Slashdot Mirror
Spam Back Up To 94% of All Email
Thelasko writes "A NYTimes blog reports that the volume of spam has returned to its previous levels, as seen before the McColo was shut down. Here is the report on Google's enterprise blog. Adam Swidler, of Postini Services, says: 'It's unlikely we are going to see another event like McColo where taking out an ISP has that kind of dramatic impact on global spam volumes,' because the spammers' control systems are evolving. This is sad news for us all."
Spam is only about 5% of my email. So someone out there must be getting about 185% of their email as spam to average us out.
send more _useful_ emails to offset that.
..to whom are they sending all the spam?
I have barely seen any in the last 3 or 4 years.
Maybe I am a freak, but to quote Davork, I get no spam. Gmail's filter catches pretty much everything. Once on a blue moon one will slip through, but I can tolerate one penis pump add every month or two. It might be true that a lot of spam is passing back and forth across the networks, but from a user point of view, it never makes it to me.
The article seems to be counting whole e-mails, but what about bytes? And what percent of global IP traffic is E-mail? I'm just wanting to get a feel for how much spam is clogging the backbones and not just how much it is clogging the mailservers.
I'm personally glad I don't have to run my own mail server anymore. Having to fight the constant battle against spam can seem like an uphill battle. I'm happy enough with Google Apps, very little spam gets through the filters and it's very rare to get a false positive.
Despite the fact that my mail email address is not published online anywhere and I'm very careful who I give it to (I use different addresses for completing forms online) the amount of spam that Google filters out is still amazing.
There must be a lot of stupid people out there that respond to this stuff, it wouldn't exist if it wasn't profitable.
Where I work, we use the IronPort spam filter, and I almost never (once per month?) see spam.
Of course, I don't know if any legit mail is getting filtered, and our spam filter may become worthless if it becomes mainstream (spammers will refine their code against it). Spam filtration is an arms race, but you can buy yourself a seat on the lead arm if you have the money :-)
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
When can we filter out all the paper junk mails stuffed in my real mailbox?
What, do you think us BOFHs were all havin' beers celebratin?
Its Never Going to End!
Never
NEVER!
NO SIG
...so I can come and smack you upside the head.
Obviously, shutting down an ISP would have a negligible long-term effect on spam. Intelligent people realize that the people behind spam are themselves intelligent (at least intelligent enough to almost never get caught). Obviously they have contingency plans. If you shut down one mail relay they go to another. If you shut down one ISP they go to another. If you shut down one web hosting company they go to another.
If you shut down their favorite registrar they go find another.
Anyone who thought that shutting down one ISP would have any meaningful, long-term effect on the spam problem needs to read up on how spam works, and why it exists. In short, spam works because it is profitable. Spammers don't sent out spam just because it annoys people, they send it out because they make money off the products that they push through spam. Hence they will find new ways to push out spam, as long as they can still make money.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
could you scoot over in that coffin there? thanks
time to shuffle off this mortal cat cable
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Spam filtration is an arms race
That part I agree with.
However, I still say that spam filters will never solve the problem. Spammers will just keep finding new ways around them, and all the while we will continue having to pay the costs of transporting and filtering the junk email (in terms of bandwidth and cpu costs, in particular).
The only way to stop spam is to remove the reason why it exists in the first place:
If spammers can't make money off of sending out spam, they won't send it out to begin with.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
I'm with you in that I hardly ever see a single spam email these days. There was a time when the Junk folder in my Mail app held a pretty consistent ~3000 spam emails. Today it just has 2 !
It's tempting to wonder why the spammers even bother anymore, except we know that they only do it because enough people respond to generate plenty of profit for them all.
So the only conclusion we can draw from this is that not all Mail services are created equal. Google is the king in my book, but there must be others that are lousy.
Who are the bad boys out there? They need to be named and shamed.
Google and Yahoo have inadvertently created a goldmine of email addresses. While I get a lot of spam from various domains, it is these two sites that I have a problem with. See, they use domain keys, which elevates the message above spam filters (or at least helps to). So spammers have cracked the google chacpta (sp?). There is no easy way to report these addresses for abuse. The providers need to somehow only allow domain keys on VERIFIED accounts, or have multi-level domain keys.
I think that a craigs-list moderation style of X spam reports and you're cut off is the way to go. Of course, these reports should only be counted from existing VERIFIED accounts, with the reporting mechanism built into the interface.
Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
Wow, you got Obama? That's a big time coup! I wasn't interested in joining your group, but now I am!
