Slashdot Mirror
Are Spammers Giving Up?
sfjoe writes "Are spammers giving up the game? Google seems to think so. In an article at Wired, Google, '... says that spam attempts, as a percentage of e-mail that's transmitted through its Gmail system, have waned over the last year'. They think their own filters are so good that spammers aren't even trying anymore. 'Other experts disagree with Google, pointing out that overall spam attempts continue to rise. By most estimates, tens of billions of spam messages are sent daily. Yet for most users, the amount of spam arriving in their inboxes has remained relatively flat, thanks to improved filtering.'"
All one has to do is glance at a mail log to see that no, in fact, spammers are not giving up. This one does not require reading tfa.
Technology tips and tricks.
...all that cancer I've wished upon them.
Gmail completely rocks!
Spam detection has got to be something like 99.999% accurate
I sometimes get the occasional Nigerian scam letters - but thats it
---- "Logoff! That cookie shit makes me nervous!" - A. Soprano
that over the past few months, I've been getting a lot more spam mail through my ISP's filter, *and* through Thunderbird's filter. Those random words sprinkled throughout the message is even getting it past the Bayesian filtering now.
It seems that have it figured out pretty good to me.
Don't steal. The government hates competition.
I have no other experience with hotmail, but my free webmail experience has consisted of Yahoo! and Gmail.
Let me tell you, Yahoo!'s spam rate has not improved. I am not sure if their filter isn't as good, or they are just taking money from the wrong people, but I get at least one spam message make it into my inbox per day, maybe 2-3. Oftentimes, the spamming links back to a geocities.com page. Coincidence? I don't know.
With Gmail, I get one spam message per month (maybe) make it into my inbox. They are so rare, its comforting. And since they are so few and far between, I actually use the 'Report Spam' option, because it looks like get this that their filters are actually updated with my input, and I don't see spam of that same type ever again.
This is different from Yahoo, I report spam all the time and yet the same exact message types make it past the filters into my inbox. I even report phishing there, but that doesnt' seem to help.
Can anyone with internal Yahoo webmail operation shed some light into what they actually do with user input? It would be nice to know that someone, somewhere (or at least a script) is using my button clicking for input.
will she still love you more than any other guy? Or will your short and flaccid member be the shame you bear?
"Flyin' in just a sweet place,
Never been known to fail..."
I seem to get as much regular spam as before. However I now get MySpace and Facebook spam as well. People trolling to be my friend in all sorts of special professional ways.
The spammers are still sending the spam. They aren't giving up.
But the filters are getting good enough to filter most of it so the users do not have to see it.
But the spammers are still sending it.
They won't give up as long as there's a monetary incentive for them to send out spam. As long as they can sell something through spam, they will continue to send it out. We can talk about how wonderful filter ABC is, and compare it endlessly for false positives against filter XYZ. But in the end, its just a matter of time until the spammers defeat both of them, and we're on to filter ABC version 2.
So no, in the end, nothing that most people are doing will do squat to bring about the end of spam. You can filter until you're blue in the face, and spam will still be sent. You can shut down all your mailboxes and open a new gmail address every week, and you'll still get spammed.
Spam is sent because spammers can make money by sending it. Period.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
I manage the spam firewall where I work, and I have seen a significant drop this month vs last month. In October we processed 20,000-30,000 emails a day, averaging near 25,000. In the month of November, we have only exceeded 20,000 in a day once, with most days falling short of 15,000. This months average is closer to what it was during the summer, we had seen the increase to around 25,000/day during August/September.
It's hard to imagine that spam filters have gotten to the point where spamming doesn't make economic sense. After all, the business model is something like
Even adding a couple zeroes to the recipient number (which improved spam filters should be doing) doesn't make much of a dent in the total expenses, if I understand correctly. Lawsuits under the CAN SPAM law, however, could make it too costly to get past step 1. Unfortunately, it seems like the judicial system still needs a little help here.
Filtering may work decently, but it is resource intensive and depending on your email load, you may need a scanning box as big as your regular email server.
Try http://en.wikipedia.org/wiki/Greylisting
or
http://projects.puremagic.com/greylisting/whitepaper.html
Our own office only has about 150 mailboxes but we don't do any filtering at all because of our greylisting as implemented by http://www.openbsd.org/spamd
Even better we can greylist at the perimeter instead of letting all of that pointless traffic onto our own network.
