmail system, have waned over the last year'. They think their own filters are so good that spammers aren't even trying anymore. 'Other experts disagree with Google, pointing out that overall spam attempts continue to rise. By most estimates, tens of billions of spam messages are sent daily. Yet for most users, the amount of spam arriving in their inboxes has remained relatively flat, thanks to improved filtering.'"
All one has to do is glance at a mail log to see that no, in fact, spammers are not giving up. This one does not require reading tfa.
Technology tips and tricks.
...all that cancer I've wished upon them.
I had 14 'spam' emails in my Gmail 'spam' folder this morning having cleared it last night. Of course, definitions are subjective on what is alot or a little spam..
Gmail completely rocks!
Spam detection has got to be something like 99.999% accurate
I sometimes get the occasional Nigerian scam letters - but thats it
---- "Logoff! That cookie shit makes me nervous!" - A. Soprano
that over the past few months, I've been getting a lot more spam mail through my ISP's filter, *and* through Thunderbird's filter. Those random words sprinkled throughout the message is even getting it past the Bayesian filtering now.
It seems that have it figured out pretty good to me.
Don't steal. The government hates competition.
I have no other experience with hotmail, but my free webmail experience has consisted of Yahoo! and Gmail.
Let me tell you, Yahoo!'s spam rate has not improved. I am not sure if their filter isn't as good, or they are just taking money from the wrong people, but I get at least one spam message make it into my inbox per day, maybe 2-3. Oftentimes, the spamming links back to a geocities.com page. Coincidence? I don't know.
With Gmail, I get one spam message per month (maybe) make it into my inbox. They are so rare, its comforting. And since they are so few and far between, I actually use the 'Report Spam' option, because it looks like get this that their filters are actually updated with my input, and I don't see spam of that same type ever again.
This is different from Yahoo, I report spam all the time and yet the same exact message types make it past the filters into my inbox. I even report phishing there, but that doesnt' seem to help.
Can anyone with internal Yahoo webmail operation shed some light into what they actually do with user input? It would be nice to know that someone, somewhere (or at least a script) is using my button clicking for input.
will she still love you more than any other guy? Or will your short and flaccid member be the shame you bear?
"Flyin' in just a sweet place,
Never been known to fail..."
I seem to get as much regular spam as before. However I now get MySpace and Facebook spam as well. People trolling to be my friend in all sorts of special professional ways.
...but having the mail stay parked with your Gmails, Hotmails, and Yahoo!s helps multiply the effectiveness of the anti-spam efforts.
.zip and a .tar.gz attachment of stuff to work on. .zip and allowed the .tar.gz.
Friend of mine was laughing the other day when a plea to help a Nigerian came through.
Nothing like a holiday note from a dear, old, !friend.
<tangent>
Anybody else have fun with mail servers configured to drop attachments? Forwarded something from Gmail to another organizational account (AOA) with a
AOA's utterly brilliant configuration dropped the
I love the smell of bogus security in the morning: it smells like crapola.
</tangent>
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
Over the last week I've switched some filter rules from logging to not-logging, but I don't think for a moment that means the spammers have stopped trying. If I were to turn logging back on, I'm sure I'd get to watch the tail running on the log grow rapidly with each filter like a bugs hitting the zapper.
I do wish there was an option for egrep -i -f blacklist where instead of returning the line that matched a rule in the blacklist file, it would return the rule in the blacklist file that matched the line. It would make it a lot easier to diagnose problem rules. The closest I can get to that is the -o option.
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
The spammers are still sending the spam. They aren't giving up.
But the filters are getting good enough to filter most of it so the users do not have to see it.
But the spammers are still sending it.
Although I get nervous about what Google is doing with my emails, I have to admit their spam filter works.
I get my fair share of spam in my Gmail account, but I can't remember the last time any of it landed in my inbox. It is all sitting in the spam folder. It also seams like their false positive rate is very low.
If Google claims that spam attempts to gmail have gone down, that does not mean that the overall volume of spam has gone down. It indicates that spammers have stopped targeting gmail accounts, which are involved in only a very small percentage of all e-mail.
Considering gmail clears out my spam folder after roughly 30 days... my folder lingers somewhere around 16,000 for 30 days worth. Granted, I forward several addresses to gmail, but the filter works so well that only 2-5 slip through daily.
It's not so much the viruses as the spam that is the topic of TFA.
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
They won't give up as long as there's a monetary incentive for them to send out spam. As long as they can sell something through spam, they will continue to send it out. We can talk about how wonderful filter ABC is, and compare it endlessly for false positives against filter XYZ. But in the end, its just a matter of time until the spammers defeat both of them, and we're on to filter ABC version 2.
So no, in the end, nothing that most people are doing will do squat to bring about the end of spam. You can filter until you're blue in the face, and spam will still be sent. You can shut down all your mailboxes and open a new gmail address every week, and you'll still get spammed.
Spam is sent because spammers can make money by sending it. Period.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
What a joke. The people switching from XP to non-Windows OSs is such a small number there's no way it could affect spam numbers even a little bit.
Not to mention that spam email usually isn't meant to spread viruses.
Although you might indeed be joking, in which case hehehehe yeah. I also like the "decreases exponentially" bit you added in.
Altogether this is a lot like Dennis Rodman's "chemistry is that class you take in high school or college, where you learn that two plus two is 10 or something." There's so much wrong in it I can't figure out whether it's the highest level of idiocy or genius.
I like basketball!!1!
Spam will quit when Criminals give up crime. It'll never happen. They make money from it.
Good security is based upon reality and common sense. Common sense is a function of having common knowledge.
Admittedly, such legislation would do little to deter spammers outside the US. But it would cut the Viagra/Levitra spammers off at the knees. Plus, it would be immensely satisfying to know that at least a handful of spammers are doing serious time in the clink.
I'm generally "Interesting," "Insightful," and even "Funny" here. What the hell happens to me at parties?
I manage the spam firewall where I work, and I have seen a significant drop this month vs last month. In October we processed 20,000-30,000 emails a day, averaging near 25,000. In the month of November, we have only exceeded 20,000 in a day once, with most days falling short of 15,000. This months average is closer to what it was during the summer, we had seen the increase to around 25,000/day during August/September.
I can state that as the administrator for my company's e-mail server our volume of spam has decreased sense last year at this time. I would venture to say that spam that is being sent is "smarter" and is formated in a way to make it past some if not all filters. Volume is going down but quality is going up. Guess we are making progress on some fronts. G
It's hard to imagine that spam filters have gotten to the point where spamming doesn't make economic sense. After all, the business model is something like
Even adding a couple zeroes to the recipient number (which improved spam filters should be doing) doesn't make much of a dent in the total expenses, if I understand correctly. Lawsuits under the CAN SPAM law, however, could make it too costly to get past step 1. Unfortunately, it seems like the judicial system still needs a little help here.
Filtering may work decently, but it is resource intensive and depending on your email load, you may need a scanning box as big as your regular email server.
Try http://en.wikipedia.org/wiki/Greylisting
or
http://projects.puremagic.com/greylisting/whitepaper.html
Our own office only has about 150 mailboxes but we don't do any filtering at all because of our greylisting as implemented by http://www.openbsd.org/spamd
Even better we can greylist at the perimeter instead of letting all of that pointless traffic onto our own network.
