Malicious Spam Jumps To 3B Messages Per Day

Trailrunner7 writes "Last year saw a monstrous increase in the volume of malicious spam, according to a new report (PDF). In the second half of 2009, the number of spam messages sent per day skyrocketed from 600 million to three billion, according to new research. For some time now, spam has been accounting for 90 or more percent of all email messages. But the volume of spam had been relatively steady in the last couple of years. Now, the emergence of several large-scale botnets, including Zeus and Koobface, has led to an enormous spike in the volume of spam."

Enough about malicious spam

What about delicious spam?

Re:Enough about malicious spam

[Tsar]

And that's just the malicious spam! It doesn't count the dozens of helpful, well-meaning, altruistic spams I get every day from good people who care about whether I have enough hair, or I'm paying too much for prescription drugs, or my wife is completely satisfied. Bless all their hearts!

Oh, did you mean del.icio.us spam? No, I didn't think so.

Re:Enough about malicious spam

[interkin3tic]

What about delicious spam?

What about it? It's slightly less fictional than unicorn bacon?

Re:Enough about malicious spam

[trodofor]

What about delicious spam?

I think that's an oxymoron.

Re:Enough about malicious spam

Mmmm, love me some yummy oxymoron, especially with a bit of delicious spam fried and served on the side with room temperature mayo.

Re:Enough about malicious spam

[datapharmer]

Clearly you haven't had it mixed with vienna sausages and anchovies. yum!

Re:Enough about malicious spam

[Phoghat]

How about something with a little less spam In it? There's: http://www.youtube.com/watch?v=anwy2MPT5RE

Re:Enough about malicious spam

But I like Spam!

Out of curiosity...

Why can't ISP's detect large numbers of messages suddenly going to a vast array of e-mail address and shut it down?

Nobody normally does that; seems like it should be easy behavior to detect and stamp out algorithmically.

Re:Out of curiosity...

[XanC]

I'd rather have my ISP not be in the business of picking through my traffic and deciding what's "good" and what's "evil". Who I talk to over my connection is my business.

Re:Out of curiosity...

[HungryHobo]

Because one person sending a mailshot to a hundred or so people looks a lot like a botnet.
One person mailing their CV to 200 companies can look a lot like a botnet.
One teenage girl telling everyone about a party can look a lot like a spammer.

Sure if the botnet isn't well written then it'll just blast spam out of every node 24/7 but the really good ones are going to try hard to evade detection.
Hell if you've got enough compromised PC's and you're organised as modern botnet herders are then you can collect a lot of good data on how regular users send email and make sure the nodes of your botnet avoid going far outside the curve.

Re:Out of curiosity...

[Megor1]

Botnets tend to send out directly from the PC instead of using the ISP mail server as most people don't tend to host their own SMTP server.

Re:Out of curiosity...

[sopssa]

Maybe in the year 1995. I'm pretty sure they can handle having a list of ISP's mail servers and use them now. Sending from a consumer line would be quite useless anyway because 99% of email services would directly block such emails.

Re:Out of curiosity...

[Jeng]

Although I think very low of the morality of those who do this for a living, but at times you really have to respect their skills.

This isn't just like running an email service for a fortune 500 company, its more like running a black ops email service for a fortune 500 company.

Every aspect of the operation is ran over with a fine tooth comb for discretion. Not too many from each node, sending out the spam messages at a low rate, redundancy, resource management, payroll. This cannot be easy.

Too bad these people are going with a life of crime, with their potential I would think they could do very well in legitimate work.

Re:Out of curiosity...

[HungryHobo]

why wouldn't they use the users accounts?
Botnets grab logins for hundreds of thousands of legit email accounts, hell they can even use the users own SSL connection to send the emails when they log in to their email.
Whatever way users send normal mail the bots can emulate them.

Re:Out of curiosity...

[HTH+NE1]

Why can't ISP's detect large numbers of messages suddenly going to a vast array of e-mail address and shut it down?

1. The messages aren't identical
2. The messages don't originate from just one machine but from botnet zombies scattered all over the net with distributed command and control with multiple contingencies for regaining control
3. The messages don't end up at just one mail host
4. By the time it's detected the damage is already done
5. Anyone who does detect it isn't in a position to stop it from happening again

Basically what you're suggesting boils down to throttling the entire Internet so that it can't handle the capacity of spamming, which will make it useless for any e-mail delivery. You might as well just kill e-mail.

Re:Out of curiosity...

[postbigbang]

Add to this the fact that when you do report phish, 419, or malware spam, the ISPs snooze over the report for days until finally doing something about it-- and sometimes they never do anything at all. Some mail hosters don't even have abuse accounts to report to.

Re:Out of curiosity...

[interkin3tic]

One teenage girl telling everyone about a party can look a lot like a spammer.

And what would be so bad about ISPs blocking that???

Re:Out of curiosity...

You're a moron.

Re:Out of curiosity...

[pclminion]

Yeah, well, if it quacks like a duck...

Seriously, if you are trying to communicate with hundreds of people, there are technologies meant for that. Email isn't one of them.

Re:Out of curiosity...

[SgtAaron]

Maybe in the year 1995. I'm pretty sure they can handle having a list of ISP's mail servers and use them now. Sending from a consumer line would be quite useless anyway because 99% of email services would directly block such emails.

It may be nearly useless. That doesn't mean that botnets aren't sending email direct-to-MX. These hosts have connected to our incoming MX's in just the last couple of minutes, and I'd say it's a small sample :) But, nearly all of these connections get pretty high scores from spamassassin, and users generally don't see the resulting spam.

129-219-159-242.nat.asu.edu
s0106001d60d07529.lb.shawcable.net
79.103.93.54.dsl.dyn.forthnet.gr
adsl-074-251-208-007.sip.tys.bellsouth.net
87-205-77-134.adsl.inetia.pl
77-56-149-16.dclient.hispeed.ch
cpe-065-190-194-031.nc.res.rr.com
cablelink-173-211-215.cpe.intercable.net
host-89-231-69-81.plock.mm.pl

... and the list goes on. Hmm, we're getting a LOT of smtp connections from botnetted windoze computers nowadays...

Re:Out of curiosity...

[insufflate10mg]

He's just salty because he wasn't invited.

Re:Out of curiosity...

[Dishevel]

Seriously, if you are trying to communicate with hundreds of people, there are technologies meant for that. Email isn't one of them.

Yes it is. I would argue my point with you but I really do not need to. Everyone here can see that your statement is Wrong.

Re:Out of curiosity...

Sadly, the real world does not work the way you expect it to.

Re:Out of curiosity...

[aztracker1]

I'd be happy if more of the bigger mail services recognized my mail server for my hobby site's user signups as non-spam. Despite the fact the MX on record is the sending server, and the domain for the MX has been up for a while. I've in the past year retired the use of my company's domain name, and revised my hobby site to use a newer domain. Just the same, this has been over the course of a year, not all at once.

Re:Out of curiosity...

[jfengel]

But it's my business to pay my ISP to funnel the bytes sent to me. If the bytes coming from your ISP are frequently evil, I'd fully support my ISP in blacklisting you, especially if it saves me money or increases my bandwidth.

So if your ISP decides to cut yours off unless they impose some sort of anti-bot policy, I'd be in favor. And I'm perfectly willing to have my ISP do the same to me if it's what's required to play nice with their neighbors.

If you want your ISP to be blind to your bits, and suffer the fact that they'll have to install more bandwidth and be potentially filtered (and lose customers for that, raising your prices further), be my guest. I'm willing to live with that minor invasion of privacy (cutting off obvious bots) in exchange for lower prices.

Re:Out of curiosity...

Gmail works flawlessly. I haven't seen spam in years and because it's never accidentally flagged a real message, I've made a filter that automatically deletes any spam instead of filling up a spam folder that I'll never check.

If ISPs and other email providers can't provide the same level of service, then they suck.

Re:Out of curiosity...

[MichaelSmith]

I bet their work is more enjoyable and interesting than mine, over all.

Re:Out of curiosity...

[Kardos]

Hell if you've got enough compromised PC's and you're organised as modern botnet herders are then you can collect a lot of good data on how regular users send email and make sure the nodes of your botnet avoid going far outside the curve.

That, or the herders adjust their botnet so the behavior of each node is such that it *becomes* the curve...

Re:Out of curiosity...

Original poster here, maybe I should elaborate.

Why don't ISPs providing service to home users require outgoing SMTP to pass through the ISP mailserver (firewalling port 25) and flag/block extreme usage so that their customers' virus infected machines don't spew further garbage into the Internet?

In the very rare case where a customer needs to run a mailing list or the like, allow them to change their thresholds in their user profile. For those who don't intend to send hundreds of thousands of messages, it might actually be of some benefit to them to shut down the spigot and send them a warning that their computer's infected.

I don't want to throttle the whole Internet, just implement some form of rationality test on mail output at the ISP level.

Re:Out of curiosity...

[datapharmer]

True. I tried reporting a troublesome IP to comcast and their email address bounced as non-existent. I'm pretty sure they are supposed to keep those whois records up to date if they want to keep their domain, but hey, who follows the tld rules anymore? PS you can contact me at by sending mail to:
Proxy Domain nonsense
0 Null-ville Drive
DROP TABLE `%`, IN 12345

Re:Out of curiosity...

[Qzukk]

Sadly, the real world does not work the way you expect it to.

Sadly? More like fortunately, since the botnets' internal SMTP engines typically suck and are often foiled by techniques like greylisting and blocking mail sent directly from dynamic IPs.

If they bothered to read the user's Outlook config and use that to send mail we'd be in a whole heap of trouble.

Re:Out of curiosity...

[soundguy]

That's because abuse@ and postmaster@ are the FIRST addresses to get spamblasted on every domain. They have been completely useless for ALL of this millenium.

Face it, the RCFs for most internet protocols were written decades ago for government and academia and were not based on a commercial-use network. FTP, Telnet, NNTP, SMTP, IRC are all obsolete junk and need to just go away like Gopher, Archie, Veronica, etc. There's too much invested in TCP to completely rewrite the way the underlying network operates, but the higher-level protocols need to be replaced by encrypted, authenticated systems that can use a central authority or ring-of-trust if authentication is mission-critical. Email should be the first to go. It's not enough to cover these junk systems with security add-ons & bandaids. They need to be completely rebuilt from scratch to include both public and restricted, private channels.

Of the 5 protocols listed above, SMTP is the only one I still run on my own servers. The others have been replaced with SCP, SSH, SSL HTTP gateways & forums, and various things like texting & twitter.