And if you're feeling particularily vindictive start posting trapped email address on your own publicly available webpages. Make them invisible or hidden under other content but still harvestable by bots. And soon enough a significant percentage of email addresses out there will point to tarpits. Making botnet spamming a much slower proposition, and should therefore decrease the total ammount of spam.
Spammer 1: We can't get anything past Google's filter.
Spammer 2: Agreed. [sighs]
Spammer 1: I guess we'll have to give up spamming.
Spammer 2: Seems that way.
Spammer 1: Unless...
Spammer 2: You have an idea?
Spammer 1: Why don't we keep spamming everyone else!
Spammer 2: Rapture! You're so smart!
GetOuttaMySpace - The Anti-Social Network
Mod parent +2 Optimistic Lovely sentiment, but that's kind of like saying, "It snowed this weekend because I installed compact flourescent lightbulbs in my house".
You remember when Bill Gates said spam would be over by 2006? Boy was he right -- I haven't had spam in my inbox in weeks. Thanks, Google.
Toronto-area transit rider? Rate your ride.
I dunno, spam's not so bad. After all these years on email, my penis is longer, and never flacid because of these cool pills I'm taking, and this Nigerian guy gave me a few million bucks, which I subsequently donated to charity to save that poor little boy, even though all he wanted was teddy bears and flowers. Bill, tell these people that there's no such thing as spam. Come on. Will ya?
Perhaps spammers are focusing on how to get a smaller number of messages through the filters rather that upping the number of messages sent.
Think Deeply.
In Gmail, the problem is false positives: when Gmail labels a message as junk, it moves *the whole thread* to the junk folder. So if you have a thread with 20 messages, and the 21st is incorrectly classified as spam, poof, also all the other previous 20, that you had confidently filed away, silently go into the spam folder, where they are silently deleted after 30 days. This is a consequence of how Gmail deals with threads, or "conversations". I reported this bug to the Gmail team long ago, but they haven't fixed it yet as far as I know.
So if you want someone using Gmail to delete an email exchange they had with you, send them an additional message in the same thread offering to sell them Viagra. They will never see the message, but the whole thread will be deleted in one month. Disclaimer: I have not tried this (but I have lost email due to the above problem, and I know I did, as I keep a separate backup of my mail via pop, where the missing messages were still present).
Some spammers are giving up. Mainly because they realize that running botnets is a better way of making money.
Technoli
Spammers, please take note that I actually have a large penis. Your assistance and concern, while appreciated, is simply not required.
I suppose someone must be responding to them, but for the life of me, I can't imagine who. They're just an annoying part of working online that I've come to accept unfortunately. I'm still waiting for a law similar to the National Do Not Call List [https://www.donotcall.gov/] that will provide some relief to my inbox. Of course, you've got to deal with the international aspect of spam, but considering that ISP's can control what comes in, that shouldn't be an insurmountable problem.
My personal experience backs this up. The amount of spam my hosted personal account gets is about half what it was 6 months ago. I was wondering the same thing myself.
Well yes, they can easily both be true.
If, for example, spammers are learning that sending spam to @gmail addresses is a pointless exercise in futility. So they further concentrate their efforts on non-gmail addresses.
Google sees a significant drop of spam arriving at gmail (though via accounts which POP3 mail from external addresses, there'll always be some spam).
Everyone else (not Google) sees their inbound spam increasing/strong.
Visit CryptoGnome in his home.
Let's even imagine that spam filters were 99.99% accurate, what would be the benefit of not spamming anymore? It costs them nothing, so if they send out millions of spams per day and only get a few bites, they're still making a profit.
There's no incentive to stop spamming unless it becomes arduous to do so. Nether technology nor litigation are close enough to make that happen.
Surely at some point (probably later, rather than sooner) the number of users who aren't duped by spam will be such that spammers will have no market. The only reason that spammers continue to send spam is that there are gullible fools clicking the links and maintaining the demand for spam. Once the user base is educated enough (ie. no more users who haven't grown up with computers who say things like "But they've address the email to me. It must be important..."), there'll be no market. Or am I living in La La Land?
