By Latest Count, 95% of Email Is Spam

An anonymous reader writes "The European Network and Information Security Agency released its new spam report, which looks at spam budgets, the impact of spam and spam management. Less than 5% of all email traffic is delivered to mailboxes. This means the main bulk of mails, 95%, is spam. This is a very minor change, from 6%, in earlier ENISA reports. Over 25% of respondents had spam accounting for more than 10% of help desk calls. The survey targeted email service providers of different types and sizes, and received replies from 100 respondents from 30 different countries."

Logic?

[clang_jangle]

Less than 5% of all email traffic is delivered to mailboxes. This means the main bulk of mails, 95%, is spam.

I don't doubt that it's around 95%, but the logic of the above-quoted statement is certainly flawed.

Re:Logic?

[sdnoob]

your internet provider or mail server administrator is likely blocking more (a LOT more) spam than you see come through to your "spam folder".

95% spam is a reasonable estimate for a report coming out of the EU, i think; and is pretty close to what i see here in the US (about 9 of every 10 inbound messages to our domains is either blocked at time of delivery or filtered later on).

Re:Logic?

[characterZer0]

Right. They are ignoring the huge volume of legitimate mail that hotmail/msn silently deletes in violation of the RFCs.

Re:Logic?

[Teun]

Survey only took place in Europe and apparently one company in the US.

In short, this is a waste of someone's money.

Only, huh?

27 nations and a population of >500 million forming the largest economic block in the world...

Re:Logic?

[Hurricane78]

Well, I use a greylisting system, with amavisd behind it, and the greylisting blocks 90%, before it even reaches the spam filter. (Which also keeps the resource usage down.)
Then spamd and the other spam systems linked into in amavisd throw out nearly all the rest of the mails.
I’d say 95% is a vast understatement. More like 99.5%.

Also, everything that is filtered by amavisd, still goes to the junk folder of my IMAP account, so I still can undo false positives.

Works pretty sweet for my own server.
I simply can’t say, that spam is a problem for me anymore.

More than 90% for me too

[Arancaytar]

I also get about 10 times as much spam as actual email. Fortunately, Google is pretty good at filtering that - the number of false negatives in my inbox has been less than ten this month, while I got over a thousand to my spam folder.

It's hard to comprehend how people deal without that level of spam filtering - I have relatives who regularly register new accounts in order to escape their spam.

Re:More than 90% for me too

[Blowit]

Want to reduce false positives, and your friends, colleagues and email partners to ask their provider to support either Domainkeys or SPF. Once they get on the bandwagon, their mail will no longer get false positive flagged.

Re:More than 90% for me too

[kandela]

Yeah, I know what you mean. Just last week I missed out on the opportunity to make a living just from surfing the web from my home computer! I can't tell you how disappointed I was that the email offering that 'chance of a lifetime' went to my spam folder.

Then there was the time I won a million dollars but because of my spam filter I never got to claim it in time. Or the time that the Prince of Nigeria sent a desperate email to me for help, but because of spam filtering I was never able to offer my assistance. I feel just terrible knowing that he was never able to access his fortune or reclaim his rightful seat on the throne.

Accounting for help desk calls?!

Now I am not a corporate email guru, but why would spam be the reason to call for help? In this day and age it boggles the mind. Even my grandmother can deal with spam without needing tech support.

Re:Accounting for help desk calls?!

[NatasRevol]

Your grandmother is smarter than most people in the office.

I too was the email guru once upon a time (last year). It boggled my mind that people simply could not understand that some email was spam, and that some valid mail got caught because their friends forwarded a forward or an ad company sent them an actual email. And I explained this to the same set of people over and over again.

Re:Accounting for help desk calls?!

[DarkOx]

This off topic but- don't you think OS X was born out of it being easier to make Unix friendly than fixing MacOS which they tried and failed to do internally? I really don't see how Windows has anything to do with it.

I'm surprised it's that low

[jimicus]

I was seeing more like 97% (once you excluded system generated internal emails - CVS and Bugzilla between them can generate a fair bit of mail).

The killer for running our own mail system in its entirety was when I did the arithmetic and our co-hosted secondary mail server was costing more than buying Google for Domains. That's before you even consider the document management Google for domains offers, which was just icing on the cake.

Micropayments again

[Twinbee]

Micropayments. Yes I know it's been mentioned before, but one rarely hears of paying *each other* (rather than the host or government). It would be a good idea anyway even if spam didn't exist.

If we paid each other (say a penny or 1/10th of a penny), obviously the spam problem would be solved. (though some can charge nothing if they want) It also means that someone who gets a ton of email and hasn't got the time to read all of them will receive only the 'cream' of email. Only those who are willing to sacrifice say, a pound (or £10/£100 for super busy/famous people) would be able to email them.

As we know, Youtube has/is developing methods of payment to watch videos, and online papers are experimenting, so micropayments may be common sooner than we think.

Re:Micropayments again

[Nyxeh]

I had an idea to fix this:

http://piestar.net/2009/06/24/idea-fixing-the-email-system/

There are many better ways outside micropayments - which would add up on a large system (such as a forum or social networking site).

Re:Micropayments again

but one rarely hears of paying *each other* (rather than the host or government)

Only if you don't read the discussions. A scheme like that is proposed every time the topic comes to "how I would end spam once and for all". Go ahead and try it. Oh, you want everybody to switch? See, that is a fundamental problem: If your scheme requires a critical mass of people to adopt the scheme at the same time, then it won't work. (There are more problems with pay-for-email and email-bond schemes, but that is the most obvious one.)