Re:Out of curiosity...

[SkyDude]

Indeed the dynamic IPs are on every legit blacklist known to man, but the emails have still been sent and we, the users, have to deal with the slow connections, etc,. as a result.

Would it be too much to have Micro$oft add a function to Windows that would prevent any port 25 outbound traffic without explicitly entering a passphrase or something similar? That might go along way to stopping Mom, Dad's and Jr Hacker's computer, which is infected from all those free offers, Myspace and gaming sites from sending emails?

Just a thought

Re:Out of curiosity...

[wizardforce]

I'm willing to live with that minor invasion of privacy (cutting off obvious bots) in exchange for lower prices.

That's naive. Any cost savings get funneled right into the profit machine long before you see any of it.

Re:Out of curiosity...

[sopssa]

Actually my ISP does that (and many ISP's in Europe? All in my country at least). I actually thought it was more widespread thing and it was just something like comcast that didn't.

Re:Out of curiosity...

I'm willing to live with that [...] invasion of privacy [...] in exchange for lower prices.

I'm not sure if I'm supposed to laugh, or cry, or just plain shake my head and walk away.

Hey, here's a Mars bar for you, though. Want it? All you'll have to do is vote for the establishment of a fascist dictatorship. I'm sure you're willing to live with that in exchange for a delicious chocolate bar, aren't you?

Re:Out of curiosity...

[postbigbang]

Me, too.

Yet how are we to contact ISPs and get spammer accounts closed? There ought to be a way.....

Re:Out of curiosity...

[jfengel]

That's a quality strawman you've got going there.

Re:Out of curiosity...

[jfengel]

Possibly. But while the ISP market is severely under-competitive (a problem that has nothing to do with spammers), there is at least some competition in many markets. That means there's some incentive to pass along at least some of the savings along, just to keep me from jumping ship.

I don't need them to pass along every dollar, but every dollar they do pass along is money in my pocket. And if their competitor passes along more, they get nothing.

Re:Out of curiosity...

[Tacvek]

The user's Outlook config? Are you kidding me? The vast majority of non-corporate users don't use any mail client at all, happy with the awful webmail interfaces. Even when they do, Outlook Express, or Windows Live Mail are more common clients for home users than Outlook.

Re:Out of curiosity...

[shentino]

I'd bet most spam is forged in some way.

If a spam message fails a SPF or DK check, just drop it without any further checking. The fact that it's forged is a dead giveaway that it's not legit.

Hell, I wish gmail would just hard-reject that sorta crap instead of leaving it in my spam folder amid other possible false positives I need to sift through to make sure nothing got filed there by accident.

Re:Out of curiosity...

[XanC]

I honestly don't understand the benefit of the spam folder. Silent failures are BAD. Servers should either accept and deliver a message, or reject it. That way, when a legitimate message gets flagged as spam, SOMEBODY knows about it!

Re:Out of curiosity...

[innocent_white_lamb]

Although I think very low of the morality of those who do this for a living, but at times you really have to respect their skills.
 
Skills? I think it's more a case of "even a blind pig occasionally turns up a nut." There are so many wanna-be spammers and wanna-be "hackers" and wanna-be whatever's-hot-this-week that it doesn't take much of a success rate to land a ton of spam in your inbox, and mine.
 
I susspect that at least 85% of the people who read Slashdot could do a better job of spamming than the spammers, if they were so inclined.

Re:Out of curiosity...

[Qzukk]

It could even be built into the Windows Firewall, though you'd have to break it into a separate "enable" option per application to avoid trojans that the user expects to allow access to the internet but is actually sending spam.

Rather than "OK" or "Cancel" the buttons should be labeled "I Am Sending an E-Mail" and "I Did Not Send an E-Mail".

Re:Out of curiosity...

[HTH+NE1]

Original poster here, maybe I should elaborate.

Why don't ISPs providing service to home users require outgoing SMTP to pass through the ISP mailserver (firewalling port 25) and flag/block extreme usage so that their customers' virus infected machines don't spew further garbage into the Internet?

I refer you again to number 2. I think you underestimate how many machines are in a given botnet and therefore overestimate how much spam one machine in that botnet sends. They could easily slide under an ISP's per-user e-mail volume limit and still participate in a million-strong spam.

Re:Out of curiosity...

I honestly don't understand the benefit of the spam folder. Silent failures are BAD. Servers should either accept and deliver a message, or reject it. That way, when a legitimate message gets flagged as spam, SOMEBODY knows about it!

In my experience, there are 4 classes of e-mail (approximately).

1. The known bads, misconfigured senders / really bad HELOs / attempts to forge your own HELO / viruses / exceeds size limits / disallowed extension type / or mail that fails the SPF/DK checks. Those should be rejected at SMTP time with a 5xx. It's then the responsibility of the *sending* server to notify whoever submitted it to them for delivery to our system. Basically, as the recipient mail admin - not my problem once I 5xx.

2. The probably bad. This is stuff that didn't get rejected outright at SMTP time with a 5xx code. The vast majority (95%+) of this is true spam, the stuff that you'd never want to read if you're in a rational state of mind. For webmail or IMAP, this stuff should be routed straight to a Spam/Junk folder. If the recipient *really* wants to look at it, they can setup webmail/IMAP and go look. It should probably be pruned on a 60-120 day interval. We're not silently failing it (silent failures would be accepting the message with a 2xx and then deleting it).

3. Maybes. Stuff that can't reliable be identified as either ham or spam. The best solution here is probably to simply tag the subject line with "[SPAM]" (or some other tag) and then leave it in the Inbox. Make the end-user decide, at which point they could submit it to be classified as ham/spam.

4. The good. Everything else that you actually wanted. If you can keep false-positives in this category down to 1:100 or 1:500, you're actually doing pretty well.

By having a spam folder and automatically shoving the probably bad into it, end-users only have to look at the last 2 categories. Which cuts the amount of spam they have to look at by 95%+ (ideally you trap 98% in the 2nd category).

Re:Out of curiosity...

[XanC]

Agreed, except for the part about the spam folder. My contention is that delivering mail to a spam folder is a silent fail. I prefer to reject with 5xx anything that would go in a spam folder. Then, as you point out, the sending server will notify the sender (if one exists).

Users get spammed

1. Lusers get spammed by e-mail
2. Lusers migrate to facebook
3. Lusers, get infected with koobface on facebook
4. Lusers spam everyone by e-mail

Re:Users get spammed

[ae1294]

I can't compile what you're trying to say without the ??? and Profit! directives.

Conflict of Content

[Dripdry]

So, if we try and hold ISPs or telecoms liable for what moves over their wires, they would have to hunt down the spammers as well as the pirates? What an awkward position to be in, especially when a big revenue stream is at stake.
Yeah, I didn't RTFA.

Also, what percentage of email is 3 billion, anyway?

Re:Conflict of Content

[Monkeedude1212]

So, if we try and hold ISPs or telecoms liable for what moves over their wires

That is a can of worms you do NOT want to open.

Wait no, not a can of worms, that is Pandora's Box.

Re:Conflict of Content

[AndrewNeo]

Can we compromise and call it Pandora's Can of Worms?

Re:Conflict of Content

[Volante3192]

Or a can of peanut brittle with those compressed snakes

Re:Conflict of Content

[Red+Flayer]

Far better is "Pandora's Wormy Can".

Because the visuals associated with the term are so much more... disturbing.

Oh really?

[B5_geek]

And I still see less then 1 per month in my Inbox.
_THIS_ is the price I am willing to pay to allow Google to filter my email.

Re:Oh really?

[sopssa]

Considering the world soon has a population of 7 billion people, on which 1.7 billion people use the internet and usually people have several email addresses, it means it's still probably like 0.1-0.2 spam messages per day per person. Add filters to that which caught most of the spam and the 3 billion per day isn't actually that large number.

Re:Oh really?

[49152]

I see about the same amount. Some times it goes months with no spam then I get two or three in a week. I reckon the spammers are constantly adjusting their techniques to try to get through the filters.

We are a small company running our own email server. Ubuntu Server with Postfix, spamassasin and all the trimmings.

I redirect all spam to an imap account I set up for the purpose, just in case we need to get hold of some blocked message. The last two years this has not been necessary. But I browse through this mailbox once in a while out of curiosity. The amount of spam it blocks is just staggering!

The price we pay is close to zero, the same box handles all other kind of stuff too and I spend perhaps half an hour every other week to check if any updated packages or security fixes need installing. It practically manages it self.

Re:Oh really?

That's not the point! The point is waste. There should not be this amount of email traffic that is clogging the infrastructure -- reducing not only bandwidth but also raising latency in the process.

When I check gmail and I see 1000 spam message but my Inbox remains clean, that is still a failure!

Re:Oh really?

[Jugalator]

And I still see less then 1 per month in my Inbox.
_THIS_ is the price I am willing to pay to allow Google to filter my email.

Hear, hear. I was very surprised when I recently checked my spam volume. That is, in my Gmail *spam* box, not inbox. The inbox is usually clear of it, but the surprising part was that I had around a third to a fourth of my former spam volume a few years ago! I used to have to have 1.5 pages of spam per day before, now you have around 0.5 pages of daily spam in the spambox.

I'm not sure what Google did if this article is true... Maybe they are so sure of that it's spam, that it doesn't even end up in the spam box? Because, as for my mail address, when it ends up in a register, I don't see why spammers would later remove it. It obviously receives the spam since the mail server doesn't return an error...

Or maybe it's what I heard being rumored once - that certain spam networks avoid Gmail to save costs, because it's so inefficient to spam those mail boxes.

Re:Oh really?

[oodaloop]

Your sig is deliciously ironic, no?

Re:Oh really?

[bondjamesbond]

Ditto with my using Appriver for my company.

Re:Oh really?

[rtaylor]

Maybe they are so sure of that it's spam, that it doesn't even end up in the spam box?

That's it. Most spam is rejected without telling you about it, possibly even before it gets delivered to the mail server. The spam folder gets the questionable stuff.

Re:Oh really?

[maxume]

They Can See His Grocery List And That Stupid Forward From His Mother-In-Law.

Alert. Alert. Alert.

Re:Oh really?

[squisher]

And I still see less then 1 per month in my Inbox.
_THIS_ is the price I am willing to pay to allow Google to filter my email.

I do agree that gmail's spam filter does not let much through, in truth, it is way too aggressive. Are you subscribed to mailing lists? Often it'll just tag some random message as spam. I've had various things end up in spam over the years, and really wonder how many landed in there that I never noticed (who checks their spam folder every couple of days?).