How much extra bandwidth would the internet have, if there was no spam bouncing around. I say we shut off port 25 on every router for just 6 hours and watch the bit torrents just scream :).
Have a moment of email silence.
Google may do all kinds of malicious things, but disclosing your email adress to anyone is not on that list, ever. It would be trivial as you point out to prove that Google sells this kind of information, so it's almost guaranteed it's going to be publicized. And then the public would burn Google at the stake, as slow and painful as possible.
No, I don't think spammers are doing that. First, it's probably been guessed by dictionary attacks. Botnets should have the CPU time they need to exhaust the search space up to a dozen characters. (Remember: email is case insensitive and restricted to standard english alphanumeric characters plus a handful others. This is no NSA-safe keyspace.) And second, they probably obtained a list from somewhere. Some inbox on some PC that was rootkitted or an entry in a not-negative list that some other spammer sold them. (Remember: all adresses that do not bounce are valid mailboxes.)
According to the Official Google Blog, there has been little decrease in spam, except for the amount in users' inboxes.
Actually, the grandparent almost has a point. People are not so much switching from Windows as switching from Outlook Express and ISP-provided email to webmail. Most webmail providers have fairly aggressive virus scanning making email much less of a vector for generating new spam zombies.
I am TheRaven on Soylent News
That's odd. I have a Gmail account, and once in a great while, I'll get a good message tagged as Spam in the Spam folder that's part of an ongoing thread. But I've never had the whole thread move into the spam folder. I press the "not spam" button and the message is moved back into the thread where it came from.
Maybe I've been lucky.
Peace; - PunkTiger!
What TFA fails to realize is that spam comes in many more forms than simply emails. My local lan group runs a PHPBB forum, which kept getting rather mysterious "people" registering with advertising in their "web site" profile field. Granted, we've ramped up our security, but from time to time bots still register. Likewise, if you look at many youtube videos nowadays, tons of comments are just obvious spam and other automated messages. Not as directly targeted as email per se, but still spam nonetheless. Spam isn't dead, the spammers have simply realized that there is a whole demographic of people (generally in their teens to early 20's), who use less email and more social networking style (or dare I say "Web 2.0") services like Myspace, Facebook, Youtube, Gaia, etc.
But in the end, its just a matter of time until the spammers defeat both of them, and we're on to filter ABC version 2.
Among the many useful techniques which have been brought to bear against spam from the field of Artificial Intelligence (AI) is the notion of spam as an adversarial game between an intelligent agent (i.e. the filter) and the spammer(s). When this is combined with other AI techniques, such as Bayesian or Neural network machine learning type algorithms, the filters become very powerful indeed and not only that but they become automatically adaptable, constantly looking to improve their "score" in the game (i.e. percentage of spams that make it past the filter vs number of false positives) against the spammers. It is important to understand that the creators of this filter do not program the rules but rather the system is designed to perform critical analysis and determine its own rules...this is the power of Artificial Intelligence at work.
Consider that in the past, when serious efforts have been made to bring such intelligent agents up to a high level of play in adversarial games, the programs have advanced to the point where even the very best human players are barely able to win and only with great effort (as in Chess) or, even worse, they cannot win in the face of such tremendously strong play from the AI which never gets tired, never gets psyched out, never panics, but rather constantly and inexorably grinds on to victory with a very high probability.
The spammers are at a distinct disadvantage against such systems for two primary reasons: (1) It is difficult to tell, from the endpoint of the spammer, precisely which message made it through the filter and how and (2) even if they do figure out which messages made it through the filter the filter is learning and training, like the human immune system, for the next time it sees a similar message which will then not make it through. Or in other words the AI filter has full visibility of the game board, but the spammer can only see his pieces and few or none of the pieces of his opponent.
If the game can be made difficult and frustrating enough for the spammer(s) by consistently strong play on the part of the AI filters, then the cost benefit ratio can be reduced asymptotically to zero against the spammer to the point were even the most dogged and determined spammer is tempted to throw in the towel. The cost of sending spam is close to zero but it is not absolutely zero, so the AI should begin discouraging spammers at the point where the AI filter pushes the returns close enough to zero to make spamming unattractive compared to alternative (and potentially more lucrative) activities for the spammer.