And if you're feeling particularily vindictive start posting trapped email address on your own publicly available webpages. Make them invisible or hidden under other content but still harvestable by bots. And soon enough a significant percentage of email addresses out there will point to tarpits. Making botnet spamming a much slower proposition, and should therefore decrease the total ammount of spam.
Google marks as SPAM email even thought the sender is in my contact list and I have repeatedly marked (hundreds of times) the messages as not spam. My Conclusion is Gmail's filters are crap for this sole reason. They don't even know the problem exists as they have no direct contact with the user and make reporting it too difficult.
If you don't like what I write don't be a CS and mod it down. Refute it.
Yea I can't spell. So what is your point?
With the same id (different domain), on google, yahoo, and hotmail, try to go to different sites and create 3 different ids tied to those. You will find that Hotmail is the worse, yahoo a fairly close second, and google a LONG ways away. In the last 3 months, this generated : hot mail, more than 600 spams; yahoo, more than 500; google less than 20. Try it, you will be surprised.
Do I get less junk mail in my letter box at home these days?
Do I get less call centre calls to my phone during dinner these days?
You get less if there are regulatory or filter restrictions in place. Doesn't reduce the number of people/organizations sending out or calling.
but i has euge c0ck 4 u!!! grow big!!!
While I've seen a decline in multiple e-mail accounts I use, I've noticed an increase in spam posts on a forum I now help run. Of course this could be due to a security hole in phpBB2 that we haven't patched, but with all the mods a previous admin made, it's now a pain in the butt to attempt.
Those who believe the Internet is private,
find their privates are on the Internet.
Spammer 1: We can't get anything past Google's filter.
Spammer 2: Agreed. [sighs]
Spammer 1: I guess we'll have to give up spamming.
Spammer 2: Seems that way.
Spammer 1: Unless...
Spammer 2: You have an idea?
Spammer 1: Why don't we keep spamming everyone else!
Spammer 2: Rapture! You're so smart!
GetOuttaMySpace - The Anti-Social Network
Mod parent +2 Optimistic Lovely sentiment, but that's kind of like saying, "It snowed this weekend because I installed compact flourescent lightbulbs in my house".
But a lot of spam tends to be hosted on Win boxen. If you do the metrics.
-- Tigger warning: This post may contain tiggers! --
I have hardly had any spam on gmail until the last two months (having had the account for over 3 years). It's about 1 a day now, which is nothing compared to other free email programs. However, maybe I'm the exception?
While its true that not much spam is meant to spread viruses, many viruses do send spam. The botnets that are used by the major spammers to propagate spam throughout the world are heavily populated with compromised windows boxes.
So while the conversion rate of windows users to users of non-windows operating systems isn't tremendous, the OP has a point in that compromised windows systems do make the spammers' lives easier. Whether or not this ties in directly to a speculative decrease in spam volume is open to discussion.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
I dunno, spam's not so bad. After all these years on email, my penis is longer, and never flacid because of these cool pills I'm taking, and this Nigerian guy gave me a few million bucks, which I subsequently donated to charity to save that poor little boy, even though all he wanted was teddy bears and flowers. Bill, tell these people that there's no such thing as spam. Come on. Will ya?
Next story, please
REM Old programmers don't die. They just GOSUB without RETURN.
No, it snowed because of atmospheric seeding from Chinese pollution - I live in Seattle.
Besides, LEDs would be a wiser choice and have no mercury ballasts.
Just do the metrics on where the Zombies are. Yes, mostly Chinese Win boxen.
-- Tigger warning: This post may contain tiggers! --
I just want to know why so many people think I have issues with the size of my penis.
But in all seriousness, in the last years spammers have simply moved to slightly weasel-ier territories: pay-to-play online games like World of Warcraft and social communities like Facebook or forums.
On our own college anime club forum of about 40 people we get something like 5-10 bots signing up a day. Thank god we turned on e-mail confirmation...but even THEN spammers now compensate for that (manual labor?).
Its freaking' ridiculous.
The worst part is I'm so against spam I refuse to purchase anything from a banner ad. And I've even seen a few things I'd like to buy.
But they lost a sale. Instead of using mediums such as conventions, magazines or television, they plastered their ads over some torrent site, jeopardizing the moral integrity of that site in the process (which is now making thousands off banner revenue instead of _just_ trying to free the information "that wants to be free").
Ginga no Rekshiya Mata Each page.
Perhaps spammers are focusing on how to get a smaller number of messages through the filters rather that upping the number of messages sent.
Think Deeply.
Given that most users do not even posses a program capable of decoding a .tar.gz (despite its near-ubiquity among IT folks, WinZip (or other programs that can read .tgz's) is by no means a universally installed program)
.tar.gz file in a spam. Is dropping zip files only foolproof? no, but that doesn't mean that it is a bad idea.
I have gotten craploads of spam/attempted malware that contains zip files, but nobody has ever attempted to send me a
SirWired
It's all about the zombies, of course. There really aren't that many different spammers left. Look at how little diversity there is in incoming spam. That's why GMail works so well. If you filter a large number of mailboxes in a coordinated way, the basic characteristic of spam, many messages sent from one source, just pops out at you.
The only reason we still have a spam problem is zombies running on Microsoft Windows desktop machines. These are sources for the last few incoming spams:
Those just have to be botnets.
So, as usual, it's all Microsoft's fault, shipping an OS that encourages users to download executables that operate with the user's full privileges.
In Gmail, the problem is false positives: when Gmail labels a message as junk, it moves *the whole thread* to the junk folder. So if you have a thread with 20 messages, and the 21st is incorrectly classified as spam, poof, also all the other previous 20, that you had confidently filed away, silently go into the spam folder, where they are silently deleted after 30 days. This is a consequence of how Gmail deals with threads, or "conversations". I reported this bug to the Gmail team long ago, but they haven't fixed it yet as far as I know.
So if you want someone using Gmail to delete an email exchange they had with you, send them an additional message in the same thread offering to sell them Viagra. They will never see the message, but the whole thread will be deleted in one month. Disclaimer: I have not tried this (but I have lost email due to the above problem, and I know I did, as I keep a separate backup of my mail via pop, where the missing messages were still present).
Actually, some of the filters, like those used by the UW with WebPine, are starting to treat overly-linked emails from the UW Bookstore and computer magazines as spam.
...
The treatment of the UW-owned UW Bookstore emails as spam by the UW's WebPine is deliciously ironic, of course
-- Tigger warning: This post may contain tiggers! --
Some spammers are giving up. Mainly because they realize that running botnets is a better way of making money.
Technoli
I run a mail system for a small, but highly publicized group of emails. For the last few years, spam has been pretty steady: ~25k spam emails daily, maybe 50 quarantines, and about 1000 valid messages.
The only reason we still have a spam problem is zombies running on Microsoft Windows desktop machines. These are sources for the last few incoming spams:
I tried to say the same thing, but the MSFT is God police downmodded me for that.
But, you're correct.
For want of a secure OS the email was lost.
-- Tigger warning: This post may contain tiggers! --
In 2006 I set up a gmail account so that I could forward mail from my (personal) mail server for web access while I was on travel in Europe. In the end, I never really used it, and the account has lain dormant. In fact, the last legitimate email it received was a temperature alert from my RAID box months ago (because of an air conditioning failure). Yet, there are hundreds (or more) spam messages flooding the account.