Tell me, do you have to be gay or black to join? I'm neither, but I am willing to undergo homo/melanistic surgery so long as it's paid for by American taxpayers.
Even though good law and experience has shown that, leaving an industry to select few increases chaos, and decreases quality and innovation. It is no different here. The laws on the books said close down Microsoft, but Microsoft money paid to political election funds and special interest groups bought and locked in their illegal hold on the market. Thus, the platform that was designed to be a stand-alone system and not networked is the worst offender with spam-bot networks generating oodles of spam. You won't see the proof, because like all politics, Microsoft controls the tech media, blaming strong tried and true Unix and more specifically Linux, for the blame of IT follies.
1) Those services are not suitable for some types of communication.
2) All of those media are susceptible to spam. As soon as email spam becomes less profitable (e.g. if email were to disappear off the face of the Earth), this will become evident. Even today I get SMS spam.
If the incentive to send out spam was removed spam would slow down to a tiny trickle. Right now its just easy money with all to little effort and next to no chance of getting caught. The only way to stop spam is targeting the companies behind it. Seize all goods sold by spam at the border and charge any company affiliating with spam. If you can hunt filesharers around like dogs it should be no problem finding people hacking thousands of computers and sending millions of spam a day.
HTTP/1.1 400
the point with nntp and smtp in the same thought is that both protocols were designed in a kindler gentler time, in which spam, literally, did not exist yet
absolutely will spammers always do their thing. any system designed by a man, can be broken by a man. but there is a difference between breaking into fort knox, and strolling into the local 7-11. smtp was not designed without any security, really, whatsoever. any protocol designed with security in mind, meanwhile, will still get spam, but no where near the degree and with such ease as we see on our old naive protocols from the dawn of the internet
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
I have stopped some 90% of the spam, sending contracts to the manufacturers of the "goods" advertised, charging them 5,000 bucks per e mail received/read, and a penalty fee of 2,000 dollars a day for each day of not receiving payment...so far the only ones that are not reading their Inbox are Pfizer ( they owe me about 150 grand) and Sears, which just today has passed the 25 grand barrier...my lawyer will buy a nice jaguar with the settlements....
Every popular communications medium since history began has been infiltrated by spam. From solicitors on public walkways, to signs on utility poles, to pirates broadcasting radio from boats, to junk mail, to telemarketers, to e-mail spam. As far as I know, nobody has ever come up with a communications medium which offers all of the following:
1* reliable
2* anybody can contact
3* no spam
Every solution so far is a compromise. By having a private e-mail address (or private social networking page) you can eliminate #3 at the cost of #2. With spam filters, you significantly improve #3, but also slightly cut #1.
Social networking sites might have some improvements over e-mail (such as no forging allowed) but the only reason they might have less spam is because they are not as popular.
Spam is an arms race, and the more weapons in your arsenal, the less of a problem it becomes. For mine, the biggest problem I have with spam comes from the *email required field on almost all online forms. My weapon of choice for this? www.mailinator.com
"There are two novels that can change a bookish fourteen-year oldâ(TM)s life: âoeThe Lord of the Ringsâ and âoeAtlas Shrugged.â One is a childish fantasy that often engenders a lifelong obsession with its unbelievable heroes, leading to an emotionally stunted, socially crippled adulthood, unable to deal with the real world. The other, of course, involves orcs."
FTFA: "When gullible users click on a link in a spam message, they are directed to a Web page that contains a fake news headline and a purported video describing a nearby crisis, using the userâ(TM)s I.P. address to identify the nearest major city."
I think this is a good argument for an Internet license. You have to study for and pass a test before you are allowed to go online.
... "like McColo where taking out an ISP has that kind of dramatic impact on global spam volumes."
Well, no, getting rid of the broken-ass SMTP protocol would certainly have a dramatic impact on spam volume, and/or convincing ISPs to block port 25 for customers who don't explicitly request it.
There's a lot ISPs and ISVs could do about spam, if they wanted to.
Very rarely do I get actual spam (unsolicited, no opt out, misleading header) in my inbox, less than once every two months or so, but what everyone seems to forget is that the ISP's have to pay for the bandwidth of all this spam, and that bandwidth cost gets passed straight on to us consumers.
So even if we don't get it in our inboxes, we are still paying a price since spam is the equivalent to sending a piece of snail-mail that is paid by the receiver.
Lately I have found I dont get much SPAM passing through my filters even though I have specifically turned OFF the SPAM filters my ISP provides (to avoid the chance of any false positives)
Never mind... its not origina.
Had me going for a while.
Cool. Ann Rynd
Who the heck is Ann Rynd?
