Slashdot Mirror
New Spam Site Found Every Three Seconds
Stony Stevenson writes "New figures suggest that 92.3 percent of all email sent globally during the first three months of 2008 was spam. The data from Sophos also indicated that 23,300 new spam-related web pages were created every day during the period, or one about every three seconds. For the first time Turkey's contribution to the global spam problem puts it in the top three offending countries. Compromised computers in Turkey are now responsible for relaying 5.9 percent of the world's junk email, compared to 3.8 percent in the final quarter of 2007."
I love it. I can sync my computer to it.
We should be able to kill 'em. I'd hate to advocate additional regulations but, well, something really should be done. Though, honestly, I've learned to delete it over the many years and now it is really just a pain in the balls more than anything.
"So long and thanks for all the fish."
Third placed Turkey and tenth placed UK are wthin a +- 6% band, probably close to the margin of error in the analysis.
Engineering is the art of compromise.
I never get spam, I have my school email address I use for trusted sites and people while everything else goes to a yahoo account. The yahoo account is filled with spam, but since I only have to check the newest mail whenever I use it its not a big deal. Am I missing something here?
Movin' UP!
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
http://www.youtube.com/watch?v=anwy2MPT5RE
Enjoy!
I thought Turkey was a Muslim country, isn't spam some sort of shoulder meat? Oh right, they're secular.
Yes, sir! something should be done about spam!
And, while we're at it, someone should really do something about domain squatting.
Oh year, and what about phishing? Why isn't anyone doing anything about that!?
Seriously, guys; get on it. I'll be watching the third season of Seinfeld DVD.
- Demosthenes
cynicsreport.com
Which once again proves Sturgeon's Law which states that 90% of everything is crap. Or 92.3% in this case. Luckily for me gMail is pretty good at filtering the crap, son I only see about 1 spam for every 10 real emails. However, if I look in my junk folder, and compare that to the number of valid emails I receive, I would say that 99% of it is spam.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
Something interesting I noticed, is that since I signed up for Facebook, and all my friends that have signed up for Facebook have been getting the same spam. It's free offers and stuff. At least I don't get the enlarge my penis stuff.
Please visit http://www.mederbil.com/ i7, GTX 275, 4 1TB Caviar Green in RAID 0+1 array, EVGA X58 3X SLI Board, Silver
I was wondering if anyone had any numbers on the market share of IE vs other browsers in Turkey. A few quick google searches were hesitant to reveal anything.
I didn't think it was possible.
Show me on the doll where his noodly appendage touched you.
I know that my email (especially in my older accounts) certainly matches the rate of spam in excess of 90% by volume.
And the part about a new spam site created every 3 seconds shouldn't surprise anyone either. As much as people despise spam, there is still money to be made in it. Thats why people continue to send spam, of course. Thats also why people continue to buy new domain names to sell discount "drugs" and "software".
This just tells us what many of us already knew. The spam problem will continue to get worse until we actually apply a economic solution to this economic problem.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Anyone who is associated with a spam operation is fair game. Bullet in the head and make sure you have evidence. Hell, kill the entire family associated with the spammer to prevent these scumbags from creating more of their own.
ASSP
30 minutes to install on an exchange server... filters out all the spam.
I run it on all my clients, and they average about 95% of all mail intercepted as spam with a zero false positive rate.
http://assp.sourceforge.net/
Chuck
What everyone gets in their mailbox are mainly American spam messages intended mainly for Americans, sent via hijacked Windows computers around the world. There's also a significant fraction of messages intended for a handful of other rich countries, but the only third world country seriously contributing their own spam is probably Nigeria.
But the 1st number, the amount new web pages related to spam, needs to be explained a bit more. The original Sophos report at least explain that are the related to the web links included with the mails, but not sure if that implies more spam realted domains, more spam related servers or if the big numbers are more related to different ways to write urls in the same servers,
Am I the only one that thinks that something should be done about this?
Sorry, I don't trust a product that evokes "ass pee" with spam protection. :P
You can hold down the "B" button for continuous firing.
I mean, do you have to count (in your mind) 1,2,3 until you find another one?
First it was their entry into Eurovision, now they are getting up there in the Spam stakes... what next Turkey? What next?
Moved to http://soylentnews.org/. You are invited to join us too!