Since the user name is not obvious and has never been disclosed, it is hard to understand how this account could be receiving *any* spam. If spammers dictionary attacks were smart enough to include that user name (not the one I normally use), I would be seeing it in spam at my other email accounts, and I am not. Since I didn't disclose it, I see no other possibility than Google (or one of Google's employees) disclosed it.
I have a Gmail account that has been given out to only three people. I use it only to send work documents back and forth to those three people. It has never been used for any kind of account sign up or such. I get tens if not hundreds of pieces of spam per week to it (Google has always correctly identified the spam as such though). The account name is unique enough that they are unlikely to be dictionary attacks.
I get no spam!
Spammers, please take note that I actually have a large penis. Your assistance and concern, while appreciated, is simply not required.
I suppose someone must be responding to them, but for the life of me, I can't imagine who. They're just an annoying part of working online that I've come to accept unfortunately. I'm still waiting for a law similar to the National Do Not Call List [https://www.donotcall.gov/] that will provide some relief to my inbox. Of course, you've got to deal with the international aspect of spam, but considering that ISP's can control what comes in, that shouldn't be an insurmountable problem.
A lot of corporate filters drop .zip files specifically due to a rash of Windows .zip file exploits that went on a couple years ago. .tar.gz was never affected, and so are not dropped.
My personal experience backs this up. The amount of spam my hosted personal account gets is about half what it was 6 months ago. I was wondering the same thing myself.
On yahoo's dime I collect thousands of spam messages a week. I log in once every 59 days to make sure that yahoo can keep the privilege of being trusted to handle all my garbage. I wish instead of an [empty] button, there was a [forward to Eric Estrada] link.
I want some of what those boys are smoking.
Lacking <sarcasm> tags,
Gmail really needs a way to filter within the junk mail.
It does a good job of sending spam there, but every once in awhile, I do get a legit email in there, so essentially, I still have to scan through my junk mail.
This could be fairly easily improved, because I keep getting the same (or VERY similar) spam messages there, like containing the word 'penis' or whatever. If only I could apply the regular filters to the spam folder and just send certain ones to the trash, it would go a long way.
Why haven't they implemented this??? Doesn't anyone else have this problem?
all kinds of providers to see what gets through. Only a matter of time that some spammers will deliberately *not* send certain flavors of spam to certain providers that blocked them in testing.
Once major blow to spammers would be for google to sell their anti-spam service to other providers. Of course gmailers would be pissed at google making $$$ from their clicks.
Well yes, they can easily both be true.
If, for example, spammers are learning that sending spam to @gmail addresses is a pointless exercise in futility. So they further concentrate their efforts on non-gmail addresses.
Google sees a significant drop of spam arriving at gmail (though via accounts which POP3 mail from external addresses, there'll always be some spam).
Everyone else (not Google) sees their inbound spam increasing/strong.
Visit CryptoGnome in his home.
For months I've not been manually deleting mail in my GMail spam mailbox. GMail automatically deletes spam messages older than 30 days. Now I can look at the 'unread messages' count on that mailbox to see how many spams have been caught in the last 30 days. At one point it was up over 6,000 but I noticed that it has been dropping. It's currently down by more than half to 2,881. Of course I don't know the exact cause of the reduction but I would not be surprised if spammers were avoiding GMail accounts.
Let's even imagine that spam filters were 99.99% accurate, what would be the benefit of not spamming anymore? It costs them nothing, so if they send out millions of spams per day and only get a few bites, they're still making a profit.
There's no incentive to stop spamming unless it becomes arduous to do so. Nether technology nor litigation are close enough to make that happen.
Not on our mail servers. It's on the rise.
White list FTW!
42 69 6C 6C 20 47 61 74 65 73 20 69 73 20 61 20 77 68 6F 72 65 21
Surely at some point (probably later, rather than sooner) the number of users who aren't duped by spam will be such that spammers will have no market. The only reason that spammers continue to send spam is that there are gullible fools clicking the links and maintaining the demand for spam. Once the user base is educated enough (ie. no more users who haven't grown up with computers who say things like "But they've address the email to me. It must be important..."), there'll be no market. Or am I living in La La Land?
I would say 9-12 months ago, my quarantined email mailbox contained about 160 SPAM emails per day. Now I would say I only have to look at 20. That's a decrease of 87.5% from last year. I can't say for sure whether my ISP does any sort of pre-filtering to eliminate more before it hits my box, but otherwise, I would say, yes, the spammers might be giving up and moving on to other avenues (spamvenues).
How much extra bandwidth would the internet have, if there was no spam bouncing around. I say we shut off port 25 on every router for just 6 hours and watch the bit torrents just scream :).
Have a moment of email silence.
This may very well be true, but the source is a different topic than the sink.
If it's about the Winboxen, then the story is more about old 'Doze versions collapsing under their sheer craptacularity, or that the network headz are gaining ground against the botnets (maybe).
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
Since I moved to Gmail, I get about one piece of spam a week, and have had one false positive that I've noticed. It's so good I've started piping my user's email through it - redirect from my server, then get Gmail to redirect back to a spamfree account that the customer picks up. This was after months of trying spam assassin, bayesian filters and greylisting, and Gmail did better than all of them.
I know, I'm a fanboy, but it's because they do a good job. How have others found the efficacy of Gmail's spam filtering?
Do as you would be done to.
I have 2 domain catchalls which go to me, along with 4 other accounts which all get forwarded to my gmail. I just let gmail auto delete my spam automatically.
Last year my spam box had an average of 3500 spam items, and this year it averaged about 5000 per month, until September and October when it peaked at over 7000. Suddenly this month, my spam folder cleared out! All month, it has averaged about 1700 instead!
I don't know if this is just temporary, or perhaps gmail is keeping the worst even out of the spam boxes now.
My inbox has remained consistent though, about 3 or 4 a day make it past the filter.
Most people nowadays see the benefit to having multiple email addresses. Gogggle perhaps has seen a decline in spam because it is being sent to different email clients. My spam, for example, goes to Yahoo.
the weekend has started and the spammers are on holiday till monday, by when the spam levels go back up to thursday's levels.
thank you for nazi spell-checking my one-liner!
_ In Egypt Networks: Network Solutions with a Twist
Or are the spam filters getting more and more aggressive!!!
... while talking to mail-b.*****.gov.uk.:
i seem to be getting more and more Undeliverable returns.... Due to these things...
here is one from today!!!
----- Transcript of session follows -----
DATA
550 5.7.1 This system has been configured to reject your mail. An IP address (212.183.132.77) found in the message's 'Received:' headers is listed by the lookup site 'sbl-xbl.spamhaus.org.'.
554 5.0.0 Service unavailable
Reporting-MTA: dns; smtpoutm.mac.com
Received-From-MTA: DNS; asmtp005-s
Arrival-Date: Thu, 29 Nov 2007 05:56:57 -0800 (PST)
Its rubbish that they filter by IP.... they can be dynamic and block legitimate messages!!!
P.
I've not once given out my gmail account, used it for a vendor/newsletter/forum registration, nor posted it online (web or forums), etc... yet, somehow, that account received volumes of spam everyday. So much in fact, that I have hardly logged onto the account since it's creation (during beta invites, 2-3 years ago if I recall). And, no... the account name is not common words/name/etc.
Nice try google... please keep on trying.
According to the Official Google Blog, there has been little decrease in spam, except for the amount in users' inboxes.