Recently I got very upset because I tried to sell something on craigslist, and sure enough, an offer ended up in spam. Of course I didn't check until a couple of days later, and by then the person wasn't interested any more. Since I'm going to start job hunting soon, I can't really afford the uncertainty the gmail spam filter introduces, and plan on moving my email elsewhere.

Re:Oh really?

[martin-boundary]

_THIS_ is the price I am willing to pay to allow Google to filter my email.

Then you're a fool. Use a personal Bayesian filter, and you'll get that same kind of accuracy without the privacy pricetag. You can find a bunch of them on freshmeat.

Re:Oh really?

[martinbogo]

Until you take into account that the total number of legitimate emails is between 100 and 300 million messages per day. Spam messages make up over 90% of the total stream, and that means untold amount of wasted bandwidth, processing time, and frankly wasted time on code needed to combat the issue.

Re:Oh really?

[msclrhd]

I like Gmail for many reasons, one of which is their awesome spam filter. I get only one or two mis-categorised email every couple of weeks, the rest goes to the spam box. Couple that with the coloured labels & filters, and spam/not spam is very easy to identify.

Hotmail on the other hand is terrible. Ages ago when I was using Hotmail, I ended up with the majority of my inbox being spam so I gave up and tried Gmail. I don't know how good Hotmail is at the moment (or others like YahooMail).

Re:Oh really?

[icebraining]

Do you set filters for them? I believe that human defined filters (like tagging all mail with the mailing list name in the subject to a specific tag) trumps the spam filter.

Re:Oh really?

[antdude]

What about your spam folder?

Re:Oh really?

[Hittman]

It happens from time to time, which is why you have to check your spam folder from time to time. Usually simply marking it as "not spam" solves the problem. Even with a few pages of spam that shouldn't take you more than a minute or so.

Perfection doesn't exist in this area, but Google comes pretty close.

Re:Oh really?

And I still see less then 1 per month in my Inbox.
_THIS_ is the price I am willing to pay to allow Google to filter my email.

More like once a year. And I've had to go into my junk folder and remove a legitimate e-mail maybe once since I started using GMail (several years ago).

Re:Oh really?

[cgenman]

I never had a personal Bayesian filter get the same accuracy as a large, managed online box. At the provider level, the system can know if 200 other people received the same message. Other users help train the spam filter for you before they get to your inbox. The orbs blacklist can be kept up-to-date more quickly on a managed host.

Bayesian filters, on the other hand, take a lot of user interaction and constant oversight. I've had a few mailing-list style mails fall into Google's trap, but the Bayesian filter I setup and trained for a year still caught about 1 totally legitimate mail from a friend or co-worker per week. And then the moment I had to switch mail clients, the filter needed training all over again.

At least in my experience, personal Bayseian filtering provides a lower accuracy rate for a lot more oversight, in exchange for more privacy (assuming you trust your SMTP provider).

Re:Oh really?

And it was a lack of code in the first place that made this whole SPAM thing such a big issue by allowing behaviours such as this in the first place.

Re:Oh really?

[brkello]

And how would you do it different...my brilliant coward friend?

Re:Oh really?

Gmail -> Settings -> Filters

Matches: is:spam
Do this: Skip Inbox, Delete it

Problem solved.

Re:Oh really?

[vegiVamp]

I check mine daily. It's just part of my routine, and because I know it's mostly spam in there, a quick subject scan usually suffices to confirm there's nothing unusual and I can click delete-all.

A lot of spam seems to come in batches, btw, there's often four, five times almost identical subjects.

Re:Oh really?

[Hurricane78]

You don’t need Google at all. You essentially sell the content of your mails & co for the price of a root server with this installed: http://www.gentoo-wiki.info/Complete_Virtual_Mail_Server

I used this, and it’s just as good, if not better than Google’s filter. But it’s completely yours. (A huge advantage for me.)

Your choice. (No judgment from me.)

Want to See Spam?

[Petersko]

Subscribe to one free daily naked chick mailing list. Imagine how much of that spam is about porn! There are probably more porn emails sent out every week than there are people on the planet.

I keep three email accounts. One I give out for things - registrations, contests, all that stuff. One I give out to friends and family. The third just quietly sits there empty. I check it periodically anyway and it makes me happy when no mail is found.

Re:Want to See Spam?

[characterZer0]

I check it periodically anyway and it makes me happy when no mail is found.

I check my toothbrush holder periodically and it makes me happy when no mail is found in it. Assuming you brush your teeth every day, you should try it - it is quicker than checking an email account.

Re:Want to See Spam?

[StuartHankins]

I have my own domain. I have only 4 "real" accounts and give a different account for everyone that needs an email address. My catch-all account sees all the stuff, and I trust SpamAssassin results. Very very little spam gets to me, and when it does I know which company gave out my email address.

Cheap and easy to setup, and I don't rely on any third party's free email services (which seem to come with their own supplies of spam and losses of privacy).

Re:Want to See Spam?

[Alwin+Henseler]

Subscribe to one free daily naked chick mailing list. Imagine how much of that spam is about porn! There are probably more porn emails sent out every week than there are people on the planet.

If you subscribe to such a mailing list, then what you're getting from them isn't spam (because you asked for it). Only other, uninvited e-mail is spam.

Also, I don't know what network you're on. Spam I get is mostly for the famous blue pills & co, fake watches, and the occassional silly 419 / phishing attempt or "get your degree now!" bullshit. Porn spam? What on earth are you talking about?

Re:Want to See Spam?

[The+MAZZTer]

I used to have my main e-mail account be catch-all but quickly discovered spammers like guessing random addresses at any registered domain so I turned it off.

Re:Want to See Spam?

[Petersko]

"If you subscribe to such a mailing list, then what you're getting from them isn't spam (because you asked for it). Only other, uninvited e-mail is spam. Also, I don't know what network you're on. Spam I get is mostly for the famous blue pills & co, fake watches, and the occassional silly 419 / phishing attempt or "get your degree now!" bullshit. Porn spam? What on earth are you talking about?"

If your email gets on their radar (a mailing list would work) you'll suddenly start receiving a whole lot of email from all sorts of people and sites who want to sell you porn. Isn't that porn spam?

Re:Want to See Spam?

[stimpleton]

"I keep three email accounts....."

My "third email" is a gmail and is for my one weakness in life: big breast websites(subscription based).

Oddly, I get no spam. I do get the odd newsletter and update "notices". What I also get is the occassional promotion from old sites I subscribed to, which I do like to get.

How Gmail manages to work out what I want and do not want, and gets it right is either very clever or very chilling.

Re:Want to See Spam?

[sopssa]

That's why its best to use the middle way. Have own domain and some way to quickly create a new address on it (even if they all go to same mailbox). Always use a new address for different sites and purposes. That way if one of them starts to get problems with spam, you know who sold your address and can easily disable it.

Re:Want to See Spam?

[rtaylor]

How Gmail manages to work out what I want and do not want, and gets it right is either very clever or very chilling.

Google has no way to know what you want. Instead, they focus on making you want what they give you.

Seems to work well enough.

Re:Want to See Spam?

[svallarian]

this works too..

yourname+slashdot.yourdomain.com

this even works with gmail!

Re:Want to See Spam?

[Foolicious]

I have my own domain, too. I also have an ISP that's funny about ports. Sure, I could drop them for such restrictions. But my other choice is dial-up.

Re:Want to See Spam?

[MobyDisk]

Yeah, but that trick is so common I can't imagine spammers haven't figured out how to chop off everything after the + sign and get to your main account.

Re:Want to See Spam?

[gilgongo]

That's why its best to use the middle way. Have own domain and some way to quickly create a new address on it (even if they all go to same mailbox). Always use a new address for different sites and purposes. That way if one of them starts to get problems with spam, you know who sold your address and can easily disable it.

Yeah - trouble with that is you then get wildcard spam. Once the bots realise your mail server will accept anything on your domain - boosh - 10,000% permanent increase. This means that disabling one address reduces the onslaughts by an amount vanishingly close to zero.

Re:Want to See Spam?

[sopssa]

That's why I said middle way (between the parent posters). Don't accept mail to just any account, but create them as you need to, and disable if some of them starts to get spam. If you ever need the same account name again (for example to use some sites forgotten password function), just temporary re-enable it.

Re:Want to See Spam?

[Sax+Maniac]

Where does he say he's using wildcards? You have manually make new addresses without a wildcard address. I've been doing the above for years with no wildcard addresses.

Re:Want to See Spam?

[icebraining]

Yes, 'cause spammers don't know how to write 's/\+.+?@//' in their apps.

I personally use Mailinator.com for all my throw away registrations.

Re:Want to See Spam?

Stop being a cheap fuck and buy a business account from your ISP. Static IP and no port filtering. See how easy that was?

You can also just set your SMTP server and email client to use an unfiltered port.

Re:Want to See Spam?

[StuartHankins]

There shouldn't be any reason to require a business ISP account just to use your own domain's email services. Who's the stupid one here, AC?

Re:Want to See Spam?

[FunkSoulBrother]

I'm curious, how does this work with Gmail? Are you creating a new gmail account for each site and re-directing them to the same ultimate mailbox?

Re:Want to See Spam?

[Tacvek]

No, for Gmail, if a mail is revived with a plus in the name, the address is stripped at the plus to determine the account in which to deposit the message.

Re:Want to See Spam?

[Sardaukar86]

No, for Gmail, if a mail is revived with a plus in the name, the address is stripped at the plus to determine the account in which to deposit the message.

[chuckle] Thanks for the info.. but mostly for the best typo I've seen in a while! :)

Re:Want to See Spam?

[Hurricane78]

I have one such subscription (something a bit more special which is actually really nice), and I don’t have gotten more spam. (At least behind my spam filter.)

Re:Want to See Spam?

[svallarian]

No, it strips it off and delivers it to my main gmail account.

However, I can still see the header, so I can tell where the address originated from.

Let me be the first to say

Thanks Mr. Bill Gates.

charge for email

[zaax]

1c each, first 30 per day free. It would stop all spam dead

Re:charge for email

[sopssa]

Your post advocates a

( ) technical ( ) legislative (x) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
(x) Microsoft will not put up with it
( ) The police will not put up with it, anywhere other than Russia
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(x) Asshats
(x) Jurisdictional problems
(x) Unpopularity of weird new taxes
(x) Public reluctance to accept weird new forms of money
(x) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
(x) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(x) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
(x) Outlook

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(x) Countermeasures must work if phased in gradually
(x) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(x) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, asshole! I'm going to find out where you live and burn your house down!

