Slashdot Mirror
Malicious Spam Jumps To 3B Messages Per Day
Trailrunner7 writes "Last year saw a monstrous increase in the volume of malicious spam, according to a new report (PDF). In the second half of 2009, the number of spam messages sent per day skyrocketed from 600 million to three billion, according to new research. For some time now, spam has been accounting for 90 or more percent of all email messages. But the volume of spam had been relatively steady in the last couple of years. Now, the emergence of several large-scale botnets, including Zeus and Koobface, has led to an enormous spike in the volume of spam."
What about delicious spam?
And I still see less then 1 per month in my Inbox.
_THIS_ is the price I am willing to pay to allow Google to filter my email.
"The price good men pay for indifference to public affairs is to be ruled by evil men." ~Plato (427-347 BC)
Subscribe to one free daily naked chick mailing list. Imagine how much of that spam is about porn! There are probably more porn emails sent out every week than there are people on the planet.
I keep three email accounts. One I give out for things - registrations, contests, all that stuff. One I give out to friends and family. The third just quietly sits there empty. I check it periodically anyway and it makes me happy when no mail is found.
I can't compile what you're trying to say without the ??? and Profit! directives.
I'd rather have my ISP not be in the business of picking through my traffic and deciding what's "good" and what's "evil". Who I talk to over my connection is my business.
Because one person sending a mailshot to a hundred or so people looks a lot like a botnet.
One person mailing their CV to 200 companies can look a lot like a botnet.
One teenage girl telling everyone about a party can look a lot like a spammer.
Sure if the botnet isn't well written then it'll just blast spam out of every node 24/7 but the really good ones are going to try hard to evade detection.
Hell if you've got enough compromised PC's and you're organised as modern botnet herders are then you can collect a lot of good data on how regular users send email and make sure the nodes of your botnet avoid going far outside the curve.
Ya know,until they start going after the people who hire the spammers nothing is going to change. Some businessperson is responsible for our spam not the spammer. Where and how is this Viagra getting into our country?Where are all the watches being made? and so on. Someone is paying theses spammers,get them. PS: Yes i know its not easy to catch them,but if we can send and control robots from earth on mars it CAN be done.
Jack of all trades,master of none
Let me know when you find a reliable way to...
a) Charge for email
b) Prevent unpaid mail from being sent
c) Prevent botnets from sending 30 free messages then stopping for the day
d) Prevent botnets from sending a ton of paid messages using financial info on the host computer
e) Prevent spammers from setting up a mail server that charges for messages, repeating d) and then collecting all the money.
etc, ad nauseum.
I've found that nurturing one's Zen nature is vital to dealing with technology. Violence is pretty damn useful too.
If you're going to use the check-list then at least fill it out right:
(x) No one will be able to find the guy or collect the money
( ) Microsoft will not put up with it
Bill actually suggested this a couple of years ago.
Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
Am I the only one who read this headline and thought, "59 messages a day isn't so bad?"
Why can't ISP's detect large numbers of messages suddenly going to a vast array of e-mail address and shut it down?
Basically what you're suggesting boils down to throttling the entire Internet so that it can't handle the capacity of spamming, which will make it useless for any e-mail delivery. You might as well just kill e-mail.
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
SPAM was the absolute bane of my existence (I have several very public email addresses that have to remain that way) until the day I finally (at at the time reluctantly) decided to run all of my mail through Gmail accounts, without exception. I had used block lists, several ISP-based filters, spamassassin post-POP3 on my own local net, and a bunch of filters, and it was eating hours a day of attending to SPAM (new filters, fixing filters, marking as spam, marking as ham) and so many CPU cycles that a dedicated box couldn't keep up. Not to mention that due to the processing overhead of all that filtering, when someone did send me a message and told me so, I'd have to tell them "I'll get it in ten to fifteen minutes." And all for a few (three, really) email queues that belong to one person and a couple assistants?
Now I forget that SPAM exists, and my email comes in more or less instantly.
For a decade now, Google has more or less singlehandedly kept the internet usable.
STOP . AMERICA . NOW
Your post advocates a
( ) technical (X) legislative (X) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(X) Users of email will not put up with it
(X) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(X) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
(X) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
(X) Jurisdictional problems
(X) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(X) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
( ) Joe jobs and/or identity theft
(X) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
(X) Outlook
and the following philosophical objections may also apply:
(X) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
(X) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(X) Countermeasures must work if phased in gradually
(X) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(X) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Yeah, we can see how much of a wonderful difference all those filtering programs that are on the market today are doing for the worldwide spamming problem. That is, no difference.
If you want to do something about the spamming problem, start looking beyond your own nose. Stop adjusting your filtering rules constantly. Pay attention to the cause of the problem - spam is an economic problem. Until something is done about the profit-motive (and the insane margins of profit) behind spam, the problem will only continue to grow.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
- Monty Python
"Have you got anything without spam?"