Right. And the hope is that once we make it sufficiently expensive to get a significant amount of spam delivered, it'll no longer be financially worthwhile. I think we're probably approaching that point. I wrote a spam-filtering recipe and now see maybe 1% of all the crap thrown at it. That means it's now 100 times more costly per delivered message than it used to be. We all know that spammers pay for only a fraction of the highjacked resources they use, but even then they still have to pay something. Well, that something costs a lot more than it did 5 years ago.
Dewey, what part of this looks like authorities should be involved?
Actually, the grandparent almost has a point. People are not so much switching from Windows as switching from Outlook Express and ISP-provided email to webmail. Most webmail providers have fairly aggressive virus scanning making email much less of a vector for generating new spam zombies.
I am TheRaven on Soylent News
I occasionally glance at the unread count in Gmail's "Spam" box. Items are automatically deleted after 30 days, which means that it operates as a kind of rolling average of spam items per month. Normally mine rides somewhere between 1000 and 1500, but lately it's fallen to just over 500. Something has definitely changed.
That's odd. I have a Gmail account, and once in a great while, I'll get a good message tagged as Spam in the Spam folder that's part of an ongoing thread. But I've never had the whole thread move into the spam folder. I press the "not spam" button and the message is moved back into the thread where it came from.
Maybe I've been lucky.
Peace; - PunkTiger!
What you say makes actual sense. But it's in no way related to people's unwillingness to adopt Vista. That was just a troll on the OP's part.
I like basketball!!1!
What TFA fails to realize is that spam comes in many more forms than simply emails. My local lan group runs a PHPBB forum, which kept getting rather mysterious "people" registering with advertising in their "web site" profile field. Granted, we've ramped up our security, but from time to time bots still register. Likewise, if you look at many youtube videos nowadays, tons of comments are just obvious spam and other automated messages. Not as directly targeted as email per se, but still spam nonetheless. Spam isn't dead, the spammers have simply realized that there is a whole demographic of people (generally in their teens to early 20's), who use less email and more social networking style (or dare I say "Web 2.0") services like Myspace, Facebook, Youtube, Gaia, etc.
I've been graphing the filtered mail on my server ever since I kicked in grey-listing over a year ago (see my spam graphs) and there is a very clear rise in what spamassassin was catching over the last couple months, and then last week it just dropped off massively. Ironically it was the day after my family (who I serve mail for) was just complaining about how they were getting so much more every day that even spamassassin wasn't catching.
I did set them up with a box to drop in spams that would be nightly fed into sa-learn to help with future scans, but there's no way that would've kicked in such a change in one run, not to mention it updates per-user bayes files, not system-wide ones.
My first thought was, "hey, spammers take vacation too," but it has stayed down this week as well. So far anyway.
- My favorite error message: xscreensaver, running on an old Sparc 5 w/ 8bit color: bsod: Couldn't allocate color Blue
But in the end, its just a matter of time until the spammers defeat both of them, and we're on to filter ABC version 2.
Among the many useful techniques which have been brought to bear against spam from the field of Artificial Intelligence (AI) is the notion of spam as an adversarial game between an intelligent agent (i.e. the filter) and the spammer(s). When this is combined with other AI techniques, such as Bayesian or Neural network machine learning type algorithms, the filters become very powerful indeed and not only that but they become automatically adaptable, constantly looking to improve their "score" in the game (i.e. percentage of spams that make it past the filter vs number of false positives) against the spammers. It is important to understand that the creators of this filter do not program the rules but rather the system is designed to perform critical analysis and determine its own rules...this is the power of Artificial Intelligence at work.
Consider that in the past, when serious efforts have been made to bring such intelligent agents up to a high level of play in adversarial games, the programs have advanced to the point where even the very best human players are barely able to win and only with great effort (as in Chess) or, even worse, they cannot win in the face of such tremendously strong play from the AI which never gets tired, never gets psyched out, never panics, but rather constantly and inexorably grinds on to victory with a very high probability.
The spammers are at a distinct disadvantage against such systems for two primary reasons: (1) It is difficult to tell, from the endpoint of the spammer, precisely which message made it through the filter and how and (2) even if they do figure out which messages made it through the filter the filter is learning and training, like the human immune system, for the next time it sees a similar message which will then not make it through. Or in other words the AI filter has full visibility of the game board, but the spammer can only see his pieces and few or none of the pieces of his opponent.
If the game can be made difficult and frustrating enough for the spammer(s) by consistently strong play on the part of the AI filters, then the cost benefit ratio can be reduced asymptotically to zero against the spammer to the point were even the most dogged and determined spammer is tempted to throw in the towel. The cost of sending spam is close to zero but it is not absolutely zero, so the AI should begin discouraging spammers at the point where the AI filter pushes the returns close enough to zero to make spamming unattractive compared to alternative (and potentially more lucrative) activities for the spammer.
Some spammers will stoop to signing up for shell accounts at ISPs to harvest e-mail addresses. A lot of information can be learned just with that access. Not just compiling the results of ls ~/.. to a host name, but also harvesting cat ~/../*/.forward. The contents of a .forward file can also be disclosed via finger if your host still allows outside access.
It could also be that a relay between your mail server and gmail may be snooping on e-mail packets looking for active addresses @gmail and selling them to spammers.
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
The not spam button does work. Unless you are a total moron and CLICKING A BUTTON wrong.
Or your 'contact' is such a known scumbag that gmail wont ever believe you.
In either case. their filters are working just fine for me.
SPAM is way down at Google probably due to the fact that they acquired Postini, who has an excellent SPAM filtering technology. I use AppRiver for my company because Postini costs an arm and a leg, but would've gone with them if cost was not an issue. Either way, I'm very happy with AppRiver.
From TFA:
"We're forecasting that the number of spam messages that annually reach the average inbox will hit 4,351 in 2007. For 2010, we think that number will essentially be flat at 4,403."
I work at one of the leading Enterprise Anti-Spam vendors in the world and if our customers were receiving nearly 15 spams per day IN THEIR INBOX, I'd be out of a job!
Currently my server filters are stopping 20-30 pill and porn spams coming from gmail themselves. And they just /dev/null all abuse@ emails. This may not sound like much, but all the gmail spams are hammering 2 of my users. Sometimes I firewall off gmail for a week or so to just throttle the flood.
Webmail providers suck ass.
Lawyers, MBA's, RIAA? A jedi fears not these things!
It's actually quite hard to write a message that will trip good spam filters (e.g. Spamassasin, Gmail). Just mentioning a couple of keywords such as "viagra penis enlargement nigeria" will usually not work (you need either a LOT of "bad words", or send from a blacklisted IP). There is a special string that is recognized by the major spam filters: XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X . See Wikipedia GTUBE. The problem is, if you're caught pulling that trick, it'll be hard to explain how you accidentally put that string in your email.
Avantslash: low-bandwidth mobile slashdot.
This is wrong. You can test it out for your self. Messages flagged as spam are split from the thread. Much like searches only work on single messages (You cant find a conversation where you send and received mail using "to:me from:me" for the same reason I would guess.)
No.
-- Lattyware (www.lattyware.co.uk)
Yes, this has been a big problem for me. My boss and I often discuss how we could "$$$ Pen1S NOEW", and our conversations are often cut short when that stray SPAM message comes in with a coincidentally identical subject line...
...I have had more false positives appear in my gmail inbox than any other time since I started using it (February)! Coincidence? I fink we should be told....
My web domain.
good point, it is not wrong to say from your perspective the world is flat, but we know different now, and stating the world is flat would probably get you at least a few wierd looks...