Re:charge for email

[compro01]

Yes, I am sure the botnet herders will be happy to send you a cheque.

Re:charge for email

[harp2812]

Let me know when you find a reliable way to...
a) Charge for email
b) Prevent unpaid mail from being sent
c) Prevent botnets from sending 30 free messages then stopping for the day
d) Prevent botnets from sending a ton of paid messages using financial info on the host computer
e) Prevent spammers from setting up a mail server that charges for messages, repeating d) and then collecting all the money.

etc, ad nauseum.

Re:charge for email

[smallfries]

If you're going to use the check-list then at least fill it out right:
(x) No one will be able to find the guy or collect the money
( ) Microsoft will not put up with it

Bill actually suggested this a couple of years ago.

Re:charge for email

[JustNilt]

Not to mention much of the corporate world's communications. This is one of those "looks good on paper" things.

Re:charge for email

[selven]

f) Prevent spammers from becoming even more effective since people would believe that a message which the sender put money into sending has to be legitimate.

Re:charge for email

[Binder]

Umm...
How about make windows illegal?

Re:Thanks Largely To The Prevalance Of

Not Windows, but stupid people.

Yours on Slashdot,
AC

Correct title should be that they saw 3 billion

[Megor1]

3 billion spam is a drop in the bucket of the daily spam volumes seen worldwide, there has not been a global increase of spam volumes in the last year of that magnitude (Or really much at all).

Ya know

[Stan92057]

Ya know,until they start going after the people who hire the spammers nothing is going to change. Some businessperson is responsible for our spam not the spammer. Where and how is this Viagra getting into our country?Where are all the watches being made? and so on. Someone is paying theses spammers,get them. PS: Yes i know its not easy to catch them,but if we can send and control robots from earth on mars it CAN be done.

Re:Ya know

[shentino]

out of country companies that hire spammers can rightly tell the USA to go screw themselves. And if that country happens to not like the US, it gets even harder.

Spammers don't give a shit about following the law. Hell they're brazen enough to DDOS the shit out of Blue Security. Face it, they aren't just annoying. They are vicious crooks, almost as bad as mafiosi and probably wouldn't hesitate to kill if they wanted to.

The only way to protect US citizens from spam sent from outside the country (or inside at the direction of out of country CC servers) is to firewall the whole country...and we can't have that can we?

Maybe ISP should do something about it?

I'm sure someone will post the standard reply to this comment but here it goes:
What if ISPs blocked ports and prevented everyone and his dog from running a mail server by default? (I can already hear the outcry from everyone running his own) - though as with DNS redirections this could be turned off by logging in to your profile (at your ISPs home page)? At least we'd get rid of all the crap coming from bot nets.

Re:Maybe ISP should do something about it?

[Virtucon]

Do you want ISPs in the business of Policing traffic? This is a multi-faceted problem and it needs multiple avenues to solve it. Blocking Spam traffic is one thing, filters are another. It does need to get blocked from the source. That of course will get fixed when Windows has no further BSODs.

Re:Maybe ISP should do something about it?

[compro01]

A lot of ISPs already block port 25, what else do you want?

Botnet upgrades?

[Alwin+Henseler]

FTA: "The spamming botnets are constantly in flux, waxing and waning, morphing, becoming obsolete, being replaced, taken down, and upgraded."

Read: replace dual-core bots with quad-core ones.

You just won the lottery, click here

[Geert+Jalink]

Just joking.

I have said this before...

[hesaigo999ca]

If we incorporate a pay per email scheme, with an email costing anywhere from 1/2 to 1 cent per email....with a cap being set by the government so you don't get screwed over by the ISP, not only would it be beneficial for the ISP, as less bandwidth because less spam, but also, people infected would be aware that they are infected if not by the first bill, then by the second billing.

I am aware of my downloads next bill, cause i see the extra bandwith used, but i don't see the emails sent.
If i get charged on the side, and see 1 million emails, but a cap of 20$ (let's say), then you bet your *ss I will clean my pc, and
get myself organized not to get billed for that again. People that spend no time monitoring their system have no clue, unless someone points it out for them.

By forcing a pay per email, you also make sure to have paper trails, and someone has to pay for that..eventually as the botnets die out, the spammers will have to charge more for the less they are making, or it will not be worthwhile for them, and the spam kings will slowly go out of business. Right now, they incorporate the pricing into what they charge their clients, but if you raise the cost because now legit spammers have to pay per email, you will get clients investing elsewhere for their marketing.

Re:I have said this before...

[sopssa]

And what about all the legit mailing lists? Or slashdot that sends an email when someone answers to your comment. Or newsletters and so on..

Pay per email is not going to work and no one is going to put up with it.

Re:I have said this before...

[vlm]

If we incorporate a pay per email scheme, with an email costing anywhere from 1/2 to 1 cent per email

I get more paper spam in my mailbox, than email spam that slips past spamassassin.

So... if capital one sent me two credit card offers per week, for several years, and each cost at least 50 cents to print and post, that one CC company is spending $50/yr trying to win my business... but charging 1 cent per email will stop spam?

I get coupon magazines that I toss out. For over a decade, when I get a phone book, I toss it out. I get endless catalogs. All of which cost several orders of magnitude more than one cent.

Also if there's one thing the cellphone and landline business has shown, its impossible to bill in units below about one cent (per minute) or below about $20 per total bill. They will have to charge WAY more than one cent, just to recover the costs of the billing infrastructure.

Re:I have said this before...

[HungryHobo]

Your post advocates a

( ) technical (X) legislative (X) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(X) Users of email will not put up with it
(X) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(X) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
(X) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
(X) Jurisdictional problems
(X) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(X) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
( ) Joe jobs and/or identity theft
(X) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
(X) Outlook

and the following philosophical objections may also apply:

(X) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
(X) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(X) Countermeasures must work if phased in gradually
(X) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(X) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!

 

Re:I have said this before...

[HungryHobo]

I was mistaken
( ) Microsoft will not put up with it

Re:I have said this before...

[Archangel+Michael]

Your post advocates a

( ) technical (X) legislative (X) market-based ( ) vigilante

I've NEVER seen all four of those checked before on a singular suggestion. SO, I will attempt to propose the PERFECT solution, which will obviously have to take into account all four options .... THIS would definitely solve the problem.

We need to pass a law, that would create an incentive for Private Companies to generate an electric shock device that would automatically send a large electrical shock to anyone OPENING SPAM (legislation to define SPAM as broadly as possible and contain SNOPES and Chain letter provisions). The Winning company's device would be awarded the ONE day's cost of SPAM (to be determined).

This is based on my basic premise .... STUPID should hurt.

Re:I have said this before...

[shentino]

1. Spammers already make a metric fuckton of money
2. Crooks willing to hijack computers won't be deterred from stealing financial information to pay email fees with.
3. Such crooks are already using zombie computers, so the victims would get stuck paying anyway

Re:I have said this before...

[hesaigo999ca]

You put up with being charged per phone call,
unless you have a plan that caps it at xxx per month, no?

My method would at least let people know they were infected, and force them to do something about it.
And when you say would not put up, they would have no choice if this new law passed, just like you have no choice to stop at a light even with no other traffic any other way, if it becomes the law, you have to do it.

Re:I have said this before...

[hesaigo999ca]

A) the infrastructure is already in place, you would not even see any changes except
one more line on your bill to explain the cost.
B) You get paper stuff, why do you compare it to virtual documents that are sent through
as data, with no real person used to deliver it, that costs moeny.
C) Your point about the paper was that you get more of it then spam, however, that would be
because your ISP probably does a pretty good job of covering your ass without you knowing about it.
D) Talking about cell phones, you pay per call with a cap per month for the usage,
how would this be any different...in fact, it would be the same, how many times have you told
someone,...I have to watch my minutes...or I have no time left on my cell, it would make you more aware, voila mission accomplished.

Re:I have said this before...

[hesaigo999ca]

Your post advocates a
(x) lack of technical knowdlegde (X) ignorance () dumbass comment ( ) poor choice of words

Here's why your thoughts on why my idea will not work do not hold water
(X) Mailing lists and other legitimate email uses would be affected
Of course they would, and that is the reason why they incorporate it into the billing, being legit, they would do that, non legit, not so much.

(X) Users of email will not put up with it
You put up with being charged per phone call on your cell with a cap per month, don't you?

(X) Microsoft will not put up with it
M$ has nothing to say about the amount of emails coming or going, as long as they make money on the licenses using the software to do such actions, and might even create a new one to help monitor this new functionality, and make even more profits.
(X) Requires immediate total cooperation from everybody at once

Specifically, your plan fails to account for
(X) Lack of centrally controlling authority for email
Because we do not have a governing body for the internet as a whole??? Wow...(rollseyes)
(X) Open relays in foreign countries
So what you are saying is that international communication does not exist by internet
(X) Asshats
Explain this one to me, I am sure I my visual does not do you justice
(X) Jurisdictional problems
Each country have their own cell phone companies, why would this be any different?
(X) Unpopularity of weird new taxes
Wow, i mentioned a payment structure for a service, and you already want to tax it, even though it would be the companies making money on this that would pay their revenue taxes, you should become a politician.
(X) Huge existing software investment in SMTP
Adding a few lines of code, or a new service into an already existing infrasrtucture is not the end of the world...look at when spam first came out, or when dns cache poisoning came out, it is doable if we want to get it done.
(X) Extreme profitability of spam
Exactly my point, now non legit spammers will have to raise their prices, and force their clients to rethink if they want to spend 10 times the amount of money to keep spamming, for that 1% that are gullible enough to think the nigerian king is really trying to send them his money.
(X) Technically illiterate politicians
Have i mentioned you should run for politics...
(X) Outlook
The software, or your bleak vision of what our future HAS to be...

and the following philosophical objections may also apply:
(X) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
None have been implemented at the level that let's say DNS cahce poisoning has, and needs to be.

(X) SMTP headers should not be the subject of legislation
Wow, tell that to the white house with their million or so emails that went missing and forced Obama to rethink his cyber policies for future presidents to come.

(X) Countermeasures must work if phased in gradually
This can not be phased in slowly, it has to be done one shot like digital tv was, for it to work.
(X) Sending email should be free
Your sentiment, not mine.
(X) Killing them that way is not slow and painful enough
Killing who exactly, slashdot readers? Your doing a good job so far...

