Slashdot Mirror
Spam Back Up To 94% of All Email
Thelasko writes "A NYTimes blog reports that the volume of spam has returned to its previous levels, as seen before the McColo was shut down. Here is the report on Google's enterprise blog. Adam Swidler, of Postini Services, says: 'It's unlikely we are going to see another event like McColo where taking out an ISP has that kind of dramatic impact on global spam volumes,' because the spammers' control systems are evolving. This is sad news for us all."
The article seems to be counting whole e-mails, but what about bytes? And what percent of global IP traffic is E-mail? I'm just wanting to get a feel for how much spam is clogging the backbones and not just how much it is clogging the mailservers.
...so I can come and smack you upside the head.
Obviously, shutting down an ISP would have a negligible long-term effect on spam. Intelligent people realize that the people behind spam are themselves intelligent (at least intelligent enough to almost never get caught). Obviously they have contingency plans. If you shut down one mail relay they go to another. If you shut down one ISP they go to another. If you shut down one web hosting company they go to another.
If you shut down their favorite registrar they go find another.
Anyone who thought that shutting down one ISP would have any meaningful, long-term effect on the spam problem needs to read up on how spam works, and why it exists. In short, spam works because it is profitable. Spammers don't sent out spam just because it annoys people, they send it out because they make money off the products that they push through spam. Hence they will find new ways to push out spam, as long as they can still make money.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
If it's slowing down networks, then it does effect you.
"I only speak the truth"
Karma: null(Mostly affected by an unassigned variable)
Maybe I am a freak, but to quote Davork, I get no spam. Gmail's filter catches pretty much everything.
Yet Google (and all other email systems) are paying for 17x as much bandwidth and infrastructure as they would otherwise need (plus filtering costs)
That you aren't actually receiving the spam doesn't mean it's not still being sent to your address. The fact that your ISP or Google or anyone else is having to spend a huge amount of resources to combat all this spam is the problem.
Spam filtration is an arms race
That part I agree with.
However, I still say that spam filters will never solve the problem. Spammers will just keep finding new ways around them, and all the while we will continue having to pay the costs of transporting and filtering the junk email (in terms of bandwidth and cpu costs, in particular).
The only way to stop spam is to remove the reason why it exists in the first place:
If spammers can't make money off of sending out spam, they won't send it out to begin with.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
You don't need a lot of people. Spamming is cheap. You only need one reply from a shitload of spams and it'll still be profitable.
I've never had malaria. What's the fuss?
how to invest, a novice's guide
maybe random people have entered random addresses in contact forms to get their "free ringtone"?
I think that a craigs-list moderation style of X spam reports and you're cut off is the way to go. Of course, these reports should only be counted from existing VERIFIED accounts, with the reporting mechanism built into the interface.
That currently gets abused. I have heard that anybody trying to sell an animal, for example, gets flagged as abuse by PETA assholes. Could the same happen to mailing lists? If one wants to sink a mailing list, they subscribe to it with all their e-mail addresses, and tell each e-mail provider that it is spam...
A cat can't teach a dog to bark.
If the slowdown isn't noticible, it doesn't.
I also think it's the folks who sell the spamming software and whatnot. They sell this "Get Rich Quick with Mass Email Marketing" to folks who plunk down their life savings and they start doing the actual spam. I compare it to selling pans and picks to mine gold to someone in NY City.
Also, let's say that your ISP does catch all the spam. What valid emails aren't you getting because of false positives? What valid emails are you sending that the recipients aren't getting because of false positives?
Not getting spam is only half the battle. Getting all valid email is the other half. Winning the war decisively is an additional problem on top of that.
Sad thing is, our users have grown accoustom to the hard work we do to prevent spam that when they get a single spam message in their inbox, they pick up the phone and call the help desk, who then create a ticket and forward it to me so that I can "check the spam filter to make sure its working".
Seriously? Fuck you... press the delete button and get on with your life. How about I just create a catchall and forward it to your inbox - then you can see all the crap we're blocking first hand.
A) How do you know it's not noticeable? It's not like you can ask spammers to stop for a moment while you test that.
B) Even if you don't notice the difference, chances are that filtering out all that spam and upgrading pipes are causing your ISP (or theirs) to charge a bit more. In the case of free webmail, that would translate to more ads and less time/money to add non-spam related features.
Not really. Yes, e-mail systems are paying for way too much bandwidth, but how big a percentage of Google's bandwidth do you think is used handling e-mail? And if you compare e-mail bandwidth to Internet traffic overall, I'd imagine it's pretty trivial (if anyone has actual numbers, I'm curious). Those 50 1kB ads getting filtered out by my ISP are laughable compared to the traffic I generate watching 1 show on Hulu.