I think from a users perspective it will be subjective based on how they cunduct themselves on the net. If you give every tom dick and harry your real@ddress.com your going to get an inbox full of offers to enlarge your wang, shrink your prostate, cure cancer, and find a bunch of long lost nigerian princes who need economic relief by giving you money to give them money back!.
How much is your data worth? Back it up now.
The IT people in my company occasionally release our spam filter numbers, sample from a recent month:
Legitimate emails: 54,751
Spams: 1,189,716
The graph shows that spam has been increasing over the months, not decreasing. And I have had few spams have getting through gmail's filters recently (thought it still does catch about 99.9% of them)
Maybe they have fixed it in the meantime? I am fairly sure a couple of months ago (say, this summer) it still happened. I would be happy to know that it is fixed!
Dedicated servers are cheaper. More and more countries build datacentres every day. You can even buy whole Chinese netblocks of ips. There are still plenty of sizable botnets about, available for purchase to the highest bidder. More and more spam is sent every year, and the techniques used advance quicker than filtering technology.
Don't flatter yourself google, your tawdry little webmail system is piss in the ocean to these people.
You feel sleepy. Close your eyes. The opinions stated above are yours. You cannot imagine why you ever felt otherwise.
22425 spams in my quarantine. 747.83333 spams/day.
A mere trickle.
Interesting - I just tested this from my yahoo account to my gmail & work accounts. Subject line "test" and then the string specified pasted into the body.
Gmail let it through, it got flagged on my work account.
i'm not surprised... I only get like 1 spam message per month that successfully got through the filters :)
Sorry AC I took all the steps GMAIL recommended. The sender is a torrent tracker and the messages are letting me know torrents I am interested in have been added. Get your head out of your own rear please. The tracker is not sending SPAM I have requested these messages. Taking the steps recommended does not fix the problem GMAIL is broken.
If you don't like what I write don't be a CS and mod it down. Refute it.
Yea I can't spell. So what is your point?
Maybe they finally got it up?
Homer: Not a bear in sight. The "Bear Patrol" is working like a charm!
Lisa: That's specious reasoning, Dad.
Homer: [uncomprehendingly] Thanks, honey.
Lisa: By your logic, I could claim that this rock keeps tigers away.
Homer: Hmm. How does it work?
Lisa: It doesn't work; it's just a stupid rock!
Homer: Uh-huh.
Lisa: But I don't see any tigers around, do you?
Homer: (pause) Lisa, I want to buy your rock.
Couple of years late, but never mind.
... er ... write the invoices. Of course they don't all pay up - most email to say they won't spam again, and don't - but enough pay up to pay the postage many times over.
Most days all the spam I get (one perhaps, or two on a bad day) looks sufficiently like genuine email (invitations to training courses, conferences etc) that it's got the real postal address of the spammer, which is a genuine (if somewhat misguided!) UK company.
So, in accordance with the policy stated on my web site for years now, I invoice them £100 a time for the trouble I take to
Yes I'm sure my ISP throws away hundreds a day. But I never see them so I don't care - so far as what I have to pull down the wire is concerned it's solved.
I always thought that a clever use of captchas and whitelisting could prevent automated spam...
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
I don't see a break in spam. They are changing the vector but I still get a ton of spam hitting my mail servers. I think they are think other methods of flooding our mail servers with more junk to overwhelm the spam filters.
Nope. Wasn't this summer. I've had parts of a thread get flagged as spam well over a year ago, and it has never once move the whole thread to the spam box.
I use the pay version of Yahoo which has "SpamGuard Plus". It is supposed to be a learning filter (Bayesian filtering I think). Yahoo used to have excellent filtering. I rarely if ever got spam in my Inbox, even when I was getting literally hundreds of spam messages a day in my Spam folder.
Sometime in September of October this all changed. About 50% of spam was getting through and what was more annoying is that most of it was coming from other Yahoo users and they were all hard core porn spam. These weren't spoofed from addresses, they were actually coming from Yahoo since the DomainKey headers were valid. No matter how much I hit the Spam button on them they kept coming and they all looked very similar. I forwarded them to Yahoo and got responses claiming they were closing the accounts, yet they still kept coming. It got to the point where I finally set up a filter so that any email coming with @yahoo.co in the from header that wasn't specifically sent to my email address was trashed.
Recently the amount of spam from real Yahoo addresses has dropped (though not gone away). Now I'm getting Spam from Spoofed Yahoo addresses, mostly selling watches or something, but fortunately my filter takes care of most of them.
Spam from Hotmail and other various places still shows up. More spam is getting through than a year ago, but not nearly as much as last month. I'm still not sure why there isn't a way to filter out all those Nigerian bank scams and stock dump scams since they all look very similar.
Hopefully Yahoo works on bettering their spam filters since they definitely don't work nearly as well as they say they do.
I do have 2 Gmail accounts which I don't use. They have some spam in them when I check them every now and then. Surprisingly the account I get the least amount of Spam at is my Comcast account which I never use.
The filtering is so good, I rarely ever see a spam any more.
Thanks Socrates.
------
beware he who would deny you access to information, for in his mind he dreams himself your master
Spammers giving up? I think not! Do you have any idea how many emails I get every day telling me how I can grow an enormous trouser python?!?!?! I don't even like snakes!
I manage the spam firewalls where I work and track spam statistics every week,
2 months ago we received 20 million messages pr week and passed about 800,000 as legitimate mail
Last week we saw 41 million and the same 800,000 passed as legitimate messages.. that's 98% spam!!!
to break it down more..
41 million recieved
32 million rejections on RBL lists
9 million passed onto the spam filters.. 10% of that gets through.
This is for 1 week.
We keep seeing spam double every 2 months.. It's gota stop growing at some point right??
If you think it's expensive to hire a professional to do the job, wait until you hire an amateur. --Red Adair
The spammers don't typically sell directly. They sell the service to people who think it might be a valid way to get sales. The actual spammers don't really care if it sells or not. All they care about is being able to convince their customers that spamming is a good way to sell. To correct your statement:
"As long as they are perceived to sell something through the spam..."
Engineering is the art of compromise.
I'd disagree with Brad Taylor's statement about GMail's filters being so effective.
...
In my case almost everyday 1-3 phising messages go through straight to my inbox. Some with quite typical, repetitive subject lines. They are instantly recognizable.
I always use the "report phishing" drop down, I also submit message sources to CastleCops PIRT.
I think that GMail's anti-phishing filter still has a lot of space for improvement.
Of course, I'm not a typical user, I don't hide my e-mail address from the web, and (like Brad) I'm interested in spam professionally, so I want to have a significant sample of it. But I would prefer it get automatically directed into the proper subfolder.
The corporate mail system I'm admining has a higher efficiency spam filter than GMail's in this regard.
BTW, I'm puzzled why spammers backed off from the image spam. I understand that OCR filters forced them to make obfuscated images to a state of barely readable for the less intelligent populace (their main target), but they still didn't try chopping the spam image into small chunks placed in CIDs that would be composed together using an HTML table. This would make OCR-ing much harder, since the filter would first have to render HTML into a bitmap representation... Maybe they will try that in the future. When they do, I doubt GMail's filter will be instantly able to handle this well
If you do the metrics, you'll also see that there really aren't "just more Macs and Linux".
Windows has over 90% of the desktop market share.
Linux is still at less than 1%.