Furthermore, this is what I think about you:
(X) Sorry dude, but I don't think it would work.
Sorry dude, your self absorbed ranting about what you think without at least giving any real sound proof of your background in this field or any real points to substantiate your claims, make me think you are just trying to push an opinion, and like mine no one really cares, the difference between yours and mine, is I understand my opinion does not matter, but the idea I am trying to convey is to try and help by offering a potential idea to help others, you only have managed to waste my time, and yours by trying to grab some 15 minutes of fame by shooting down someone's
idea.

Re:I have said this before...

[hesaigo999ca]

The zombie computers have owners which are not even aware that they are part of a botnet, this is more the direction i was going in, trying to spark some awareness in the owner that when he receives his bill, would realize that he is obviously spewing out metric tons of spam, and needs to resolve the situation.

Re:I have said this before...

[HungryHobo]

"Of course they would, and that is the reason why they incorporate it into the billing, being legit, they would do that, non legit, not so much."

So your plan is to kill all free newsletters?
Fuck that.
I like my free newsletters.
The legit free ones will be the hardest hit.

You put up with being charged per phone call on your cell with a cap per month, don't you?

On the other hand I don't put up with being charged per breath.
Email is currently free.
People aren't going to want to start paying for it just to achieve your little dream of making the world a more expensive place.

Because we do not have a governing body for the internet as a whole??? Wow...(rollseyes)

yes.
Do you want one?

So what you are saying is that international communication does not exist by internet

Please repeat, this time making sense.

Wow, i mentioned a payment structure for a service, and you already want to tax it, even though it would be the companies making money on this that would pay their revenue taxes, you should become a politician.

So you want the government to put a law in to say that companies MUST charge per email and then keep the money?
Good luck with that.
New revenue source: malware writers infecting peoples PC's and having them spew spam at the malware writers own servers or their friends servers.
Easy cash!

Adding a few lines of code, or a new service into an already existing infrasrtucture is not the end of the world...look at when spam first came out, or when dns cache poisoning came out, it is doable if we want to get it done.

Ok I was considering the possibility that you might have a clue about the internet until now but that's out the window.

Exactly my point, now non legit spammers will have to raise their prices, and force their clients to rethink if they want to spend 10 times the amount of money to keep spamming, for that 1% that are gullible enough to think the nigerian king is really trying to send them his money.

It won't be them sending it.
They'll send it from compromised PC's.
It won't cost them a dime extra.

This can not be phased in slowly, it has to be done one shot like digital tv was, for it to work.

Great. And I'm sure when 98% of the public have switched from american providers who suddenly have to charge them money for every email sent to forgien webmail providers who don't the handful of you on servers which refuse to accept incoming mail from the free providers will be very happy with most of your customers and contacts cut off.

but the idea I am trying to convey is to try and help by offering a potential idea to help others, you only have managed to waste my time, and yours by trying to grab some 15 minutes of fame by shooting down someone's

you seem to think you're special.
you seem to think that your ideas are original.

news flash:
every day kids new to the internet throw their minds at the problem of spam and propose "solutions" identical to yours.
This is not a new problem.
Your ideas are not new.
Your ideas are not original.
your ideas have been proposed and shot down hundreds of times.

Hence the tick the boxes form.

Re:I have said this before...

[HungryHobo]

welcome to the internet.
you must be new here.

Re:I have said this before...

[HungryHobo]

You seem to have comprehensively missed his point.

1 cent per email isn't going to stop spam because costs of 50cent and up per piece of regular paper spam has failed completely to prevent paper spam which is a large and profitable industry.

Re:I have said this before...

[HungryHobo]

Also it's cool how once something is THE LAW if you try to do it anyway a magical forcefield prevents you. Cool huh.

the law is great that way.
Things which are unenforceable, prohibitively expensive to enforce,pointless and futile are prevented by the magical lawfield.

when those spammers try to touch their keyboards their hands slide right off.

Anyway, after this law gets passed I can just open up a new service. Make not email so that it avoids the law. I could call it Etalking. so it can be free, perhaps more like an IM client only where you don't have to both be online at the same time, and you could have a unique address, and you can have long messages, and include attachments...

yep.
I think I'd clean up after that new law.

Re:I have said this before...

[hesaigo999ca]

When i meant becomes the law, I was talking about the ISP providing a billing for each email,
and you having to pay for the service of sending an email...no matter how small a fee.
Just like accounting has its own laws, which decree for every billing debit there needs to be a billing credit...if you know what I mean.

You can always enforce this with fines if the companies do not want to adhere to your law.
As for if this imaginary law of mine would ever see the light of day, and you were to create a new service...that would mean you would be able to build a preventative way into it of making sure that people that are using it, will be monitored in such a way as to prevent being able to abuse your service....lack there of by you to create a way for your service to be secure would be like a credit card company creating a useless encryption ....no one would use it.

Re:I have said this before...

[hesaigo999ca]

You seem to have missed the point, the answer is not to stop spammers from spamming, but to bring awareness that a user's pc has been hacked, and is spewing emails using their (choose your ISP for this ...Verizon?) email account.

The billing going to ma and pa kettle would let them know they have to secure their pc, which would lead to the removal of the infection, and let them be a little more aware of the dangers of
1) running without AV
2) not keeping updated
3) having no configured firewall
4) leaving their internet on all day and night for no reason ...you get the point.

Get rid of a million or so infected computers from someone's botnet, and you have seriously damaged his output capacity, making it no more profitable then begging for quarters on the side of the road.

Re:I have said this before...

[hesaigo999ca]

>your ideas have been proposed and shot down hundreds of times
By the likes of you, maybe , seeing as you are not even aware there is a governing body the the internet as a whole...i won't waste my time educating you any longer.
Anyone that has been programming as long as I have and dealt with multitudes of problems
related to different technologies for the web, would have a clear understanding of what I am throwing at them, I see you do not.

My credentials speak for themselves...as for your ignorance in the accounting past of what I said, you should pay closer attention to what is going on in your own country.

The US is proposing a tv tax now, for you to enjoy your television, how do you propose they will collect that, from your door? Obviously not, the cable companies will get asked to add an amount to the bill they send you, and the government will do their diligent job of following the paper trail the cable companies set up for such a thing.

There are those that have ideas, and those that don't.
The ones that don't are only as good as their critiquing.

"The best way to predict the future is to invent it....Darwin"

Re:I have said this before...

[HungryHobo]

Do you even know why the current email system is so popular?
It's free, it's simple, it has no central authority who controls it or requires payment and it's very very easy to do as in so easy a first year comp sci student can write a basic client/server.

Any system which replaces it would share those attributes or it wouldn't catch on.

Law student or accountant?

Re:I have said this before...

[HungryHobo]

If the ISP's cared enough they could notify users when their machines started spewing viruses and crap at the world.
Billing is not required for this.

You want a vagely workable approach: try just getting the ISP's to temporarily disconnect PC's which are obviously part of a botnet.

Money or internet levies are not required.

Re:I have said this before...

[HungryHobo]

By the likes of you, maybe , seeing as you are not even aware there is a governing body the the internet as a whole...i won't waste my time educating you any longer.

Ok we've got a real newbie here.

The Internet is a globally distributed network comprising many voluntarily interconnected autonomous networks. It operates without a central governing body.

You talk about credentials and yet you have this delusion that there is a governing body the the internet as a whole.
ICANN has some say over the DNS system and IP numbers but it certainly isn't a central governing body.

related to different technologies for the web, would have a clear understanding of what I am throwing at them, I see you do not.

So far you sound more like an arts student than a programmer.

My credentials speak for themselves...as for your ignorance in the accounting past of what I said, you should pay closer attention to what is going on in your own country.

The US is proposing a tv tax now, for you to enjoy your television, how do you propose they will collect that, from your door? Obviously not, the cable companies will get asked to add an amount to the bill they send you, and the government will do their diligent job of following the paper trail the cable companies set up for such a thing.

I. do. not. live. in. the. US.
I've seen nothing of your credentials other than a certainty that the impossible can be achieved.

There are those that have ideas, and those that don't.
The ones that don't are only as good as their critiquing.

http://www.despair.com/delusions.html

Re:I have said this before...

[hesaigo999ca]

>Ok we've got a real newbie here
>I. do. not. live. in. the. US
Ok, that explains everything, you are a noob foreigner!
Let me make it simple for you to understand seeing as you can not even grasp that 12 years development as a software developer would count as credentials....
THE US IS THE GOVERNING BODY FOR THE INTERNET.
IT WAS CREATED IN THE US, IT IS RUN BY THE US (by this, i mean standards).
IT IS ALSO ICANN THAT DECIDES MANY OF THE INHABITING LAWS WITHIN IT, IT TO IS AMERICAN.
THE CERTIFICATES FOR WEB IS ALSO CONTROLLED BY THE US.

I know you do not live there, but at least have respect for the people that brought you
what you use today as your main means of communication.

As for my example about tv tax which explains a perfect rebuttal seems to be completely ignored, and not given a second mention, leading me to believe that you just like to be the devil's advocate, and you have no real intention to maturely debate any points, merely try to
irritate a fellow (/.)man.

Good luck to you in that life of yours, however bleak.

Re:I have said this before...

[hesaigo999ca]

That's just it, the ISPs do not care enough, unless you make it law for them too.
What if they are not part of a botnet, but legit and need to send out
millions of free newsletters....your approach is contradictory to your previous claim.

You really do not know business do you...

Re:I have said this before...

[hesaigo999ca]

>It has no central authority...
You obviously do not know the web, speaking out your arse...
the ISPs give you your address, and associate the emails we all use to those addresses.
So technically the ISPs control the emails. The DNS servers control the traffic schema used to get from point A to point B, so again I would say the DNS servers could also be contributed to
being authority for the internet.

Sheesh, like talking to a brick wall...

Re:I have said this before...

[HungryHobo]

12 years development as a software developer would count as credentials....

wow.
12 years in software and still not the slightest clue about the internet.

You're deluded.
No one actually owns the Internet, and no single person or organization controls the Internet in its entirety.

THE US IS THE GOVERNING BODY FOR THE INTERNET.

No.
It is not.
educate yourself.

IT WAS CREATED IN THE US, IT IS RUN BY THE US

No. it was not.
Educate yourself.
http://www.nethistory.info/History%20of%20the%20Internet/origins.html

IT IS ALSO ICANN THAT DECIDES MANY OF THE INHABITING LAWS WITHIN IT, IT TO IS AMERICAN.

ICANN has little or no power other than offering suggestions.
If I felt like doing it there's no law preventing me from setting up my own root DNS, my own signing authorities and ignoring ICANN.