It's an unnecessary expense and it's aggravating, but no way is Google paying for 17x as much bandwidth as they need because of e-mail spam.
He's getting rather old, but he's a good mouse.
"This is sad news for us all." -- Adam Swidler, of Postini Services
Isn't Postini Services a service that makes money by being an "outsourced" spam filter?
Not a sad day for them...
I run my own domain and have about 130 email addresses. Usually I just create a new one for new uses (different hobbies, different interests). Every website that asks for an address gets a disposable one, rather than a "proper" address. The consequence of these small and quick precautions means that last week I saw 8 SPAM emails, from a total of all the personal email, forums and *wanted* stuff of over 600 emails. Occasionally I find a trusted address gets an unexpected and unwelcome flurry of emails - it then gets deleted and a new one set up. Friends and family addresses are sacrosanct.
I simply don't understand how or why people only ever have 1 email address and give it out unconditionally to anyone who asks for it. How can people live like that?
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
Put the Ayn Rand fanboyism to some good use and try to earn some cash:
Ayn Rand Institute Essay Contests
open source modern art: laser taggi
Until Certified servers get hacked.
Until computers using certified servers get hacked.
Until someone hacks the certificates.
Why not determine if something is spam based on not only where it came from, but also what it reads or contains?
Its been said before, but any competent computer user will only see maybe 1-2 spam mails per week. Going from over 90% to less than 5% roughly is pretty darn good.
There are other areas of the internet that actually need fixing that we should worry about.
I HATE this stupid form letter thing. Firstly, it really shows lack of imagination on your part. Second, it's WRONG:
(x) It will stop spam for two weeks and then we'll be stuck with it
'Stuck with it'? What's that supposed to mean? Like we're 'stuck' with SMTP or HTTP?
(x) Users of email will not put up with it
What's to 'put up with'? It's virtually invisible to users, except for the filter option regarding what to do with certified email, and a Big Red Button in their email client to automatically report certified spam.
(x) Requires immediate total cooperation from everybody at once
Simply WRONG. I addressed this in my post:
An email client that is Certification-compatible will, when it receives an email, look to see if it has those two headers. If not, it will handle it according to the user's wishes. This means NON-Certified email might be deleted, or sent to a different folder, or whatever. Whitelists/blacklists are still possible. ... ...
You can still send non-certified email, so hobby mailing lists and the like are not affected- the people who receive the mailing list might just need to whitelist it.
This system does not need to be adopted all at once. Certified and non-certified emails can be handled both by email clients that are Certification aware and not.
(x) Many email users cannot afford to lose business or alienate potential employers
They wouldn't.
(x) Open relays in foreign countries
What about them? If the server is Certified, they'll get reported. If they're not, they'll probably be ignored.
(x) Asshats
?
(x) Huge existing software investment in SMTP
This is still SMTP, just with additional Headers to the email, and an additional protocol to request/retrieve the Key.
(x) Armies of worm riddled broadband-connected Windows boxes
Again, If the server they use is Certified, they'll get reported. This results in the ISP cutting off the "worm riddled" boxes, and forcing the user to clean the box before allowing internet access (or at least email access) again. OR, if the ISP ignores the problem, they get their Certificate pulled. This is a bad thing?
(x) Eternal arms race involved in all filtering approaches
The only way to 'beat' Certification is to Certify yourself (you'll get blacklisted for failign to deal with spam reports), or have a 'spam friendly' ISP Certifiy you. (and then they'll get blacklisted.) Or ISP-hop constantly.
(x) Extreme profitability of spam
It's not profitable if no one replies. No one can reply if they don't see the spam. They can't see the spam if their client trashes it. Their client trashs it if it's not certified. (probably- this is user settable for normal email clients, or server-settable for webmail.)
(x) Extreme stupidity on the part of people who do business with spammers
See above.
(x) Dishonesty on the part of spammers themselves
It doesn't matter if you can't get a ISP to certify you.
(x) Bandwidth costs that are unaffected by client filtering
Not at first. But when they get NO replies, they'll stop spamming.
(x) Outlook
Why is this a problem?
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
None have ever been tried.
(x) Blacklists suck
Despite my saying 'no one will get the non-certified emails', this is not technically true. Certification is not a blacklist. It is a one of several criteria that can be used to filter email. For instance, a email filter like SpamAssasin looks at many factors to decide if an email is spam ot not. 'is it from a real domain?' 'Does it contain the word 'viagra''? 'is it CC'd to more than a few people?'... and a lot of other criteria. "Is it C