[Wikipedia (eww...), September 2007]
Any "growth" by any of these platforms (including Windows) will not make a dent in those figures unless it is sustained over 3-5 years. The yearly influx of desktops to the population is small compared to the total population. Most people like to keep their computer (and to most people, that includes the OS) for 3-5 years, or more.
And actually, Linux boxes are a big target now.
The people running the bot nets love the stability and constant on a Linux box and Linux semi-geek typically provides.
The year of Linux may never come, but Mary and Tom jumped into Linux last week (because their friend Linus said it was so cool and easy). They're stumbling around enjoying their newfound freedom, wondering why their computer has something called emacs when they haven't hooked up their iPod yet. They're just as vulnerable (if not more so, because of their ignorance/unfamiliarity with Linux) as ol' Granny Gates running on Windows.
And on the other side of it, the people who run infected Windows boxes are NOT the ones who switch over to Linux.
I for one have been noticing nothing but an INCREASE in spam - both over the last few months and over the last few years.
I use no special filtering on my hotmail account and get moderate spam. (A 7 year old account whose address is everywhere by now, I'm sure.)
I gave up one gmail account because so much spam got in I just couldn't deal with it (thousands a day).
I have one gmail account that gets very little spam (because I've never used the e-mail for anything except creating a login to pay my cable bill).
I have several work e-mails that get tons of spam. (Which have multiple levels of filtering applied automatically).
Yes - I am referring to the spam that gets to my INBOX.
For Hotmail and gmail I use their web client.
For my work e-mail and some others I have Thunderbird (with a bit of added filtering).
As long as people send money to Nigeria or try to buy those cheap meds, spam will be on the rise.
Yep still 2GB of spam and maybe 3 real messages. Yeah your filters are teh roxxor Google. Jeez
Ubuntu: If at first you don't succeed, blindly slap a sudo in front of it
Allow me to correct your correction.
"As long as they are perceived to sell something through the spam..."Should be:
"As long as some sucker thinks he might be able to sell something through spam..."
It isn't the general perception of the effectiveness of spam that matters, it's the perception of idiots with dreams of getting rich quick that matter and the supply of said idiots is endless.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
I was referring to the Metrics of the spam hosting boxen. If we look at those, we note sources such as Brunei and China and so on, and that they are attached to and support Windows boxen.
In China, many people have cracked or broken Win licenses. Not saying this is good or bad, but the case.
When we look at compromised spam-sending botnets (the primary source of spam), we find this is where they come from.
Doesn't matter why it comes from there. Just that it does.
Filters and honeypots only work to a certain point, the nature of the beast adapts to the changing enviro.
IPv6 won't even fix it, as it still permits pop-and-drop wireless computers (which may be cheap connections bought and burned up in one mass usage) to connect.
-- Tigger warning: This post may contain tiggers! --
It's not that the filters evolved. Nigerian royalty finally allocated their fortune all over the world, letting millions get rich in the process by hosting their money in their personal accounts, and got out of the country escaping a brutal, oppressing, regime. Happy ending for everybody.
Here we go again. TFA, and most of the comments in this thread, are missing a critical piece of information. It doesn't make sense to say that a spam filter is N percent effective because that misses the false positive rate which is really more important. I don't care if you catch 99% of my spam when 10% of the emails that I need -- and probably closer to 80% of the unexpected and important ones like contacts from long-lost friends -- are dumped.
The merit of GMail's spam filter, as opposed to, say, *cough* Hotmail is not that it achieves a better spam rejection rate, but that it is relatively conservative with false positives. As others have pointed out, its spam rejection rate is hardly anything to write home about.
As technologists and consumers of reports like the Wired article, we should demand better quality of discourse. The blue line on the graph (spam rejection rate) shows continuous improvement in the spam rejection rate, but that is meaningless of the false positives are going up at the same time. Being blind to important data like that is what turned Hotmail's spam filter into the mess that it is today, and it's no exaggeration to say that the inability to trust that an email will be delivered is slowly rendering the medium useless for lots of people in the real world.
In fact, as long as we hold spam filters to some reasonable standard of spam rejection (>95%) I'd argue that we really should start assessing filters based simply on the risk of a false positive. Changing the discourse like this will allow us to make real progress in helping users, rather than simply focusing on "rejecting the bad from outside" (sound like something generalizable to society? hmmmm)
It didn't decrease for me. The only thing is that I use Google's POP mail service. Using Evolution Mail. So I don't get spam. But if I go to Google Mail in Firefox, there are 100~500 unread mail in my spam folder normally. And my spam messages are deleted after 30 days. Wow.
This graph reminds me of the North-American crime rate graph. Even though crime is much lower today than it was at its peak in the mid-'90s, it is down to a rate that in the '60s was considered extremely high.
Looking at Google's graph, it barely registers a blip. I believe it is what stock marketers call a "correction". It's down to about 67% from a peak of about 73%--where it was barely 15 months ago. And the tail end of the graph is turning back up.
The recent drop in the graph is far less dramatic than the drop in early '05--and it only went up after that.
Spam ain't going anywhere anytime soon.
- RG>
Hey pal, this isn't a pleasantforest, so don't waste my time with pleasantries!
I've never gotten much email spam (except on disposable email addresses), but today I got a spam text message on my cell phone, and my brother got an almost identical message on his phone. No advanced filter capabilities, no IP address revealed, and much more intrusive/annoying than email spam. Give me my email spam back!
This is not a signature.
Mr Thomos Dah
Auditing and Accounting Department
B.S.I.C Bank Limited
Cotonou,Republique Du Benin
Direct Tel:[]
Private Email:thomosdah1959@mixmail.com
Good day,
With warm heart I offer my friendship, and my greetings,and I hope this letter meets you in good time.
It will be surprising for you to receive this proposal from me since you do not know me personally.
However, I am sincerely seeking your confidence in this transaction,which I, propose with my free mind and as a person of integrity.
A) It is practically impossible for me to carry out this business alone.
B) You live in a foreign land far away from mine.
This should normally not be a requirement, but when you understand the transaction then you will understand why it is important that you live far away from me.
C) The amount of money involved in this transaction is Fifteen Million one hundred thousand united states dollars (US$15,100,000.00) which is too much for a man of modest means like myself to handle in my country.
I believe from my few points above, you can begin to get an idea why I need your participation.I am writing you in respect of a foreign customer who has a Domicillary account in my bank.
His name was Engineer Frank oliver. He was among those who died in a plane crash, Since the demise of this our customer, Engineer Frank oliver,who was an oil merchant and import/exporter, I have kept a close watch of the deposit records and accounts and since then nobody has come to claim the money in this a/c as next of kin to the late Engineer.
He had only Fifteen Million one hundred thousand united states dollars(US$15,100,000.00) in his account and the account is coded.
It is only an insider that could produce the code of the deposit particulars.
As it stands now, there is nobody in that position to produce the needed information other than my very self considering my position in the bank.
Based on the reason that nobody has come forward to claim the deposit as next of kin,I hereby ask for you to send an application to the bank as he next of kin to the deceased and get this fund transfered into your foreign bank a/c for mutual sharing between myself and you,%5 for charity, 5% for expences we will incure just in case, 35% for you and 55% for me.
All I need is for you to follow my instructions closely because I am experienced in inheritance matters here and i am on ground here to advice you on every step until you receive the money.