"But this does not mean that other countries can give up the fight."
That's right, it's still early in the year, no one is down and out quite yet. Plenty of chances for any up-and-comer to catch up and make an appearance on the leaderboard - who knows what the second quarter may hold!
Is it me or is this a constructive use of bandwidth limiting tools? A nice corner case. Imagine if we could make it so difficult to send this crap? But then again the people required to limit this are the same charging somebody for the wasted bytes. This is the same reason we get paper junk mail. In the post office view is not a bad thing. Plus all those security companies have all these "spam solutions" to sell.
Should something be done about it? Probably. Will something ever be done about it...nope.
The IT News article didn't link to the press release from Sophos, which can be found at: http://www.sophos.com/pressoffice/news/articles/2008/04/dirtydozapr08.html
The reality is that a single sale of "herbal \/1agr4" can mean a profit for the spammer. The cost of spamming is that low for them.
In order to make it economically unsound for the spammers, you'd have to make it economically annoying for the rest of humanity. More annoying than simply putting up with the spam.
UNLESS we get rid of the stupid CAN-SPAM law and allow each state to institute its own anti-spam laws and allow citizens in those states to sue the spammers for violating those laws.
Yeah, this will hurt "legitimate" fucking "email marketing" companies
Turkish Spam KISS YOU! IT KISS YOU!!! It loving sex with all the womens of the world!
#1. Any mail accepted MUST be delivered.
#2. Any mail rejected MUST be rejected at SMTP time and include the phone number of the email admin of the rejecting server.
That's how I do it. If my machines are rejecting your messages, your server is getting my phone number along with the 5xx error message. Exim4 rocks.
If your server does not deliver that rejection notice to you, that's the fault of your email admin.
I've pretty much cut spam out completely at the company I work for. The only problem is the rather large white list I have to maintain because of all the email "admins" out there who do not know anything about SMTP or how to configure their servers. And I'm working on improving the automation of that anyway.
Urge your email provider to adopt Sender Policy Framework (SPF).
http://www.openspf.org/
3 seconds the best they can do? what a bunch of hacks
I just don't understand why this can't be fixed. Why does ISP's let this happen? Why do people let this happen?
This is just so utterly ridiculous to me that it actually makes me sick to think about it. The shear amount of waste being dealt is just insane. And it's not just Email, it's regular postal mail too. The US Mail System is so clogged up with junk that it amazes me that my paycheck gets to me each month. Every single day my mail box is full of, basically, junk that goes straight into the fire.
The above is not worth reading.
The australian govt outlawed spam here but only when the spam is directed towards other australians (the govt then issued their own spam the next day but that's another story of it's own). This of course doesn't help at all, now australian isp's only host spammers that ply their filthy trade overseas. No help at all.
Surely it's time that the UN passed a resolution to outlaw spam across the board. They pass resolutions for far less important things than this. How much energy and resources are expended on spam? Surely this contributes to the pollution of the planet enough to warrant action? It certainly degrades the efficiency of international communications. Iirc there was a paper tabled at the UN but nothing has come of it. Perhaps somebody knows more about this?
"A cynic is what an idealist calls a realist" - Sir Humphrey Appleby
Find IP and shut it down.
This is the problem with decentralized control.
Isp's are part to blame.
It's really time for someone to create a new system for exchanging online communications. Honestly, I'm just tired of spending my time with spam. I would like to track down people that have wasted literally hundreds of hours of my time and beat the shit out of them. How about the death penalty for hardcore spammers?
The headline says a site is found every three seconds. The story says a site is created every three seconds. Which is it, sloppy copy editors?
Thank you for that wikipedia page -- I just went on a great hilarious and informative link surf from it.
What is this "spam"? :P
I mean, sure, I get a few per week in my Inbox, but that's hardly the problem it used to be with my former accounts. I've stopped using those and forward them to the Gmail account now.
I live in Turkey. There's a boom in broadband internet access lately and that's the main cause that we're listed in the top 3. People buy broadband but don't know how to secure their computers and that's why most of the systems are taken by spam bots and so. Also the corporates, even they make investment on the subject, they're spreading the spam because of poor management of their security stuff. I think we'll hang there for a while till we learn how to protect our systems.
--
http://www.antispam.gen.tr/
Come on guys, you're being lazy! I haven't seen one decent "perfect" solution to spam attached to this story yet!