THE CERTIFICATES FOR WEB IS ALSO CONTROLLED BY THE US.

No.
They are not.
Pleanty of signing authorities reside outside the US.

I know you do not live there, but at least have respect for the people that brought you
what you use today as your main means of communication.

The US did not invent the internet.

As for my example about tv tax which explains a perfect rebuttal seems to be completely ignored,

You mean the wierd and hard to enforce tax laws some countries have about owning TV's and radios?
It was ignored because it's irrelevant.

Re:I have said this before...

[HungryHobo]

I know you like AOL but some of us don't rely on our ISP for an email address.

It has no central authority.
none.

the ISPs give you your address, and associate the emails we all use to those addresses.

Ok I no longer believe your boasts about being a coder.
But just to be fair.
One coder to another.

Step through SMTP one step a time for me. show me you understand it at all.
Prove you have any clue what happens when you click send in your little AOL mail client.

So technically the ISPs control the emails.

No.
No they do not.

The DNS servers control the traffic schema used to get from point A to point B, so again I would say the DNS servers could also be contributed to
being authority for the internet.

I can send a mail to any given IP without the slightest need for any kind of DNS service.

Sheesh, like talking to an arts student...

Re:I have said this before...

[HungryHobo]

That's why I called it only a vagely workable approach.
In fact some of the big ISP's do have such a system, if you send a great deal of email direct from your PC then they block port 25 on your connection.
I've heard people complaining about just that situation.
They try to send out a mailshot and get blocked and then have to call up to get added to the ISP's whitelist.

You really do not know anything at all about ISP's do you?

Re:I have said this before...

[HungryHobo]

As a bonus it gives the ISP's a financial incentive to allow or encourage their users to get infected and spread viruses to each other and spam more.

Re:I have said this before...

[hesaigo999ca]

That is a good point, however like bandwidth is now controlled by the government as to how much they can charge you for over used bandwidth, a cap....there could be a cap too for the email situation.

Re:I have said this before...

[hesaigo999ca]

Which country are you in again, I guess they do it differently
where you are...here, we are not blocked as such a thing is illegal, they would be
held accountable for selling you a service to you that you could not use.

Knowing about your county's ISP ruling, vs. mine is not something I can know everything about@

Re:I have said this before...

[HungryHobo]

That example was an american ISP.

here, we are not blocked as such a thing is illegal, they would be
held accountable for selling you a service to you that you could not use.

How are you so convinced you know all about this while at every single turn you demonstrate your utter ignorance of the subject.

Comcast most certainly does port 25 filtering, although not necessarily on every line at every moment. So does Verizon, AT&T, and every other large North American consumer ISP.

It's perfectly legal in the US.

You know nothing about the law.
You know nothing about the internet even on a technical level.
You know nothing about how ISP's are run.
You seem to know almost nothing about networking.

Stop pretending to be some kind of programmer or expert on anything at all.

Re:I have said this before...

[hesaigo999ca]

>Comcast most certainly does port 25 filtering..
filtering and blocking are 2 different things...my friend works
in one such big place and although they do filter torrent traffic,
they can not totally block it. There are still many legit applications that use this
other then just illegal file sharing clients.
As well suggesting they are blocking such an important port that would affect
many enterprises on so many different levels, just shows me how little you know.

>You know nothing about the law.
I am not a lawyer, no but what I do know comes from contact with aspects of my job that force me to know those laws that apply.
>You know nothing about the internet even on a technical level.

>You know nothing about how ISP's are run.
I have friends that work in such companies, and explain to me their problems regularly,
my field is programming not networking, however that might seem the same to you.

>You seem to know almost nothing about networking.
Again, my point, I know programming, and any networking associated with what I need to get done,
if I need to set up special host files that look up different dns servers because my app needs to remain anonymous, I guess i could rely on my lack of networking knowledge...but i would not get far.

>Stop pretending to be some kind of programmer or expert on anything at all.
My boss will be happy with that comment, he asks me all the time why I take such a long time to unit test all my stuff, and I could tell him it's because i know nothing of what I am doing.
He thinks it's a waste of time, and I try to tell him otherwise, but I guess maybe that now I know
that I know nothing about what I am doing, then I could just tell him to go ahead without it.

Just for the record, how many years of development do you have under your belt?
How many ISP companies have you worked for...
How many accounting firms have hired you in the past...
How many lawyers have consulted you in an effort to get to know the law more...
How many small circles does it take to ....nm that one you definitely wouldn't know.

Re:I have said this before...

[hesaigo999ca]

careful your ignorance is showing

Re:I have said this before...

[hesaigo999ca]

You are right, I concede, I know nothing about anything, you win.
You may gloat in your own glory, you may bask in your omnipresence.
I am not worthy, I am mere cattle in this world full of dung.
Oh great swammy.

shoooo, now go away!

Re:I have said this before...

[HungryHobo]

Feel free to prove me wrong.
A brief step program to emails over smtp would show you have a clue what you're talking about.No frills, no attachments, no nothing, just a hello world email.
If you don't mind hardcoding in things or not bothering with errors you could do it in a few lines of bash.

Re:I have said this before...

[HungryHobo]

As well suggesting they are blocking such an important port that would affect
many enterprises on so many different levels, just shows me how little you know.

Do you even google these things before jumping back with a reply.

google
"port 25" comcast
First result.
"We are singling out spammers on our network and blocking port 25,"

there are most certainly legit apps for it, that's why they don't block it on buisness connections.

"force me to know those laws that apply."

then how. how in the name of god do you manage to not know how those laws apply?
I'm not a laywer either but I have enough sense to look things up.

my field is programming not networking, however that might seem the same to you.

Mine is programming too, databases, security and a small bit of networking but this is not specialist knowledge.
This is basic stuff that comes up at the top of a quick search.

He thinks it's a waste of time, and I try to tell him otherwise, but I guess maybe that now I know

Ok now I'm getting a better picture. Last place I worked there were a few people who seemed to know about their fields but seemed to have absolutely no interest in or knowledge of basic general stuff about their field outside the finest area.
I take it you're one of them?

Re:I have said this before...

[hesaigo999ca]

>Feel free to prove me wrong
Only once you take the time to answer my questions about
YOUR background and experience in the field, feel free
to add in some proof too of what you claim.

Re:I have said this before...

[hesaigo999ca]

>there are most certainly legit apps for it, that's why they
don't block it on buisness connections.

First smart thing you said...
>I'm not a laywer either but I have enough sense to look things up
In your own country maybe, not in mine....

>Mine is programming too
So you agree that even if you are not a lawyer, you can know laws, as this statement
of yours implies you are not in networking but think you know about it.

>I take it you're one of them
Well, I don't think, so seeing as I am very active on /. on many different topics of interest
anything from Alzheimer's being branded as a new type of diabetes, to monkeys
being hooked up to machines with brain pads to move a robotic arm, to a laser being
able to melt down plastics as a new form of plastic recycling, to the white house finally
recuperating over a million lost emails, I tend to stay interested.

As for my field and adjacent fields, again I will stage my case, I am not sure which country you are in, but here, we have a different situation then yours obvisouly, and when you tell me the US can block a port on your internet, and you have nothing to do about it, I have a hard
time swallowing what your are saying, even if you are right. If a phone company sold me a service, then all of a sudden, blocked the #2 key, it would impede the service they are contracting to me, and would be in breach of contract. Now, if you are putting up with your company blocking your
port, and don't give a damn, that is your prerogative, but a quick google scan as you say, seems to be providing me with many lawsuits against these ISPs for doing such things, and a few documents about the government trying to step in to regulate it, so I am wondering, if you are talking about the situation as it changes, but citing old stuff, I dont know, I guess I really wont know until all the lawsuits are over and the last man is standing between the clients or the ISPs
to know who won that battle.

Re:I have said this before...

[HungryHobo]

I spent 3 years a God followed by 7 years in the omniscience industry followed next by 4 years understanding everything.
Given the level of general knowledge you've displayed this claim is about as credible as yours.

So anyway, would you like some sources since you seem too arrogant to simply type a few terms into google:

The internet has no central authority

http://www.isoc.org/briefings/020/
If you're too lazy to read they spend pages and pages saying this over and over in different ways:
"There is no central authority that controls the operation of all root name servers"

Email:
go nuts:
find anything in here about a king of email and I'll withdraw all slurs on your knowledge of the field.
http://www.faqs.org/rfcs/rfc2821.html
http://www.faqs.org/rfcs/rfc2822.html
http://www.faqs.org/rfcs/rfc2045.html
http://www.faqs.org/rfcs/rfc2046.html
http://www.faqs.org/rfcs/rfc2047.html
http://www.faqs.org/rfcs/rfc2048.html
http://www.faqs.org/rfcs/rfc2049.html

http://cyber.law.harvard.edu/archived_content/people/reagle/regulation-19990326.html
This rambles on a bit but the general gist of it is that the Internet is based on decentralisation and consensus.

Any single central authority is also a single point of failure.
Far better is rough consensus and running code.

The closest is IP addresses and yet it's still only by consensus, you are utterly free to resolve any given IP address however you wish on your own network(assuming the intent is not to defraud).
we've seen this when certain carriers get into conflicts with each other.

There are certainly groups which have influence on protocols etc on the net but they offer suggestions, not commands.

"The IETF process is interesting in that it is descriptive, not prescriptive. An IETF Standard is not a statement that all must abide by the technical specification unlike much law and some of the standards of government sanctioned standards bodies. Rather, it is a descriptive statement to say that (1) the policies specified by the document are desirable and (2) that the quality is high enough to permit developers to create independent implementations."

I can send a mail to any given IP without the slightest need for any kind of DNS service.

Since you seem too inept to write a simple bash script heres a quick tutorial.

Most basic possible script for sending an email.
Tested on an SMTP server picked at random from one of my email headers and it works fine.

echo "HELO myhostname\nMAIL FROM:$2\nRCPT TO:$3\nDATA\n$4\n.\nQUIT\n" | netcat $1 25

usage:
ScriptName.sh [SMTP server name or IP address] [from] [to] [message body]

Note that from and to must have angle brackets around them.

A lot of servers don't accept these connections from random machines simply because of the spam problem but this is the basics.
Anyone can do this.
You don't need to go near your ISP's email servers unless they're blocking port 25.
You don't need to touch the DNS system if you feed and IP in instead of a host name.

So.
If you think my sources are wrong all you have to provide is some links to some decent sources yourself.
using ALL CAPS doesn't count as providing sources by the way.
It just makes you sound like a 12 year old AOLer.