Oh, wait, now I remember. She wrote Atlas Shrubbed.
nothing will stop spam
my point:
i agree. but it means something if the protocol makes spamming harder. there will be a lot less
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
I wouldn't rush, I bet they will sodomize him to death with their gigantic throbbing black penises, once they realize he isn't really a nigger.
How many still buy the romantic idea that all life is precious? If you're over 30, you've probably cured yourself already of that illusion. If we (a number of nations) just started acting rationally and removed major sources of the disease (let's say execute just 50 top megaspammers), and demonstrate willingness to continue the treatment, I will bet you the amount of spam worldwide would plummet.
Spam is no surprise to anyone anymore. We have to start taking responsibility for our lack of determination to solve the problem.
There is zero social benefit from spam. There is zero excuse "I didn't know" if you're sending 10 million spams a day. There is zero reason why the society should tolerate it.
End anonymous moderation and posting on
the only long term solution to spam is to shut down smtp servers, and start using another protocol...
I leave to the reader to design a new protocol and the plans to implement it
"This is sad news for us all." -- Adam Swidler, of Postini Services
Isn't Postini Services a service that makes money by being an "outsourced" spam filter?
Not a sad day for them...
I run my own domain and have about 130 email addresses. Usually I just create a new one for new uses (different hobbies, different interests). Every website that asks for an address gets a disposable one, rather than a "proper" address. The consequence of these small and quick precautions means that last week I saw 8 SPAM emails, from a total of all the personal email, forums and *wanted* stuff of over 600 emails. Occasionally I find a trusted address gets an unexpected and unwelcome flurry of emails - it then gets deleted and a new one set up. Friends and family addresses are sacrosanct.
I simply don't understand how or why people only ever have 1 email address and give it out unconditionally to anyone who asks for it. How can people live like that?
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
its better to leave the door wide open and stand there with a gun, than it is to just a put a damn lock on the door and go about your business
you are telling me what we have now is superior... because we have "many eyes" (meaning: we have to work our asses off to maintain a baseline of civility)
hey: howabout the protocol provide some barrier of entry, so you don't have to work so hard? how's that wacky idea strike you?
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
What about short term pain for long term gain?
When someone as massive as google gets a confirmed spam address, simply respond back with many replies that are as good as genuine replies. Spam them with a few thousand and finding one becomes too difficult, therefore the business model falls away.
I know this is increasing spam short term, but remove the business model and it should stop long term. If other sites (yahoo etc) pick up a similar system for a coordinated effort can't spam be stopped?
I really believe that. If NO one ever fell for their sales pitch, spam would die.
The ROI for this stuff is the killer. I run a bunch of mail servers, and the amount we block is just insane.
On the good side - at least the actual bandwidth usage IS much smaller than the average day of real mail. Of course, when that changes, and spam becomes a bandwidth problem... it will get fixed, one way or another. Businesses can deal with annoying spam, but when they really end up paying hard cash for their bandwidth, things will change.
-- I really need to bleed off some of this
Get a throw away email to put all of your junk and you should be just fine, or better, don't give out your email to every website that asks you for it.
I only clicked on the Randian's post to say this.
Have you been touched by his noodly appendage?
Over the past year, 95.2% of my network's incoming mail was spam. But hey, it's not THAT bad, is it? Like the spammers always say, we can just hit "delete", right?
Oh, you're not stuck, you're just unable to let go of the onion rings.
I really don't know all those people? I was wondering what warranted my sudden rise in popularity. Well, since I have you hear, would you be interested in hearing about our online electronics store?
Now we see the violence inherent in the system.
How apt, spamming the spam article
Really it's that low I thought it was more.
[signature]
Put the Ayn Rand fanboyism to some good use and try to earn some cash:
Ayn Rand Institute Essay Contests
open source modern art: laser taggi
It may be back up to 94% of all email, but still is only 1% of 'Anonymous Coward' postings on SlashDot.....
Knowing Google's lust for data collection, the Soviet Union is still alive and well inside the psyche of Sergey Brin....
You perhaps thought some denizen of /. could just rant that well and that prolifically?
Not exactly off-topic. This is one example of unrequested information (spam), and of the ultimate problem of controlling it --
We might succeed.
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
When the news went out about that shutdown my nightly spam count (the amount that builds up from when I go to sleep and shut off my machine to when I wake up and turn it on) went from about 900 to about 200.
In the time since then it has edged up to about 400. But it still hasn't gotten back to the 900 level. Beats me why, but I'm not complaining.
