Most Spam Comes From Just Six Botnets

Ezhenito noted some research pointing out the (maybe) surprising bit of research that 6 botnets are responsible for 85 percent of the world's spam. That seems a bit high to me, but the only aspect of spam I am an expert in is *getting* it.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Sue the companies who advertise

[ThirdPrize]

While most of us treat spam as junk it is there to serve a very specific purpose. To get our money into the accounts of unscrupulous companies. A mate of mine (honestly) replied to spam and got some pills back. There are proper businesses behind them. Why can't we trace where the money goes and sue their butts off?

How many companies are actually advertising at any one time? Is all the spam for one company, ten companies, a thousand companies or a million?

Re:Sue the companies who advertise

[Hi_2k]

Take a look at Joe Jobs to see the problems inherent in that.

Re:Anti-bots?

[MightyYar]

I was wondering whether it would help if Google (and maybe some of the other top 10) notified you when you showed up on one of the IP block lists with a big yellow box at the top of the page, like an IE alert: "Warning: Your computer has been reported to be a SPAM relay! Please clean up your computer with the following tools..."

Something like that. They could get the list of infected IPs from one of the black lists.

I'm not a network guy, so I don't know what kind of technical restrictions there would be... obviously this wouldn't work well with proxies - maybe NAT would be an issue as well? In any event, I personally would appreciate such a service, even if I got hit with false positives once in a while. Of course, the bots would eventually get wise and filter out the messages, but that's part of the fun of the war.

Who is going to code the first FOSS "Cure" ?

[Kylere]

That targets the top 5, 10 etc botnet issues so they can be addressed specifically without having to do broad spectrum AV searches (That fail depending on product)

Re:Most Spam Comes from just Six Bots, not Botnets

[RulerOf]

Just what is the Windows equivalent of sudo that ships standard with Windows XP?
I doubt that a Windows equivalent to sudo would ever come about, not because it isn't necessary, but because the model that drives useful work in Windows isn't command line based (even from an Administrator's point of view). That may be changing with MS switching over to Powershell, but as it stands, what you're asking for may not actually be necessary.
 
Vista, though, is supposed to have that magic little password prompt when you need admin privileges on a non-admin account, but if it comes up as often as UAC does (before you disable it because it annoys the shit out of you), I wouldn't use it. Of course, this necessitates that Vista doesn't set you up as an Admin out of the box, which it has each time I've installed it.
 
Interestingly enough, I'd be willing to bet that if the only time UAC came up was in the context of a web browser or email app requiring admin rights (Attention: Hardcore Porn Video.exe is requesting to install "Botnet client." Cancel or Allow?), it'd probably be heeded much more seriously by average Windows users.

Re:How much spam do you actually get?

[harry666t]

And what's the problem with running "sed 's/\+.*@gmail/@gmail/'"?

Re:Blocking known residential blocks sucks

[statemachine]

Blocking known residential blocks sucks as a solution as it removes some of the democracy of the net.

It's usually more nuanced than this. What is meant are dynamic IP addresses and IP blocks that are both under TOS restrictions for running a server.

I (like others I'm sure, but maybe not so many of us these days) run a mail/web server from home. I just use it for personal mail. I have SPF and rDNS set up, I play by all the rules. Why block me because I use ADSL at home with a static IP?

I've had your exact setup and have had little problem. Have you tried checking the blacklists and removing your IP? I check every few months just to make sure I'm not being listed for whatever reason.

You are not among these (you have a genuine complaint), but many others who talk about residential blocks are operating servers in violation of their TOS. You and I, on the other hand, have gone out of our way to get a connection that allows servers. While I am sure there are some people who don't have access to buy such a connection at the same reasonable price you and I pay, these people are rare. The majority just want the rock bottom pricing but all of the upper Tier benefits.

And it's not like I haven't been in these rare people's situation: where one lives a server-friendly TOS can't be had. I've found hosting at friends' houses, at work, and even a co-lo just to keep my personal server online. Yes, it's inconvenient. Yes, it costs a bit more (I've always paid my friends, or if at work, had my server provide a service). I'm not going to debate "worthiness," but I've always gone the extra mile. If there is a server-friendly TOS available to people to buy, I am not sure I can sympathize with people who choose not to upgrade/switch to it.

Re:There's the rub!

[avronius]

Sure wish that you hadn't replied anonymously - I do appreciate your response. On one hand it's humourous, and on the other, it's validity cannot be overlooked.

Allow me to address each of your concerns in turn.
1. Users of email will not put up with it
Most users of e-mail don't care what happens between send and receive. Like the postal service, once they drop their envelope into the slot, they expect magic to happen after it leaves their hands and arrives at their intended destination. They are vociferous when their message isn't delivered, or if they receive too many messages that are "off-colour".

2. Huge existing software investment in SMTP
I don't easily discount the existing investment in smtp. I do, however, believe that the next step is to quit building barriers and start looking for alternate solutions in ernest. Adding a protocol for mail handling would require adding a layer that doesn't currently exist between mail servers.

3. Armies of worm riddled broadband-connected Windows boxes
This is, indeed, a barrier. If the new mechanism requires authentication, you will be able to easily locate and address these boxes. This isn't an ideal approach, but the other option of "not providing a patch for these hosts" isn't realistic.

4. Eternal arms race involved in all filtering approaches
I admit that I don't fully understand the implication of this comment - are you referring to the cost of funding a certification service?

5. (x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
I freely admit that this idea was reasonably easy to come up with. What I don't understand is why there isn't more emphasis on change, and why there is so much entropy associated with it?

6. (x) Blacklists suck
7. (x) Whitelists suck
I agree with both of these. However, a central location that works for everyone would not be as bad as dozens of home-grown black/white lists.

8. (x) Why should we have to trust you and your servers?
There's no reason for you to trust anything of mine - your role is merely to get a [hopefully freely available] certificate and add the protocol [and any accompanying patches related to activating it]. When you are comfortable with [the next big thing], disable smtp and wait for the complaints to roll in.

9. (x) I don't want the government reading my email
I can't help you with this one. It's possible that the government is already reading your mail. How would this system be any different? Granted, it's close to impossible to remain anonymous in this system, but I would expect to that there will always be a sever somewhere that would offer you that option if you want it.