Google Says Spam Volumes On the Rise

← Back to Stories (view on slashdot.org)

Google Says Spam Volumes On the Rise

Posted by CmdrTaco on Thursday April 15, 2010 @02:59AM from the my-inbox-is-crying dept.

alphadogg writes "Despite security researchers' efforts to cut spam down to size, it just keeps growing back. The volume of unsolicited email in the first quarter was around 6 percent higher than a year earlier, according to Google's e-mail filtering division Postini. Security researchers have won a few significant battles against the spammers in the last year, first against those hosting the spammers' control systems, and later against the control systems themselves, but they will have to change tactics again if they want to win the war. In the first half of last year, security researchers concentrated their efforts on identifying the ISPs or hosting companies that allowed command-and-control servers to operate, and shutting these botnet purveyors down. The success of that tactic was short-lived, however."

13 of 187 comments (clear)

If One Person Clicks, We All Lose by eldavojohn · 2010-04-15 02:59 · Score: 5, Insightful
If you are successful at combating spam, you will see a rising volume. Here is the chain reaction that takes place:
1. A spammer has an established source of income that he profits from his operations. Let's say it's ten grand a month. Everything is going well--he kicks back and watches watches the money machine.
2. You implement a better spam blocking program or a better educate users or do something so that the five hundred clicks he gets a day drops to four hundred clicks a day.
3. The spammer now finishes at eight grand at the end of the month and notices something is wrong.
4. The spammer is certain that he can grab back those clicks and all he (did you ever notice how spammers are always men?) has to do is crank up the volume whether it be by getting more e-mails to spam or sending more frequent spams or revolutionizing his spamming tactic and adding new templates and variables to trick people or get around blocks.
5. In the end we see spam rise.
Now, maybe he makes that two grand back in his push and maybe he don't. Maybe your new method reduced his clicks from five hundred to five per month. Either way the best we can hope is that at some point that income shrinks to negative or so little it's not worth his time. The problem is that even if 0.0001% of his spam messages generates a click, he's making bank.

The battle for clean e-mail should be fought on a number of fronts. Public awareness is the key weak link in the chain in my opinion. And as a new net savvy generation arises, that will come naturally.

No matter how much I tell my friends and family to be safe on the net, my friend in Cairo had ten credit cards opened in her name and I had to help her clean it up over here. To make sure it didn't happen again we went over smart procedures like if your bank sends you an e-mail you should read it and then open up your browser by hand and type in the bank's URL as you know it by hand and look for the corresponding information on the site. Yeah, it's a pain in the ass but if you can't find it you can always just call them. Don't click the e-mail link and drop your username and password into some site you don't trust. If I had to guess how she got tripped up, it was when she went to Cairo for school she couldn't afford to talk on the phone and had gotten lazy and careless with doing all her banking online.
--
My work here is dung.
1. Re:If One Person Clicks, We All Lose by houstonbofh · 2010-04-15 03:07 · Score: 5, Interesting
  
  Kidnapping for money is a big industry in Mexico. It is all but unheard of in the United States. Why? Because the FBI made it unprofitable. They use whatever resources are needed to track down and bust the kidnappers, however long it takes. We need that kind of will in the fight against spam. It is expensive at first, but less expensive as people get out of the business.
2. Re:If One Person Clicks, We All Lose by eldavojohn · 2010-04-15 03:16 · Score: 3, Insightful
  
  We need that kind of will in the fight against spam. It is expensive at first, but less expensive as people get out of the business.
  The problem with your analogy is that kidnapping is a binary operation. You're either doing it or you're not. It's also often coupled with extortion and bodily harm and a host of other very serious crimes.
  
  Spamming, on the other hand, is very hazy. What is unsolicited e-mail? People don't take the time to read shit. They just "click click oops, why am I getting these e-mail?" So if they clicked an ad and entered their e-mail address to get thirty thousand acres in farmwars by putting in their e-mail and checking a box that they understand ... where was the failure there?
  