My own solution still stands - The parasite will eventually destroy the host at which point "huge investment to existing SMTP infra" becomes dodgy enough that it will be replaced by something else.
Hard to see how you can stop zombie-nets, thought. Even if you had some super-duper cryptographic challenge system in place, spammers can throw 100k botnet at that which can do whatever the legitimate user could do.
I'm also disappointed nobody has trotted up the dead horse "stop buying from spammers"-argument. Revenue stream isn't from people to spammers, it's from spammers to organized crime maintaining the botnets. Botnet hosters don't give a toss if the spammer makes money on their â99.95 email marketing starter kit, there's a get-rich-quick loser born every minute.
OK, I suppose spammers with quasi-legit product such as pharma-spammers may actually do some business.
First, let me say that I hate spam. I understand that in most cases it's annoying. I also understand that in most cases it's sent via illegal access to unwitting people's computers, and that there is no doubt a real cost associated with the amount of bandwidth that it consumes. I understand that in most cases the products that it advertises are scams.
But I have to wonder, how does that statistic that 92.3% of all email sent is spam relate to the rate of junk mail sent via snail mail? I don't know about you, but I'd say that 90% or more of the mail that comes to my home is junk mail, so I'm not sure that the spam statistic is all that surprising. This may just be the expected signal/noise ratio.
Moderated as offtopic??
Only on slashdot
What's your point?
Is anyone out there running a tarpit?
I have the ability to turn my mail server into a tarpit, but it won't do much good unless there are a lot of other tarpits out there too.
...at least as far as compromised computers are concerned. Bill Gates claimed in 2004 that spam would be solved by 2006. He could go a long way towards making that happen by offering XP SP2 (upgrade) free to anyone who wants it, that would work on any computer running Win95 or newer, legal/legit or not. Sure, he's officially retired, but I bet people in Redmond still listen to him. Hell, he's got enough money, he could literally buy every single copy needed and M$ wouldn't even lose a penny. (Except for lost Vista sales.)
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
You're fired. My wife did not find that little stunt funny at all.
I'm sure there is money to be made, I'm no conspiracy theorist( they're all true! ) but there are tons of spam filter, spam firewall, anti-spam this, anti-spam that.
As long as this is true, I doubt we'll see an end to it.
Even MS benefits from it.
Hi, I Boris. Hear fix bear, yes?
I don't know where they're getting their numbers from, but they always seem low.
.SCR files)
The corporate SMTP proxy I manage saw this over the past 24 hours:
372,070 Blocked by RBL
65,502 classified as spam
1,196 content violations (bad attachments, but mostly trojans like
275 virii
---------
439043 TOTAL
Only 8,235 emails made it past that proxy, of which up to 30% is spam.
So if I just want to go with the two big numbers, 439,043 bad emails out of 447,278, that means 98.16% of my email is spam.
I get over 6,000 spam a day and maybe 4 to 10 legitimate messages. I give a unique email address to everyone with whom I care to communicate, so I know where the leaks are occurring.
My filters are pretty reliable, but even tuned and tweaked legitimate messages often get lost and spam still gets through.
Most of my spam is directed to email addresses (eddresses) I have not given out. Some are invented based on common forms such as webmaster@randomdomain.com and others are created by mutating known eddresses. For example, if they know a miken@hisdomain.com they will invent miken@yourdomain.com and by the cc: lists, they seem to do this for as many domains as they can find.
The other mutation is in the From: field. I might receive 40 identical messages each purporting to be from someone different.
If, for the bogus eddresses, you send a No Such Account report, it goes back to the domain the spammers spoofed and not to the spammers, so that just adds to the burden on the Net and on the poor sods (such as myself) who have been spoofed and have to sort through the pile of bogus reports to find legitimate ones.
Considering that the bulk of my spam (most offering drugs, male enhancement, or replica watches) is not addressed to any of my legitimate accounts, and bit bucketing them doesn't stop it, what are we to do?
There was a time I considered responding to a spam asking if I wanted a bigger male member by asking them to send me theirs. Now I just want theirs to turn black and fall off.
I want the wasted time back, and the cost of my hardware refunded, but the best we can do if find the worst ones and put them in jail.