(Only 10 or so of the 900 ever got past my spam filters, but even so, it meant waiting for minutes while the app downloaded all the messages.)
Cow Cube
I must be the only one who barely gets any spam. The run-of-the-mill gmail filter has been working for me perfect for what seems like years now.
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
It's too bad the Russian spam solution turned out to be a hoax.
Specialization is for insects. - R.A.H.
This doesn't surprise me since services like CastleCops, which were a serious pain in the ass for spammers, were closed down due to lack of funding and massive DDOS attacks they could not withstand with their budgets.
The big ones do not care - I've tried to get Google interested in cooperating with CastleCops (to receive sample spam message feeds), but they saw no business case in that for them.
Now the GMail accounts are getting more and more spam that passes Google's filters and there seems to be no hope of improvement in the near future.
Your post advocates a
(x) reasonable
approach to fighting spam. Your idea will not work. Here is why it won't work.
(x) Slashdot pundits will dismiss it offhand without considering its merits
Specifically, your plan fails to account for
(x) Condescending asshats
(x) Groupthink
(x) Memes
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet form-letter responses are even easier
Furthermore, this is what I think about you:
(x) Sorry dude, but these people will work tirelessly to make sure it won't work.
So many of the posters here have reacted as if the problem that TFA talks about is users receiving spam. That is yesterday's problem, for the most part - as so many here, I, too, get spam in my inbox hardly ever, as it gets filtered out on several levels. The problem is, that bandwith is not a finite resource, and with this level of traffic getting routinely filtered out, we should go to the source.
At the risk of making a fool of myself, I'll try to suggest a couple of low-tech approaches:
Before designing a new protocol to replace SMTP, how about having ISP's block any source of SMTP requests from an IP that's sending above X mails per day until they have verified, that the mails are legit. The X could be a fairly low figure without affecting 99% of legit users. Wouldn't that eliminate a huge proportion of spambots?
The profitability of spamming is much harder to tackle. I often wonder who buys all these products, that are supposed to make a superman out of me? Businesses buy these spam services, or they wouldn't be such a problem, and presumably they wouldn't, if people didn't fall for them. Education would be a partial answer, but Barnum was right about a sucker being born every minute -except it's more like every ms.
As for phishing sites, I have a locked hosts file on several boxes in use by several people, that directs a huge number of common spoof sites to 127.0.0.1 - if someone clicks a link, they'll get a message telling them, that they have clicked a forged link. Have the browser updates install and update that on Windows boxes. It doesn't eliminate spam per se, but reduces its profitability.
I have had a bunch of emails blocked by receivers, who have done it on a domain basis. Everyone from that domain (my ISP) gets blocked, because some blockheads have let spambots run on their boxes. Some news sites have done the same with HTTP requests. That is a pretty blunt tool.
Every problem has a solution that is simple, easy and wrong. Selling our Liberty for a little Security is a much too de
because I sit here all day hitting the check for new mail button but nobody is trying to help me make my penis bigger or sell me a women.
I don't even get SPAM to the webmaster, root or JoeBob accounts on my multiple domains *** cry ***
Mhhhh, I think it all started when I setup ZEN from http://www.spamhaus.org/ about 2 years ago.
Our work mail server gets hit by about 2 spam emails/second on average. Among other defences, we use the zen DNS blocklist from Spamhaus which does a great job of mitigating this deluge but some still manage to find their way through to user's mailboxes.
I also have a personal gmail account which gets a lot of spam but I can't remember the last time Google's filter missed one and let it get through to my inbox - their filter is amazingly accurate. Wouldn't it be great if they made a public blocklist available along the lines of Spamhaus? If I could integrate our work mail server with Goggle's anti-spam filter, my users would love me. Google could make it free for personal/low volume use and charge for enterprise use - I'm sure they'd have loads of takers.
and you've OK'd being on marketing lists with a GUARANTEED address for years before you find all the ones who picked up your name and tell them to stop.
Cool.
True, but the Postini solution does a lot more than just spam filtering, and I suspect they'd do just fine in a spam free world. Plus they're owned by Google now - so I suspect they are somewhat involved in Google's filtering scheme.
Blocking emails from non-western countries? I don't really get mail I want from outside Australia/New Zealand, other than a few friends that are easy to whitelist. So after that tracing the source of spam within our borders and shutting them down would make sense.
Create an international task force to "deal" with the issue out of the UN. Call it Rainbow 6 for fun. Use force to root out spammers in member countries, and allow swat force in cooperation with local law enforcement to nab jerks. Use diplomatic pressure in non UN areas for compliance. Since it is an international issue choose a member state to try the individuals in court. Pick Iran.