What is required of you is to send an application to the bank as next of kin to the late Engineer and I promise you that everything will go smoothly.
I also indulge you not to make undo use of the information given to you, I need also to trust that you will not tell people or your bank about this business.
You will collect the money first, then I get my share, then you can tell anybody what you chose thereafter.I shall need your help to invest in your country therefore, any experience you have in this area will be beneficial.
Please feel free to call me on my direct telephone number for any question or further explanations if required and upon the receipt of your favourable responses I shall send to you a text of application which you shall send to the Bank putting claim over the deceased fund.
Yours truly,
Mr Thomos Dah
Tel: []
NB:Please contact me via my private email above.
I have two email accounts, one with Yahoo, and one with Rogers (a Canadian cable co). I've noticed that the amount of spam in my mailbox (which used to be 50-100 messages a day) has dropped to a much more manageable 5-10 messages per day. Somehow, the Nigerian type scams seem to get through, but I'm not getting Viagra, Cialis, or pen1s enlargement (it's like they know!) the way I used to. In addition to the Nigerian stuff, I still get phishing spam from people pretending to be my bank, MS, Target, etc. But the volume that's not automatically directed to my spam folder has fallen; I still have to go into my spam folder once a week to delete 1,000 messages.
What was once true, is no longer so
Spam has an unfortunate relationship - the spam recipient isn't the spammer's customer. The spammer's customer is the advertiser, either directly or indirectly. Blocking spam doesn't disrupt the connection between the spammer and his customer, and as long as the spammer can convince his customer that there's value in advertising via spam, the spam shall continue. To eliminate spam, it must become substantially less attractive than traditional advertising channels. I don't expect that to happen any time soon, as the cost of sending a gazillion emails pales in comparison to the cost of running a print campaign.
Maybe the correct method to work toward eliminating spam isn't to block it, but rather let it all through. I think folks would be truly disturbed if the ISPs could coordinate a day where everybody disabled spam filtering for 24 hours. You wanna motivate a congresscritter? Irritate everyone in his district, all at once (including him and his peers.)
I literally get 0 spam in my inbox. The only spam I ever get is from businesses that I have a "relationship" for (ie., created an account on their site, said no thanks to junk, but got it anyway). Easy enough to block them since each site gets their own alias.jan-1-2007@mydomain.com that I can filter later on and never bother to "unsubscribe."
/var/log/maillog /var/log/maillog /var/log/maillog /var/log/maillog
/var/log/maillog*
I use sendmail with greylisting as my frontline defense, then dul.dnsbl.sorbs.net, `sbl-xbl.spamhaus.org, list.dsbl.org, and lastly bl.spamcop.net. Thunderbird is great at picking up all the stupid "business relationship" junk based on the servers spamassassin's markings (but I don't have spamassassin dropping anything, just marking it up), but mostly just gets in the way of me permanently rejecting their mail (just a few a month ever come in).
I found many of the sendmail configuration lines from http://www.sdsc.edu/~jeff/spam/Sendmail.html if you'd like to give it a try.
4 days worth of spam filtering shows the following were blocked (this is just for my little list of personal domains, mind you):
# grep -c sorbs
16048
# grep -c spamhaus
13246
# grep -c dsbl.org
230
# grep -c spamcop.net
897
Combined spam blocked (each file is 7 days worth of spam count, except the top one which is only 4 days):
# grep -cF $'sorbs\nspamhaus\ndsbl.org\nspamcop.net'
/var/log/maillog:30486
/var/log/maillog.1:43508
/var/log/maillog.2:41687
/var/log/maillog.3:36868
/var/log/maillog.4:35687
Until you realise that the correct solution is not to play the game to the strong points of the AI. A DoS attack will always win. Overwhelm the opponent with brute force, regardless of your own casualties. Especially if you are willing to destroy the medium.
I can throw myself at the ground, and miss.
Quite the insightful post.
However, there are things working *for* spammers. First, there are complacent ISP's...pretty much enough said, but I'll elaborate for a second. Obviously, there is money to be made in spamming other wise it wouldn't exist (to a certain extent). But for ISP's or mail providers, so long as the losses from spam (coming either from wasted CPU and bandwidth or just lost customers) is less than the actual cost of blocking the spam then they don't *really* have any incentive to stop it. Second, and I think that this is why spam (depending on your actual definition) will *NEVER* be eliminated. Every day people give out tidbits of information about themselves, whether they realize it or not...and no, I don't have a tin-foil hat nor do I want one. But (most/some) spammers are smart. They will adapt. They will find ways to get that information and use it to create "targeted spam" (kinda like google's advertisements) which will be (to some extent) "unique" to individual recipients. If you send out the exact same message to thousands of users, it is very easy to spot. If you just change the "Hello [first_name]" and the body is the same it is still fairly easy to spot. Even if the name and products are dynamic but there are only minor differences in the actual verbage then it still is fairly easy enough to spot. But (and sorry if this "inspires" spammers) if they start learning real usage patters of email (kinda like what is being used against them) and interject only what needs to be put to get their minimal amount of product placement, then it is going to be AI vs AI. Put into that scenario, I think that the smaller and more nimble spammers are going to have a very distinct advantage over the larger, slower and generally more complacent ISP's and mail hosts.
All in all, the game is going to change. It is going to become more technical. But the end result really isn't gong to change. Its almost like the DRM battle. Big corps are going to come up with their "silver bullet" only to find their master scheme hacked in just a matter of days.
Continuing a different thought/discussion. gMail may be "winning" at the moment, but my guess is that it is only because it isn't the most cost effective at the moment. Once the others catch up to gMail, *THEN* they will either improve or just take the easy pickins from the other sites. Sorry, but spam ain't going away any time soon.
When I have a kid, I want to put him in one of those strollers for twins and then run around the mall looking frantic.
My spam filter, in its daily logs, informs me that it is discovering approximately 8000 spams each day. In May of this year, it was 800 per day.
I'd say that's an INCREASE.
Jory
This has never happened to me. I keep checking the threads.
I have to give this one to Google. I have two Gmail accounts, one I give to friends and one I throw around the Internet with wild abandon. And in the 2+ years that I've had them I have not gotten a single Spam message in my Inbox.
I agree, given that Google is correct (since when does a company, rather than a spokesperson, speak?) I think it is highly likely that spammers are avoiding gMail.
OTOH they may be filtering out less spam not because there is less spam, but because their filters aren't working as well.
I had heard that gMail has highly effective filters, but when I began to use it more frequently 2 months ago, I did not notice a clean email box.
Disapointed, I was.
like usual- I got spam today... 197 to be exact- it all filters out, but it is all spam
I still think that we should go to receiving whitelisted mail only. If that means that you can't get an email from a website that you just subscribed on, then we *might* need some additional challenge/response mechanism inside SMTP, or a thing like a trusted certificate authority, but no more black/greylisting/just willynilly receiving any old email. Once spammers get it that their email are just disappearing down a black hole, a lot of bandwidth will be released again to the public. And they can go and base their business models on spamming IRC and MSN.
Religion is what happens when nature strikes and groupthink goes wrong.
I think what you describe is definitely an anomoly (perhaps when you set up your POP3, originally you set Gmail to delete the forwarded messages?).
As for myself, I've never had a false positive with Gmail (as far as I know) and I haven't had a spam message appear in my inbox for at least a year. I also used get close to a thousand spam messages every 30 days (which has nearly halved recently), as far as I can tell that's because my email is available in the whois database for my domain registration.