  I just got five messages in a minute from Boingo this weekend. Followed by an apology letter. It was some database template test process run amok that informed me about my account (which I don't have with them). I used them once in an airport. They apologized to me today in another e-mail I didn't ask for! Do we vigilantly hunt them down and jail them?
  
  The problem with your vigilance is that it's often objective to draw the line where spamming stops and legitimate business e-mails start. The crimes that come with spam aren't on the level of human trafficking ... you get tax evasion or another white collar crime at best. Sometimes theft or grand larceny across all victims. But come on, the FBI isn't going to get the resources from the federal government to chase that rabbit down its hole when they need back hoes to dig up the whole internet.
  
  The government's CanSPAM act has increased the severity of it when we're sure you were doing it. That's the most you can ask for ... not a special FBI initiative to relentlessly track everyone who spams. Enforcement should be increased but not to the level of tracking kidnappers.
  
  --
  My work here is dung.
3. Re:If One Person Clicks, We All Lose by Tom · 2010-04-15 03:30 · Score: 4, Interesting
  
  Good point. The strategy was invented by the Romans, in case you care. The Roman Empire had a kind of primary objective on any and all sieges, namely that they win. No matter how long or what ressources it takes, there was the order from Rome that they will never leave defeated.
  A famous mountain fort considered itself invulnerable due to natural features - there was only one small path up to the fortress. The romans built a big camp at the foot of the mountain and started building a ramp. It took them years to build it, but they did it, and took the invulnerable fortress.
  That's why one day, when the roman army had just begun besieging another city, its ambassador came for talks, and he boasted "we have food for ten years". To which the romans replied "then we will accept your surrender in the eleventh". The next day, the city surrendered.
  I'm telling that story because I like it a lot, but also because it shows that insane investment can pay off in the end. Yes, the romans poured ressources into a few sieges that were far beyond what they gained. But once the word had spread, the return-on-investment came.
  There are two things we have to do to get rid of spam, minus the small amount you can never get rid off.
  One is to make it very hard to make a profit via spam. A few simple laws could cover that. Going through the credit card companies would probably work great. Simply allow people a chargeback for any and all products sold via spam. All you have to do is send the spam message to the credit card company and ask for it. The CC company may not charge you. They don't want to pay for the trouble themselves, either. They will charge the merchant. That would pretty much eliminate all the non-working crap that's being sold via spam.
  Two is to go absolutely anal on the spammers themselves. While #1 reduces the ROI, #2 increases the risk. Once you do that, the business case for being a spammer goes away. I don't necessarily mean higher penalties, but more effort in actually bringing them to justice, in an international effort.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
4. Re:If One Person Clicks, We All Lose by Tom · 2010-04-15 03:39 · Score: 3, Insightful
  
  Yes, because the inconvenience of mashing the 'delete" key a few times is exactly comparable to the inconvenience of having a family member kidnapped and held against their will.
  You have heard about scaling factors sometime during your education, haven't you?
  A small crime done to millions sums up. The math has been done before. The "few seconds" times the amount of spam just one of the major spammers sends out in a month comes to easily an entire human lifetime.
  
  --
  Assorted stuff I do sometimes: Lemuria.org
5. Re:If One Person Clicks, We All Lose by gtbritishskull · 2010-04-15 03:57 · Score: 3, Interesting
  
  I think it is pretty easy to differentiate between spam and not-spam. If the person sending the unsolicited mail tries to obfuscate how or from where they are sending the mail, then it is spam. If it is a company that clearly lists who they are, then they can be held liable (whether by being sued or by public opinion) for what they send out. There is no reason for law enforcement to get involved if the civil sector can sort it out. If, on the other hand, there is no reasonable way to trace the unsolicited email back to a person, they are trying to limit the ability of the civil sector to deal with them, so law enforcement should get involved.
  But, that is just my opinion.
6. Re:If One Person Clicks, We All Lose by courteaudotbiz · 2010-04-15 04:47 · Score: 3, Insightful
  
  Learn to use the internet safely or stay off it.
  Unfortunately, staying OFF the net completely is becoming more and more difficult. From making your homework at school to searching for products for your job, it becomes increasingly hard for Joe Average NOT to use the Internet.
  