No more spam.
All the nonsense spam I get now is from .cn/ So I have set filters to delete that automatically. After a career-long effort to cultivate sensible, normal, exchanges with careful people from China (with all due respect for their natural sensitivities), I have to delete that source. CN authorities please copy - you are eliminating your friends by permitting this.
1. Some channels without spam is better than no channels. 2. You get SMS spam, but spam is not 95% of SMS traffic, plus you need a verified phone account (in most cases) to use SMS. It's a lot easier to shut someone down when you know who they are by the account details. Come one people. Think about this. There are a lot of possibilities for fighting spam, if we switch protocols. That idea does not warrant a -1 overrated.
While there's always some unwanted communications in any media, none of the media you list have 95% of their traffic going toward spam. Email is broken for that reason alone (and more).
Come one people. Think about this. There are a lot of possibilities for fighting spam, if we switch protocols. That idea does not warrant a -1 overrated.
With no forging, anyone who sends spam can be immediately barred from the service, and any relevant legal actions could be brought against that person. Anybody can still contact you on say, Facebook, they just have to sign up for an account using a verifiable identity. That's really not a big deal. Also, spam filters don't eliminate spam, they sweep it under the proverbial rug. It's still there, taking up bandwidth, we just don't see it in our inboxes. We don't need something completely impenetrable to spam, anything less than 95% is an improvement over email.
"Some channels without spam is better than no channels"
That doesn't address the issue. Before you can say "drop email in favor of X, Y, and Z", you need X, Y, and Z to be a suitable replacement for email. You don't have that. For a certain, small fraction of the activity that is done by email today, those other services would be suitable replacements; but people are already migrating to them for those activities anyway.
Besides, what we have today is: some channels without (or actually, with little) spam. Do away with email and you will accelerate the pace at which those channels start getting more spam. It's as simple as that.
"spam is not 95% of SMS traffic"
Spam is not 95% of SMS yet, because email spam is still the easier option. As I noted before, if you take email out of the picture, other services will get increased spam. I get as much SMS spam today, as I got email spam in the mid 90's.
"you need a verified phone account (in most cases) to use SMS"
Even if that were true today (it's not): In the mid 90's people would've talked about how you had to have a registered email account and people would know who you were, so spammers would be easy to shut down.
You're trying to use tool choice to solve a social problem. It isn't going to work.
You're trying to use tool choice to solve a social problem. It isn't going to work.
Frankly, it will work, and I think it's funny you aren't open to that possibility. Plus, in many ways it is not a social problem, but a technical one. Putting locks on your doors keeps people from just walking in off the street. Email is basically an unlocked door with a big sign that says "come on in!" Anyway, who had a verified email accounts in the 90's??! Email was way more open then. The funny thing is we've tightened it up and it's still a problem.
Before you can say "drop email in favor of X, Y, and Z", you need X, Y, and Z to be a suitable replacement for email.
You didn't read my post that closely did you. That's OK, it is Slashdot after all ;-) If you'll go back to my first post, I'm not saying that we need to switch today. I'm saying we need to switch. To something better. Email sucks. And there are alternatives for many of the things email does for us. Anyway, you're right with the SMS stuff - you can send from IM etc. Facebook is a better example. It's hard to imagine Facebook becoming 95% spam since in most cases you could file legal action against the spammers or take their accounts away.
Besides, what we have today is: some channels without (or actually, with little) spam. Do away with email and you will accelerate the pace at which those channels start getting more spam. It's as simple as that.
It's really not that simple. Do you know how email works? It's basically completely open to spammers. There are many many things that could be done better with email. A lot of that is implemented in some of the social networking sites. There are certainly ways to reduce spam before it is sent. When we have to filter 95% of email traffic after it is sent, you don't stop and think something's wrong??
Gmail spam filter is pretty neat. If only google could find a way to filter it for every mail account. That would reduce spam. 2 years ago, I had between 4000 and 6000 spam in my spam folder. Now I only have 600. Unless google delete spam before it reach my spam folder, the number of spam is lower than before.
Maybe spammer concentrate on other mailbox because the spam filter is too good ? Wouldn't it be possible for Google to set up a service with that works with enterprise email ? I know that there's a configuration for that in Active Directory.
I regularly get spam that's gets through gmail filters. And what about legitimate mail getting put into the spam folder? That wastes a lot of time.
The spammers craft their mails so well these days, that legitimate mail has a much higher chance of getting dumped into the spam folder than spam does