Re:I have said this before...

[HungryHobo]

In your own country maybe, not in mine....

Actually I'm fairly sure I still have the sense to look things up even when visiting other countries.

So you agree that even if you are not a lawyer, you can know laws, as this statement
of yours implies you are not in networking but think you know about it.

Networking is not my main job though I've tracked the occasional cable through a data centre.
That doesn't preclude me from spending 30 seconds typing keywords into a search engine to check if what I'm saying is obvious crap before I say it.
Please for the love of all that is holy: culture this skill in yourself.

but here, we have a different situation then yours obvisouly

I was not talking about my country when it comes to blocking port 25.
I was talking about the US.
"the US" cannot block a port on your connection.
"An ISP" however can do so if they want, they are not the government.
Companies are not bound by the first amendment.

"If a phone company sold me a service, then all of a sudden, blocked the #2 key, it would impede the service they are contracting to me, and would be in breach of contract."

If their contract with you specified that they would provide you access to every valid phone number then maybe, if however your contract said that they reserved the right to block certain numbers or protocols then they would be perfectly free to do so as long as they don't stray into anti-competitive trading legislation.

"seems to be providing me with many lawsuits against these ISPs for doing such things,"

And if they wrote their contract poorly then some of those suits might win. that says nothing, absolutely nothing about the legality of it.

And yes, every now and then someone decides that god has leaned down and given them the authority to be the bosses of the internet.
So far none seem to have gained much traction.

Re:I have said this before...

[hesaigo999ca]

>find anything in here about a king of email and I'll withdraw all slurs on your knowledge of the field

umm, question....who is the one that decided that the meta headers for
emails must contain the ipadress where it comes from, and who pushes for
some sort of standard in trying to discern mime types....just asking.
I guess if I want to add any sort of info into and email sent across the wire....
I could, I just would not be following a standard protocal set by???
a governing body perhaps?

I will give you some points for s few areas though, I have done some research on my end, and apparently in my country, there have been a few times when port 25 smtp was blocked for residential, but then unblocked, then re-blocked, then unblocked, so legally there might have been issues, but apparently in the US it is up to the ISP to decide if they block it, although some may block it, and others not...depends who you are with....so not everybody blocks it.

I still think legally because I am residential, I should have access to that port unless in my contract you specifically tell me it will be blocked, which is not the case, most do not write anything, then implement a change in behavior, which technically would alter the service therefor breaking the contract, but no one has money to waste on lawyers defending against giant crops that have whole teams of lawyers, so they put up with it, until a class action lawsuit comes up.

Anyways, have a great day, and a great year,
I wish you all the best with your ISP in your country, lord knows you'll need it.

Re:I have said this before...

[hesaigo999ca]

>if however your contract said that they reserved the right to block
Thank you you just proved my point, most contracts residential people have mention nothing about the ISP blocking that port, only about reserving the right to send a thick 2X4 up your butt when they chose, and I think this is what all the class action lawsuits are talking about, you should be able to change something that affects the service at its origin when you first signed the contract.

There are laws against that too, do you have them in your country???

Re:I have said this before...

[HungryHobo]

umm, question....who is the one that decided that the meta headers for
emails must contain the ipadress where it comes from, and who pushes for
some sort of standard in trying to discern mime types....just asking.
I guess if I want to add any sort of info into and email sent across the wire....
I could, I just would not be following a standard protocal set by???
a governing body perhaps?

RFC stands for something-
"Request for Comments"

That's all those documents are.
They are not law.
They are not even rules.
They're barely guidelines.
They are suggestions on a good way to do things.
As it happens they often tend to be technically solid.
There is no authority behind them other than consensus.

Who writes them?
Anyone.
And if they're solid then people might actually follow them.

Anyway.
Cheers.

Re:I have said this before...

[HungryHobo]

Oh if someone breaks a contract you may be able to go after them for that but that's a purely financial thing, not criminal.
I'd be very very surprised if major ISP's don't have good laywers writing their contracts in the first place.

Re:I have said this before...

[hesaigo999ca]

I guess ISO stands for nothing then...

"Less is more"

Re:I have said this before...

[HungryHobo]

???
What have they got to do with email?

http://en.wikipedia.org/wiki/List_of_ISO_standards

I see nothing about email in that list, hell "compute" and "electronic" barely turn up at all.

On the ISO site a search for "email" turns up one thing that looks a little related- a specification for how a MHS could interface with email but these guys certainly aren't in charge of email.

I never said there were no standards bodies for other things.
There most certainly are plenty of standards bodies which decide how my electric lights work, how the steel in my car is processed and the proper handling of peat.

But the normal "conform or we'll punish you" standards don't tend to work too well when you try to apply them across the entire net.

Re:I have said this before...

[hesaigo999ca]

http://yro.slashdot.org/story/10/02/27/2134204/US-Govt-Ending-Its-Hands-Off-the-Internet-Stance?art_pos=20

I guess your viewpoint might have to change after the US passes
their bill and forces the rest of the globe to follow suit.

Too much thinking in hex.

Am I the only one who read this headline and thought, "59 messages a day isn't so bad?"

Re:Too much thinking in hex.

I read it on my iPhone and because the text is so small and my eyesight is shot I thought it said 58.

Re:Too much thinking in hex.

[selvan]

It looked like 38 to me

Re:Too much thinking in hex.

[Hurricane78]

I went “3 x 10^12 spam mails? That is a LOT!”

Re:Too much thinking in hex.

I read it as 3 bytes.

Seriously.

[aussersterne]

SPAM was the absolute bane of my existence (I have several very public email addresses that have to remain that way) until the day I finally (at at the time reluctantly) decided to run all of my mail through Gmail accounts, without exception. I had used block lists, several ISP-based filters, spamassassin post-POP3 on my own local net, and a bunch of filters, and it was eating hours a day of attending to SPAM (new filters, fixing filters, marking as spam, marking as ham) and so many CPU cycles that a dedicated box couldn't keep up. Not to mention that due to the processing overhead of all that filtering, when someone did send me a message and told me so, I'd have to tell them "I'll get it in ten to fifteen minutes." And all for a few (three, really) email queues that belong to one person and a couple assistants?

Now I forget that SPAM exists, and my email comes in more or less instantly.

For a decade now, Google has more or less singlehandedly kept the internet usable.

Re:Seriously.

For a decade now, Google has more or less singlehandedly kept the internet usable.

For a decade now, Google has more or less singlehandedly turned Usenet into a sewer

Formatting

The report is very well written and provides very interesting information, but whoever decided to use light grey on white should get his or her eyes poked out with a needle.

Re:Formatting

[innocent_white_lamb]

Just "select all" in your web browser and the contrast will, obviously, increase. I do that on some websites where the text is so faint I can't read it otherwise.

Where's your beloved filter now?

[damn_registrars]

Yeah, we can see how much of a wonderful difference all those filtering programs that are on the market today are doing for the worldwide spamming problem. That is, no difference.

If you want to do something about the spamming problem, start looking beyond your own nose. Stop adjusting your filtering rules constantly. Pay attention to the cause of the problem - spam is an economic problem. Until something is done about the profit-motive (and the insane margins of profit) behind spam, the problem will only continue to grow.

Re:Where's your beloved filter now?

[Dmala]

If you want to do something about the spamming problem, start looking beyond your own nose. Stop adjusting your filtering rules constantly. Pay attention to the cause of the problem - spam is an economic problem. Until something is done about the profit-motive (and the insane margins of profit) behind spam, the problem will only continue to grow.

Two problems with this idea. First, the people who actually buy stuff from spam can be difficult to identify. I think many of them know deep down that they are doing something exquisitely stupid and will deny it if asked. Second, even if we can identify these spam patrons, it is quite illegal in most places to bash their empty skulls in with a baseball bat. Barring some significant changes in legislation, I just don't see how the problem can be tackled from this end.

Re:Where's your beloved filter now?

[damn_registrars]

If you want to do something about the spamming problem, start looking beyond your own nose. Stop adjusting your filtering rules constantly. Pay attention to the cause of the problem - spam is an economic problem. Until something is done about the profit-motive (and the insane margins of profit) behind spam, the problem will only continue to grow.

Two problems with this idea. First, the people who actually buy stuff from spam can be difficult to identify. I think many of them know deep down that they are doing something exquisitely stupid and will deny it if asked

I apologize if I was overly vague, but that is generally the opposite direction from where I would go. Indeed I expected that most people by now would have given up on the noble (but impractical) aim of "educate every internet user to not buy spamvertised products", hence I advocate instead working to make it more difficult for the spammers themselves to turn a profit. Currently the system unfortunately is doing exactly the opposite of that and making it exceedingly easy for spammers to turn a profit. There are places where a well-placed (metaphorical) wrench in their system could change that.

Second, even if we can identify these spam patrons, it is quite illegal in most places to bash their empty skulls in with a baseball bat. Barring some significant changes in legislation, I just don't see how the problem can be tackled from this end.

I have never condoned the killing of anyone, and indeed my message history here shows a long-standing opposition to murder as an answer to the spam problem. As popular as that suggestion is here on slashdot, murder is wrong and will never solve the spam problem, period.

Rather the answer I offer is to go after the people who profit by enabling spam. This would be in particular the registrars for the spamvertised domains, the ISPs of the spamvertised domains, the registrars for the DNS servers that resolve spamvertised domains, and the ISPs of the DNS servers that resolve spamvertised domains. In the case of a significant portion of all spam, those four groups are all in cahoots with the spammers themselves and are getting a cut of the action in exchange for turning a blind eye to the (often illegal) activities of their customers.

Notice also that I specifically mention the spamvertising domains, not the spamming domains. We know that a good portion of spam is now sent through botnets, which makes it increasingly meaningless to try to go after open relays. Spam costs the spammers almost nothing and nets them tremendous profit. Increase the costs of doing business and you'll see more spammers find other ways to make money; perhaps some of those will even be within the confines of the law.

Re:Where's your beloved filter now?

Yeah, we can see how much of a wonderful difference all those filtering programs that are on the market today are doing for the worldwide spamming problem. That is, no difference.

Spam filters are not there to stop spam -- they're there to stop YOU from receiving it. Most people are completely unaware of how much spam gets blocked between when the spammer sends it and when it would have ended up in their inbox.

Now if we removed ALL spam filters, we might actually find that, as productivity ground to a halt, people might actually do something about the problem and kill off the botnets and spam organisations that cause all these issues... or people might just complain but go on as usual, and the volume might actually go DOWN as the ROI for each blast of spam would increase.