"Well, there's SPAM, egg, sausage, and SPAM; that's not got much SPAM in it."
Therefore all SPAM should have eggs and sausage in it.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
Maybe in the year 1995. I'm pretty sure they can handle having a list of ISP's mail servers and use them now. Sending from a consumer line would be quite useless anyway because 99% of email services would directly block such emails.
It may be nearly useless. That doesn't mean that botnets aren't sending email direct-to-MX. These hosts have connected to our incoming MX's in just the last couple of minutes, and I'd say it's a small sample :) But, nearly all of these connections get pretty high scores from spamassassin, and users generally don't see the resulting spam.
129-219-159-242.nat.asu.edu
s0106001d60d07529.lb.shawcable.net
79.103.93.54.dsl.dyn.forthnet.gr
adsl-074-251-208-007.sip.tys.bellsouth.net
87-205-77-134.adsl.inetia.pl
77-56-149-16.dclient.hispeed.ch
cpe-065-190-194-031.nc.res.rr.com
cablelink-173-211-215.cpe.intercable.net
host-89-231-69-81.plock.mm.pl
Why is this modded troll?
Seriously people, bot nets are virtually 100% windows machines, not because windows is popular, simply because windows is so EASY to subvert.
Nothing has improved or changed in this fact since spam started to be a serious problem.
Sig Battery depleted. Reverting to safe mode.
But it's my business to pay my ISP to funnel the bytes sent to me. If the bytes coming from your ISP are frequently evil, I'd fully support my ISP in blacklisting you, especially if it saves me money or increases my bandwidth.
So if your ISP decides to cut yours off unless they impose some sort of anti-bot policy, I'd be in favor. And I'm perfectly willing to have my ISP do the same to me if it's what's required to play nice with their neighbors.
If you want your ISP to be blind to your bits, and suffer the fact that they'll have to install more bandwidth and be potentially filtered (and lose customers for that, raising your prices further), be my guest. I'm willing to live with that minor invasion of privacy (cutting off obvious bots) in exchange for lower prices.
Given the estimation that 90% of e-mail was spam *before* a five-fold daily increase, why aren't more people/companies clamoring for a complete e-mail re-architecture? Improved filtering and new spam laws are just symptomatic fixes - the entire way we do e-mail needs to change.
The resources wasted and stolen by spam are staggering. Eventually the economic and political incentive to adopt better e-mail protocols has to kick in; I'm just surprised it hasn't yet.
I've NEVER seen all four of those checked before on a singular suggestion. SO, I will attempt to propose the PERFECT solution, which will obviously have to take into account all four options .... THIS would definitely solve the problem.
We need to pass a law, that would create an incentive for Private Companies to generate an electric shock device that would automatically send a large electrical shock to anyone OPENING SPAM (legislation to define SPAM as broadly as possible and contain SNOPES and Chain letter provisions). The Winning company's device would be awarded the ONE day's cost of SPAM (to be determined).
This is based on my basic premise .... STUPID should hurt.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
That's because abuse@ and postmaster@ are the FIRST addresses to get spamblasted on every domain. They have been completely useless for ALL of this millenium.
Face it, the RCFs for most internet protocols were written decades ago for government and academia and were not based on a commercial-use network. FTP, Telnet, NNTP, SMTP, IRC are all obsolete junk and need to just go away like Gopher, Archie, Veronica, etc. There's too much invested in TCP to completely rewrite the way the underlying network operates, but the higher-level protocols need to be replaced by encrypted, authenticated systems that can use a central authority or ring-of-trust if authentication is mission-critical. Email should be the first to go. It's not enough to cover these junk systems with security add-ons & bandaids. They need to be completely rebuilt from scratch to include both public and restricted, private channels.
Of the 5 protocols listed above, SMTP is the only one I still run on my own servers. The others have been replaced with SCP, SSH, SSL HTTP gateways & forums, and various things like texting & twitter.
Nothing worthwhile ever happens before noon
I have a domain name that I do mail forwarding for. Some botnet owner decided it was worth finding emails to spam to on this domain. So now every single day, 24/7 365 days a year, once or twice a minute I get an attempt to send an email to fsdfs34@mydomain.com where fsdfs34 gets replaced with every possible email conceivable. At first I decided to add an ip blocker for anyone who spammed me, but it soon slowed down my mail server so much that I had to take it out once the list grew into the 10s of thousands of ips.
Now I just greylist and tightly check EHELOs which seems to keep any of the spam from getting anywhere. Nevertheless, the attempts come relentlessly and continuously like clockwork form ips all over the world.
That's naive. Any cost savings get funneled right into the profit machine long before you see any of it.
Sigs are too short to say anything truly profound so read the above post instead.