I suggest this: If a spammer goes to jail, we make him sit in front of a screen 16 hours a day, looking for the one Get Out Of Jail card buried in millions of spam. When he collects 365 of them, he gets a parole hearing.
And they said the .com boom was slowing down?
Hell no, Our economy is stronger dammit.
What does, "spam-related web pages" mean? Is this a spam-releated web page since it talks about spam? Sorry for being so nitpicky but I a have PM always speaks in techo-gibberish and it kind of bugs me.
At work, I am aware of only one instance of a dodgy mail server failing to deliver the mail. That was fixed (for future emails) by whitelisting the offending server.
But no matter what the rate of failure with Greylisting it is many orders of magnitude better than without it. When the end users are being flooded with hundreds of spam messages a day, they end up "throwing out the wheat with the chaff". At work we had many people junking so many emails that in the end virtually everything was marked as junk.
A successful delivery is really only when the end user actually gets to read the email, not having it land in their Inbox.
Ever stop to think
How to make Gmail the spam target of absolute last resort.
The goal of this suggestion is to intelligently leverage and focus Google's expertise and credibility against the spammers and their accomplices. But where will the intelligence come from? From me, from you, from *ANYONE* who has a Gmail account and who wants to help oppose the annoying evil that is spam. Aggressively implemented, it could make Gmail into Spammer Heck--maybe to the point where only a fool would send spam to Gmail. (Yeah, there are plenty of fool spammers--but at least we'd get the laughs without the serious spammers.) Less spam = more value in Gmail.
So do you want to fight against spam? You, too, could become a WSF (wannabee spam fighter).
SpamSlam is my 'working draft' label. The idea is roughly based on other anti-spam systems--but with more smarts. Almost all email systems include one level of feedback in a Spam/NotSpam button. (For relative brevity and because it simplifies the draft implementation, I'm focusing on Web-based email here.) Think of SpamSlam as a report-spam-button on steroids. SpamSlam would report the spam, but also do much more. Essentially this Gmail feature would do some of the automatic analysis that any spam fighter has to do, get some intelligent feedback, and hopefully be able to act immediately against the spammer. Speed of action is actually crucial--cutting off the spammers' income is a key goal of this proposal.
Here is an approach to implementing it:
Clicking on SpamSlam would first trigger a low-cost automatic analysis of the email, including the headers. Let's call this Pass 0. Basically this is just using regular expressions to find things like email addresses, URLs, and phone numbers. The results would be used to generate a Pass 0 webform with comments and options (and explanations and links). This pass should also look for obfuscation and ask the wannabe spam fighter (WSF) to help break the spammers' attempts to evade the spam filters. (This is leveraging the spam's features against the spam--if a human can't figure out the spam, then the human can't send money to the spammer.) In many cases, this Pass 0 analysis may be able to suggest answers. If something like "drop@dead.com" appears in the header, then the WSF should just click the option 'fake email'. Perhaps the WSF would only need to click a check box to confirm that "V/1/A/6/R/A" is a drug and categorize the spam. Other times the WSF can actually type in the answer to the spammer's quasi-CAPTCHA, and then the SpamSlam function can do something. At the bottom of the 'exploded email' in Pass 0, there will be the usual submit button.
After the WSF submits that Pass 0 form, more analysis can begin. The data is no longer raw, but partly analyzed, and the system can start checking domains, registrars, relays, fancier types of header forgery, MX records, categories of crime, email routings, and even things like countries hosting the spammer. This kind of analysis will probably take a bit of time, but a new Pass 1 form will be prepared for the WSF to consider. Basically, this would mostly be a confirmation step for the obvious counteractions. That's stuff like complaining to identified senders and webhosts, but also things like reporting open relays and spambots. It also needs more flexibility and 'other' options in the responses at this point--we all know the spammers are constantly going to try to devise new tactics. Again there will be a submit option at the bottom for this Pass 1 form.
That will probably cover most of the responses, but in some cases there may still be a need for a Pass 2 form. I imagine that would be a kind of escalation system, mostly to address new forms of spam. There is no closure on spam, there will always be new kinds of spam, and the responses to spam need to be open and flexible, too--but fast. The spammer is trying to open millions of little windows of economic opportunity--and in an ideal world we should slam all of them before a nickel gets through.
Beyond that? I think Gm
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.