  I think that we eventually will get most people aware of how to act safely on the Internet. But as in real life, there will always be fools who can't be educated.
7. Re:If One Person Clicks, We All Lose by X0563511 · 2010-04-15 05:02 · Score: 4, Informative
  
  I don't think you realize just how much time, energy (electricity to run the infrastructure, cool said infrastructure etc), and manpower is wasted because of spam.
  Lets put it this way.
  To deal with spam at my company, we use a 10-server cluster. This cluster may seem excessive to you... but note that we get alarms once or twice daily that the load on one of the nodes has exceeded critical levels.
  Now, comes the fun part.
  These servers use about 3 amps each, at 110v RMS. If left without cooling, they would quickly melt down - so add on the air conditioning. I won't factor the AC into this calculation because it cools many other things too, but just be aware of it's presence.
  So, we have 30 ampers at 110v 24/7/365. Now P=VA (where P = watts) so:
  3300 = 30 * 110
  These servers are responsible for a total energy use of 3.3 kW on average. Every day has 24 hours, and lets settle on say 29 days/m. This comes out to 696 hours per month. 3.3 kW * 696 = 2296.8 kWh per month.
  Holy shit! This is a fairly small datacenter too.
  So, you see... take this little anecdotal calculation and scale it up worldwide... and you begin to see the problem.
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
Re:What about... by Jaysyn · 2010-04-15 03:02 · Score: 4, Insightful

It still has to travel thru email servers & routers costing money via electrical & bandwidth costs.

--
There is a war going on for your mind.
Re:What about... by Shakrai · 2010-04-15 03:08 · Score: 3, Insightful

It still has to travel thru email servers & routers costing money via electrical & bandwidth costs.
Aren't people around here rather fond of making the claim that bandwidth doesn't cost money, at least whenever we see a story pop up about some ISP wanting to impose caps or metered billing?
The bandwidth and electrial costs of spam are negligible. You would have made a better argument by pointing out the lost productivity when humans need to divert time away from useful tasks to clean out their inbox.

--
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
Re:What about... by KiloByte · 2010-04-15 03:25 · Score: 4, Informative

Network bandwidth taken by emails is indeed nearly free -- a typical piece of spam is just around 5KB (median). Yet, with more and more complex processing needed to run spam filters, you need quite a bit of CPU to weed them out. Looking at my logs, SpamAssassin runs are around 8 seconds each. Part of that time is spent for DNS queries, but there's a number of CPU-intensive tests as well.
And servers are certainly not free.

--
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
Re:collateral damage by clone53421 · 2010-04-15 03:31 · Score: 3, Insightful

Sounds like you switched to a less-than-reputable host...

--
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
Re:collateral damage by clone53421 · 2010-04-15 04:14 · Score: 3, Insightful

Contact your host, or switch. It isn’t Google’s fault if you signed up for a host which got its entire IP range blacklisted by allowing its customers to send spam and ignoring the subsequent spam complaints. I’m not saying that’s definitely what happened, but there’s a good likelihood it’s exactly what happened.
It’s unreasonable to expect Google to start white-listing customers from a sleazy host on an individual basis. Screening customers is the host’s job and they failed; now they got blacklisted and all their customers suffer. Yell at the hosting company, not Google. If enough of their customers leave because they aren’t cracking down on the spammers, they’ll suddenly realise that not doing anything about the spam is hurting them economically just as much as terminating a few spamming customers would. And if they don’t realise this, or if it wouldn’t... that isn’t the sort of host you want to be associated with.

--
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.