Re:Micropayments again

[ookabooka]

Your post advocates a
( x) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won’t work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we’ll be stuck with it
(x ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(x ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don’t care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else’s career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( x) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( x) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( x) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( x) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( x) Extreme stupidity on the part of people who do business with spammers
( x) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

( x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( x) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( x) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don’t want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(x ) Sorry dude, but I don’t think it would work.
( ) This is a stupid idea, and you’re a stupid person for suggesting it.
( ) Nice try, assh0le! I’m going to find out where you live and burn your house down!

Spam not equally distributed among message media

[Dilligent]

One thing to keep in mind is that even though it looks bad (and for email it certainly is..), most other mediums aren't quite as affected by it. I do get quite a bit of Spam on ICQ these days, but the ratio between spam messages and real messages is waaaaaaaay better than 20:1. I would expect the same to hold true for most other mediums as well, so that it might in fact be a good idea to use those as a separate alternative communication channel should your inbox become overwhelmed. Something i have noticed over the years is the reduction in Trojans and worms being sent (at least to my inbox). There was a time when i received around 50 trojan-emails a day, whereas now it has been quite a while that a spam mail did actually contain any attachment whatsoever. To summarize, yeah.. email looks bad, but there's a whole set of alternative or additional channels that can be used which aren't quite as saturated.

Bill Gates

[Enderandrew]

http://www.cbsnews.com/stories/2004/01/24/tech/main595595.shtml

Bill Gates promised in 2004 that spam would be completely solved within 2 years.

Re:Bill Gates

[Tom]

He's not lying, you know. He's just waiting for the perfect year to start his two-year-plan...

Re:Bill Gates

[feepness]

640 days ought to be enough for anyone.

Re:Bill Gates

[sootman]

And what kills me is that he COULD HAVE, the bastard. Or at least, made a very large dent in it. All he had to do was have MS release some patches for Windows and give them for free to EVERYONE, "pirates" included. According to a quick search, 80 percent of spam comes from zombies.

Only 95%?

[Doc+Ri]

I am surprised they conclude the fraction of good mails is as high as 5%.

From the CERN mail server report:

Incoming mails: 1992789
Rejected: 1952787 (98%)
Moved to Spam Folder: 14520 (1%)
Good mails: 25482 (1%)

Spam in Total 99%

And this is a good day. Often good mails are less than 1%.

Re:My spam count has gone down lately

[Blowit]

check to see if your provider is using SPF... If so, they end up blocking domains that does not have one or is spoofing a domain that does have SPF setup. This helps significantly to reduce the amount of junkmail.

Re:What do they mean by 'all'?

[WuphonsReach]

Yah, you can cut the rate of bad connections down by about 50%+ if you force the sending host to follow the RFCs.

- Incorrectly formatted HELO/EHLO greeting? 5xx Doesn't catch too many connections as the other end would have to massively screw up in order to trigger the invalid HELO rule.

- Giving a HELO/EHLO that is not a FQDN (fully qualified domain name)? 5xx Many botnets don't follow the FQDN rule and will give a randomly generated HELO name. I've never had a false-positive with checks like this.

- Giving a HELO/EHLO that does not resolve via DNS (see RFC 5321, section 2.3.5 where it talks about this issue in the 1st bullet point)? 5xx or 4xx if there was a DNSFAIL issue

- SPF record says "-all" for the MAIL FROM or HELO lookup and it fails to pass SPF? 5xx (At which point, you're simply following the instructions of the sender. If the record says "-all", they WANT you to reject non-conforming mail.)

- HELO/EHLO which purport to be from your own system? 5xx Know your servers, know who is allowed to put your domain into the HELO/EHLO and boot the pretenders. Easily done in Postfix with a few simple rules.

Most of those are standard checks in Postfix and will greatly reduce the amount of spam that you have to analyze in a more in-depth manner. Which results in a huge CPU/bandwidth savings if you can tell them to bugger off before the DATA command is issued.

I prefer to save block lists for the spam scoring system as there are too many false positives (and sometimes abuses of power) in the DNSBLs. Far safer to score rather then block - although Spamhaus' Zen list is extremely good.

Re:What do they mean by 'all'?

[DaveGillam]

Agreed on all counts, and don't forget adding honeypot MX records, as many bots will either target the highest-numbered MX, or only the lowest-numbered MX. Proper MTAs will follow RFC, and get around the honeypots, to the "real" MX hosts.

Re:I for one support my online freedoms

[mikael_j]

By disallowing spamming an ISP has a specific line in the TOS that they can point to when a customer calls in screaming about their "intarwebs" being unreachable. "Yes sir, I understand that you are upset but it appears that we got several reports that large amounts of unsolicited email was being sent from your home, upon further monitoring by our technicians it was established that several thousand spam emails were being sent from your home and in accordance with paragraph 713 in the terms of service we disabled your internet connection, attempted to call you and also sent your a letter explaining the reason for us disabling your connection, if you want to have your connection re-enabled you will have to ensure that your equipment is no longer attempting to send out unsolicited email. You should also know that if this activity continues after we re-enabled your connection your connection will be permanently disconnected.".

Yes, I used to handle abuse cases for an ISP and got to explain things like this way too often, that was basically the opening explanation, most customers would bitch and moan for 10-20 minutes about how we had no right to cut off their precious internets and would claim that their computer was our responsibility (to which I would often reply with a car analogy along the lines of "If you let a stranger load your car full of explosives and walmart refuses to let you park your car in the parking lot, is it then walmart's fault that you can't be bothered keeping your car free of explosives?".

/Mikael

Re:might be a good thing

[Joce640k]

Doesn't matter. There's no shortage of people who believe spamming will make them rich. Spam isn't going to go away just because it doesn't work.