Re:Where's your beloved filter now?

[swillden]

How do you tell the difference between a spamvertiser and a joe job?

Re:Where's your beloved filter now?

[miracle69]

It's not an economic problem because there is little profit in spam from a legitimate business. If there were, they wouldn't require the use of botnets to steal other peoples resources. The spammer can only profit because their overhead is being spread to unsuspecting users on a global scale.

Re:Where's your beloved filter now?

[damn_registrars]

little profit in spam from a legitimate business

While the meaning of "legitimate business" may be debated with regards to the businesses that employ spam, the profit is indisputable. Here is someone who made millions before age 28 from spam. There is also an Olympic skier who is a millionaire spam mogul. Here is yet another spammer who made millions off of spam. Most of the top spammers on the SpamHaus list are doing quite well financially as well - well enough that many of them jet around the world with their spam profits.

The spammer can only profit because their overhead is being spread to unsuspecting users on a global scale.

That statement doesn't match reality. The money the spammers pull in could easily purchase a cluster to pump out spam. However the botnets create one element of the great game of spam whack-a-mole in how difficult they are to shut down as they dynamically resize and pull in new nodes.

And if you look at how much the spammers pay their ISPs, you'll realize that the spammers are in no way hurting for money.

Spam Spam Spam Wonderful Spam

[Virtucon]

- Monty Python

"Have you got anything without spam?"
"Well, there's SPAM, egg, sausage, and SPAM; that's not got much SPAM in it."

Therefore all SPAM should have eggs and sausage in it.

Re:Thanks Largely To The Prevalance Of

You're not the real Kilgore Trout, faggot.

Re:Thanks Largely To The Prevalance Of

[insufflate10mg]

The ignorance of your post is incredible.

Re:Thanks Largely To The Prevalance Of

[geekprime]

http://en.wikipedia.org/wiki/Dancing_pigs has a nice explanation of the problem.

Re:Thanks Largely To The Prevalance Of

[icebike]

Why is this modded troll?

Seriously people, bot nets are virtually 100% windows machines, not because windows is popular, simply because windows is so EASY to subvert.

Nothing has improved or changed in this fact since spam started to be a serious problem.

Is Viagra spam considered malicious?

[istartedi]

The Viagra spams seem to be dominating my filter now. They don't even mangle the spelling any more! They just change the percent discount from spam-to-spam. Perhaps they change other things too but I don't know because I just "check all, delete". The rise in Viagra spam (no puns intended anywhere in this post) seems to have started about a month ago.

If Viagra spam isn't considered malicious, then I can't say I've noticed any increase in spam. Maybe they have malicious code attached; but like I said I don't open them...

Seems like incentive to rethink e-mail

[LordArgon]

Given the estimation that 90% of e-mail was spam *before* a five-fold daily increase, why aren't more people/companies clamoring for a complete e-mail re-architecture? Improved filtering and new spam laws are just symptomatic fixes - the entire way we do e-mail needs to change.

The resources wasted and stolen by spam are staggering. Eventually the economic and political incentive to adopt better e-mail protocols has to kick in; I'm just surprised it hasn't yet.

Anybody read Daemon?

[arbiterveritas]

I find the way they handled the "spam problem" in the fictional book Daemon quite perfect: "All spammers will die."

It's simple, straightforward, and is impossible to stop as it [the Daemon] operates outside the law. The first time the scenario is presented, four people are shot to death and that message is left amid the carnage. That happens a few dozen times over worldwide and you start to see a pattern even spammers will recognize...

Moral relativity aside, from a certain standpoint that tactic might actually work; there is nothing right now that scares spammers. Being found requires a significant amount of resources: tracing down the network, identifying a single point of control (if there is one,) identifying the person(s) attached to that system, etc. Botnets make the problem exponentially harder. Yet, we still can't really do anything about it and we have to dedicate entire careers to the act of reducing spam. There is something fundamentally wrong with that, I think.

there should be bounty to track down the spammer

[swframe]

Everyone is paying to filter the spam but maybe ISPs should pay to find the spammers. At some (probably low) cost, you can induce people to find the spammers. After all, the spammer has to have a way to collect money from his/her targets. Also, I wish ISPs would find the people who respond to spam and give them email accounts at a site that the spammers can freely target. These people are the real cause of spam.

Re:Thanks Largely To The Prevalance Of

[sopssa]

If any other OS was the popular one instead, the problem would be exactly the same there. Remember that you don't even need to obtain root to send spam. The "but you only download software from your distros repo!" wouldn't be so either because people want to buy games, applications and install all kind of shareware/freeware, and that just wouldn't be possible with a single distro that would have strict rules on what apps are there (and no, messing with yum config files and cert's isn't an option with casual people either).

Re:Thanks Largely To The Prevalance Of

[icebike]

Thanks for the coolaid, but I'm not drinking.

Microsoft has done an excellent job selling this "Popular" argument, but it is patently untrue.

Re:Thanks Largely To The Prevalance Of

[sopssa]

Want to explain why botnets have started appearing on Mac OS X too then?

Hosting mail forwarding is ridiculous too!

[TheNarrator]

I have a domain name that I do mail forwarding for. Some botnet owner decided it was worth finding emails to spam to on this domain. So now every single day, 24/7 365 days a year, once or twice a minute I get an attempt to send an email to fsdfs34@mydomain.com where fsdfs34 gets replaced with every possible email conceivable. At first I decided to add an ip blocker for anyone who spammed me, but it soon slowed down my mail server so much that I had to take it out once the list grew into the 10s of thousands of ips.

Now I just greylist and tightly check EHELOs which seems to keep any of the spam from getting anywhere. Nevertheless, the attempts come relentlessly and continuously like clockwork form ips all over the world.

unicorn bacon and failed humans

where might i....oh wait ...haha.
and i failed to confirm im a human
then what the fuck am i

Re:Thanks Largely To The Prevalance Of

[icebike]

Go read about them.

These users entered their administrator password to install pirated software.

Thats a far cry from clicking on an email attachment or visiting a website for a drive-by install.

Apples to Apples please.

Re:Thanks Largely To The Prevalance Of

[sopssa]

It is apples to apples.

Like I noted earlier, there is really no reason why a spambot or other malicious software would need to run as root. It can do its job just fine on Windows, Mac and Linux userland. Root would only be required for hacking a server or just intentionally destroying a computer.

Clicking an executable email attachment? Why wouldn't that work on Mac OS X?

And again, drive-by installs via exploit vulnerability can happen on any OS. Only thing that might currently mitigate that is SELinux, but it's pain in the ass generally and no casual user would put up with it. Most of the vulnerabilities now a day are in 3rd party softwares like Flash or PDF Reader. They are exactly as vulnerable on any system.

So yes, it comes down to the popularity (and generally dumber users than those running for example Linux on desktop).

Fact is, no OS is secure unless it's completely locked down, and even then there are probably vulnerabilities in the OS.

Malicious spam report - in PDF format? ROFL!

In other news, Lifehacker's Remains of the Day for today reports that 80% of malicious exploits use Adobe Acrobat PDF files as an attack vector. Download the report and get infected! ROFL!

Yahoo Mail

[greyparrot]

The Yahoo filter is very good. After a while you get one spam a month, maybe, and one or two items fall into spam that you might want.

Overzealous gateways

[Big_Mamma]

As much as I hate spam, I hate overzealous gateways on the internet more. Earthlink for example refuses to receive mail without a valid return address (so no-reply@ must respond to RESP) and sends you one of these:

I apologize for this automatic reply to your email.

To control spam, I now allow incoming messages only from senders I have approved beforehand.

If you would like to be added to my list of approved senders, please fill out the short request form (see link below). Once I approve you, I will receive your original message in my inbox. You do not need to resend your message. I apologize for this one-time inconvenience.

Click the link below to fill out the request:

There's no way I'll waste my time filling in that form, so I've added big warning on the registration page now - sorry users of a overzealous ISP, please disable your spam filter if you can or just use another email address to register from.

Re:Overzealous gateways

If you show up as :"number unknown" on my cell phone - I don't answer it either. Why should I ? I have never initiated conversation with you and you are not in my address book ( mental or phone ).
In the days of old I only have out my email to people I met ( mostly same today ) but back when you got to verify the intent of the other person first.

Earthlink is doing what I used to do - if I don't know you or you can't fill out a form .. bugger off.
You only have to do it once and then you are in for life.

And ... I'll let you in on a secret ... we probably know the mail from you never makes it to our mailbox ... and thats ok.
Why do you ask for our email ? to verify we are human. Guess what ? We are not sure you are as well - thats why we use an email client that pretty much guarantees we get no spam or junk in it at all.

Re:Overzealous gateways

[Big_Mamma]

Emails do not always come from humans.

A good deal of the thanks for registering / receipt / mailing lists come from no-reply@whatever.com, and the body of the email always includes a way to contact a human being if needed. That's quite a bit different from "number unknown", you've just put your own email address in our system - with a please call me back note.

OH NOES11 THE INTARNETS R THE RUINED111

holy SHIT, 3Billion messages per day, why that's equivalent to one NEW individual piece of spam in EVERY LIVING PERSON'S INBOX ON EARTH...every 2 days!!. Or rather spam folder. But still! Looked at it another way, in just one short month, that would be FIFTEEN messages in a single person's inbox. How many legitimate mails do you get per month? Can you imagine sorting through FIFTEEN pieces of spam to get to just four weeks of real mail? Email is useless.

um, not. wake me when the number of spam messages reaches 3B per second. That will be an interesting milestone...

59 spam messages isn't that many.

[ValuJet]

You nerds sure get hyped up over 59 spam messages a day. That really isn't that much when you think about the whole internet.

Wait... you mean that wasn't hex?

torrents vs spam

I should think that spam is much more serious problem bandwidth-wise.

3B of spam...

[Soiden]

...and in my Gmail account I never see even one.

spamvertised domains versus joe jobs

[damn_registrars]

How do you tell the difference between a spamvertiser and a joe job?

That is an excellent question. If one were to presume that there is no (or next to no) overlap between the two sets, then you can identify the difference based on the registration of the domain. Often a great number of spamvertised domains are all resolved by a very short list of DNS servers, which is why I advocate looking at the spamvertised domains as well as the domains that resolve and register them. If you follow that reasoning, you could also differentiate spamvertised domains from legitimate domains that are being subjected to joe jobs from spammers.

However, if a legitimate domain were to for some reason use the spammer's DNS servers and find itself the target of a joe job, then they would be targeted by those combined signs.