Some spammers will stoop to signing up for shell accounts at ISPs to harvest e-mail addresses. A lot of information can be learned just with that access. Not just compiling the results of ls ~/.. to a host name, but also harvesting cat ~/../*/.forward. The contents of a .forward file can also be disclosed via finger if your host still allows outside access.
It could also be that a relay between your mail server and gmail may be snooping on e-mail packets looking for active addresses @gmail and selling them to spammers.
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
The way they're making money today with SPAM is through pump-n-dump schemes.
Permit me to break it down for you:
The Phishers will phish usernames and passwords for brokerage accounts, or they will collect the information from personal users by means of a trojan. The criminals log into these accounts and schedule sell orders for whatever stocks they are holding, and schedule buy orders for the penny stock they are going to pump-n-dump. Then they walk away.
They execute the spam, eager traders read the spam, look at the account and see that volume of shares purchased have been bought up in the past n-hours and they jump in. The pumpers have bought their stock before hand and once the volume peaks, they dump. The account holders whose accounts were compromised are left holding the pumped-dumped stock...
The criminals are getting GOOD! They don't need to worry about transferring money out of the compromised brokerage accounts, they are stealing the money and laundering it all in the same step.
And it should be no big surprise that the criminal organizations behind the whole operations is the Russians.
Welcome to professional bank robbery in the 21st century.
Good security is based upon reality and common sense. Common sense is a function of having common knowledge.
If Bill would be hit on the head each time one of his prophecies was completelly off - he'd be long dead with a bashed-in skull.
Seriously, betting on the opposite of whatever he says has been a fairly profitable route for at least 10 years.
Assorted stuff I do sometimes: Lemuria.org
I manage the spam firewalls where I work and track spam statistics every week,
2 months ago we received 20 million messages pr week and passed about 800,000 as legitimate mail
Last week we saw 41 million and the same 800,000 passed as legitimate messages.. that's 98% spam!!!
to break it down more..
41 million recieved
32 million rejections on RBL lists
9 million passed onto the spam filters.. 10% of that gets through.
This is for 1 week.
We keep seeing spam double every 2 months.. It's gota stop growing at some point right??
If you think it's expensive to hire a professional to do the job, wait until you hire an amateur. --Red Adair
Yep still 2GB of spam and maybe 3 real messages. Yeah your filters are teh roxxor Google. Jeez
Ubuntu: If at first you don't succeed, blindly slap a sudo in front of it
Allow me to correct your correction.
"As long as they are perceived to sell something through the spam..."Should be:
"As long as some sucker thinks he might be able to sell something through spam..."
It isn't the general perception of the effectiveness of spam that matters, it's the perception of idiots with dreams of getting rich quick that matter and the supply of said idiots is endless.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
This graph reminds me of the North-American crime rate graph. Even though crime is much lower today than it was at its peak in the mid-'90s, it is down to a rate that in the '60s was considered extremely high.
Looking at Google's graph, it barely registers a blip. I believe it is what stock marketers call a "correction". It's down to about 67% from a peak of about 73%--where it was barely 15 months ago. And the tail end of the graph is turning back up.
The recent drop in the graph is far less dramatic than the drop in early '05--and it only went up after that.
Spam ain't going anywhere anytime soon.
- RG>
Hey pal, this isn't a pleasantforest, so don't waste my time with pleasantries!
Spam has an unfortunate relationship - the spam recipient isn't the spammer's customer. The spammer's customer is the advertiser, either directly or indirectly. Blocking spam doesn't disrupt the connection between the spammer and his customer, and as long as the spammer can convince his customer that there's value in advertising via spam, the spam shall continue. To eliminate spam, it must become substantially less attractive than traditional advertising channels. I don't expect that to happen any time soon, as the cost of sending a gazillion emails pales in comparison to the cost of running a print campaign.
Maybe the correct method to work toward eliminating spam isn't to block it, but rather let it all through. I think folks would be truly disturbed if the ISPs could coordinate a day where everybody disabled spam filtering for 24 hours. You wanna motivate a congresscritter? Irritate everyone in his district, all at once (including him and his peers.)