Spam is essentially a non-issue for me...
I think I see a connection here....
No sig today...
"Spam is sent because spammers can make money by sending it. Period."
:-)
Or maybe spam is sent because anti-spammers can make money by blocking it.
(reminds me of the Chimera story on Mission: Impossible II)
HAPPY BIRTHDAY IMRAN!!
People don't "see spam" but they also don't see other mail that is filtered with their spam. At gmail I did see legitimate mail end up in the junk box. That's only what ended up in the junk mail. There's no info about what they completely discard. The real damage in spam is not seeing it but losing email functionality, and losing trust in email as a reliable medium.
People can see that they have less spam. They most often don't know that they lost some legitimate messages because they don't see them, and gmail's filters while perhaps being quite good are not perfect, and do have some false positives.
Perhaps the fact that Google are so confident in their filtering ability is one reason why they let spammers use gmail addresses to receive orders. I've seen several spammers use gmail addresses as the only means of contact they provide in their spam, and the fact that they continue sending spam with the same gmail contact address means they achieve positive results this way, and that their gmail mailboxes are not closed despite of receiving responses to spam messages. I've reported such abuse to gmail several times and as far as I can tell at least some of the drop boxes I reported are still used by the same spammers that continue to send spam directing to send email to those addresses for "more information" on their products or services.
SO perhaps they don't send their spam out using gmail transmitters, but there are spammers using botnet-based transmitters that use gmail to receive inquiries.
Either I'm missing your math here, or I have to claim non-sequitur. I don't agree that the reduction in incoming crap is indicative of a higher cost for the sender. I would argue that you could just be lucky enough to have fallen off of a spammer's list somewhere.
If you have something to support your conclusion of it being more costly for the sender, please elaborate.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
I've heard of the AI approach for spam, and I'll tell you why I don't think that will solve the problem either.
First, it doesn't scale well. There are millions of email addresses on the internet, receiving email through thousands of mail servers. How many of them (users or servers) could run the AI anti-spam program? How many of them will?
Second, there are too many users that would never agree to be helped by this. Primarily I am talking about people who still use the likes of hotmail and yahoo as their primary email. These people pretty well couldn't install this, even if they wanted to, and probably wouldn't want to even if they could.
Hence, even if you were able to set this up for all the users that want it, there would still be far too many others who wouldn't want it (or wouldn't comprehend a reason to want it), and the spammers would continue to adapt their game accordingly.
Therefore, I stand by my previous statements that the solution to spam needs to be economic, not technical. When there is no longer a profit to be made by the spammers for sending out spam, then they will stop. People have correctly pointed out that yes, many spammers aren't selling anything directly. However, the spammers are still getting a cut off the proceeds of whatever site they are spamvertising, hence the game is still profitable for them.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
1. As those of us who have been fighting spammers for decades have seen -- many times -- attempting to estimate global spam trends based on single measurement points (no matter how large) doesn't work. Moreover, attempting to estimate those same trends based on brief time periods doesn't work either, since there are often seasonal (or longer) fluctuations. So while Google's measurements may be locally and temporarily valid, they have no meaning and no value vis-a-vis the entire Internet.
2. Spammers, like any enterprise seeking long-term success, have diversified. They're into adware, spyware, phishing, domain typosquatting, domain kiting, drive-by downloads, and every other possible line of "business" available to them. If any one spam operation appears to be momentarily declining in output, it's almost certainly because their focus has shifted to another form of abuse.
3. Address harvesting by spammers is now extremely effective, thanks in large part to an estimated 100 million compromised systems (and that number may be low). Any email address that's actually used should be presumed to be in enemy hands shortly; attempts at obfuscation are futile. It's a best practice to make this assumption and plain defenses accordingly.
4. Google itself has been increasingly implicated in spam and spam support activities -- the number of spammer dropboxes there is increasing, as is the number of spammer web sites hosted by them. And Google's abuse desk is non-responsive to even the most well-documented complaints (that is, though where a victim has generously done Google's homework for them and donated the results). This is troubling.
I think that while spammers are far from giving up yet, it's very possible that their days are numbered. Normally in matters like these, the 'cheater' has the advantage. For instance, copy protection - the pirates spend so little to break very expensive protection schemes. In this case though, I think the big bucks companies have invested in filtering are winning. Here's why. Filtering technology is forcing spam to become more and more garbled in order to pass the filter. Think about it. As the years have gone by, spam's "signal" has degraded significantly. The spams that reach our inboxes today have had many of their words replaced with not-quite-sensible synonyms and are filled with random nonsense text. It's getting to the point where the advertising effectiveness very degraded.
I would expect that the number of impressions today's spam has to make to get one sale, is far higher than it used to be, maybe 100x, if not more. I also expect that number to climb ever higher, and eventually hit the point where it is not cost effective - where hiring hackers to pump out spam through botnets costs more than the revenue brought in by that spam.
Of course, I don't want to underestimate the ingenuity of these jerks. They very well may find a whole new way to peddle their viagra. I do however, think that it's entirely possible that spammers' current model will fall apart.
This is complete bunk for two reasons:
1) I've had to move away from Gmail because my account is cluttered with too much spam. A 95%+ differential.
2) I work for a major spam blocking house; all of our stats (public/private) indicate that the trend is still on the rise.
We also block on the ISP level, so it could simply be that our products (and our competitors) are working the way they're supposed to!
Is to whip the guilty parties 500 times each on live tv - then carve their bodies into little pieces and feed them to lions - also on tv.
In time the word would get around.
If Google really cared they would fix Android Chrome to reflow text, instead of discriminating
I have a very simple spam gauge: I never clean my GMail spam box. So it has a moving average of 30 days of traffic.
Two years ago it had 3000-4000 messages. Today it has over 14.000. So it is still growing.
google try to be smart about typos and such. if the email address is similar to yours and nothing more similar exists they will send the mail to you. try sending an email from a non gmail account to something similar to your actual gmail address. mail to m.e-w.i.t.h.o.u.t-t.h.e-d.o.t.s@gmail.com gets to me straight away, as does myusualgmailaddress-blahxxxwtf@gmail.com. Some people call it a feature, some a bug. Either way google appear to discard as few mails they can. I'd estimate that 99% of the incorrect email addresses routed towards my actual email address end up in the spam folder. I see maybe 2 or 3 a week. I get hundreds of spams daily (and a huge majority of those would be directed at random but pretty similar non-existent gmail addresses)
Caesar si viveret, ad remum dareris.
Until you realise that the correct solution is not to play the game
Obligatory War Games reference:
Joshua: Shall we play a game?
David: How about Global Thermonuclear War.
Joshua: Wouldn't you prefer a nice game of chess?
David: Later. Right now lets play Global Thermonuclear War.
Joshua: Fine.
BTW, I have two gmail boxes and still see spam coming everyday. My main email server http://www.vbc.com/ received about 20000 spams a day and all filters (RBL, spamassasin, greylist) can catch not more then 90% of them ...
MS-DOS since 6.0, Windows since 3.1, Novell Netware since 4.5 and FreeBSD since 4.5
The amount of spam has dropped at my spamwall over the past month or so - but I attribute that to the fact that Spammers are probably on holiday w/their families, or other spammer friends... so they're sending out less of their tripe
My original line _is_ a wargames paraphrase. I expect Slashdotters to know it.
I can throw myself at the ground, and miss.