Slashdot Mirror
The Significant Decline of Spam
Orome1 writes "In October Commtouch reported an 18% drop in global spam levels (comparing September and October). This was largely attributed to the closure of Spamit around the end of September. Spamit is the organization allegedly behind a fair percentage of the world's pharmacy spam. Analysis of the spam trends to date reveals a further drop in the amounts of spam sent during Q4 2010. December's daily average was around 30% less than September's. The average spam level for the quarter was 83% down from 88% in Q3 2010. The beginning of December saw a low of nearly 74%."
Just set up some email routers to automatically append text that insults Muhammad to all SPAM messages. Pretty soon the spammers will all have their buildings burned down, their families threatened, etc. You just use one set of assholes to attack another set of assholes--the perfect solution.
SJW: Someone who has run out of real oppression, and has to fake it.
Like a frozen metal pole, licking spam is only the prelude to a much longer, more terrifying ordeal.
Are we winning the war on spam, or are spammers(and their comparatively low returns) just being priced out of the botnet market by more lucrative cybercriminals, the DDoS extortion set, espionage agents public and private, various ideological axe grinders?
Given the fairly low-effort, fairly low-return nature of spamming, I imagine that it is sort of the botnet equivalent of a "screensaver" mode. More valuable than doing nothing; but priced out of the market once a more serious set of criminals comes along(especially now that there are relatively few fully legal spamming locations. This isn't the old days when the world's spam king was some American prick with multiple T1s running to his house, sending spam quite openly right out of his home jurisdiction...)
Well, I WAS seeing a decline in spam until my email address got released by Gawker (along with my crappy throwaway password). I'm getting several hundred a day again now.
Then someone needs to tell the spammers this because over the past month I've been hit harder on my personal url accounts than ever before. From 2-4 message a night to 25 is a significant jump. Then they keep coming throughout the day. And that is using a black list and spam assassin. I would like to personally offer my current kidney stone as a gift to the spammers...
"This technology stuff is just plum crazy!"
Perhaps the people who once bought v146r@ ch3ep are tired of getting tired of getting billed monthly for one bottle of placebo? No more financial incentive means greatly reduced spam?
This only covers email spam. I'm guessing facebook and twitter users get spammed quite a bit to their profiles, as these are used more and more for daily communication.
When I first got email in the late 1800s there were no junk filters. Today, I specify a single spam mail as junk and I never see that type of spam again unless I want to.
Spam less effective = less of it sent.
I hate being bipolar; it's awesome!
ROTFL.
Quite a few percentages quoted, but no marker to base those percentages against.
When are all these ups and downs being compared to? The article doesn't say. The summary doesn't say.
Statements like "The average spam level for the quarter was 83% down from 88% in Q3 2010." clearly indicates that there is some point being tracked, prior to a half year ago.. but when? If spamit closed in September, why are figures from July-Sept showing a downtrend?
Bah!
I've noticed that spam & dictionary attack are seasonal. Over Christmas I saw less than 20% of the usual attacks on our servers. I'm guessing this is due to peoples bot-ridden machines not being switched on as much.
What really gets me is the amount of of dating spam that gets sent to an account I use for FreeBSD porting & CPAN. One would think spammers would avoid certain domains as they're only used by techies. Then again, maybe we're so desperate we'll jump at any chance of talking to a bird.
ed
I've been getting significantly MORE spam in the last month. I would assume that they base their metrics on how much spam was caught and identified. Since apparently more is getting through to me now, the article should really be titled "Significant Decline of Spam DETECTION".
`fortune -o`
Spam is declining for a few reasons -- Anti-spam technology is getting better and more widely deployed. sure with massive volumes and good spammer technology plenty is still getting through -- but it's becoming more challenging for spammers to reach the inbox these days. Cybercriminals have switched to focusing on using malware and botnets as these much more profitable over time than the basic spamming. Why would you waste time trying to get someone to buy viagra from an online pharmacy when you could capture their credit card or online banking details instead? Successfully capturing a few dozen credentials like this would likely be more profitable than reaching a million users with a spam message. Massive volumes of spam will still continue but overall the spam industry just ain't what it used to be!
I remember getting the occasional spam, and actually out of curiosity seeing how they would even complete their objective. Their objective? Sell you something that they are advertising. Many moons ago, I got one spam that had an 800 number. I called it and I couldn't even leave a message since the mailbox was full.
Spam = advertising. Advertising leading to the sale of a product or service. I noticed about 99% of the time there was no logical or easy way to make a call/visit a site,etc to present me with a product where I could buy it. You think grandma is going to de-obfuscate a URL(like slashdot's stupid email addy obfuscating filters) , visit the URL & buy your fake Lewis Vitton bags or whatever. Some spammers I swear are just spamming for the sake of spamming. Where's the money in that? There's ways around that like recommending I buy some junk stock that will be worthless in a month.
Then there was some Chinese individual who personally spammed me trying to sell me electronics. I carried on a good convo with him for a week until he told me to go to hell for wasting his time. He refused to tell me how he got my email address. In a funny coincidence, my gmail got hacked, sent spam mail out to everyone in my address book, including the spammer. He replied back saying he wasn't interested. yes, spam emailed spam.
BTW slashdot quit forcing me to preview, wait 2+ minutes to make a damn post on here. Or should I just go to reddit?
What I've never understood is how come the governments haven't ever gone after the companies hiring these spammers to spam their shit all over the Internet? I mean, if we're so gung-ho about stopping spammers, you'd think the obvious place to start would be the companies that are hiring these scummy assholes to do their bidding for them (I'm sure the spammers aren't just advertising other companies' products out of the kindness of their hearts)...\/1@gr4, I'm looking at you.
I was noticing fewer items in my spam filter reports declining indeed in October. Looking at recent week or so, it has jumped to a level that I have never had before. This is based on my business account as well as an old email address that I use. I suspect that they have figure out a new method, or were able to breathe life back into all of the bots that they already control. This will be a continuing effort until there are swift and painful punishment for spammers when caught.
Spam will be stopped in the same way that drug trafficing will be stopped, by education and ability to make it profitable. As long as money is there, people will always step forward to rake it in.
I need to question the methods used to measure Spam, specifically what is being measured - while I can see the volume of spam emails dropping, the number of spam accounts attacking the forums I run is ever-increasing. Despite numerous tools (Blacklisting, CAPTCHAs, etc.), the sophistication and frequency of spam accounts and posts on forums seems to be increasing - to the point of humans joining communities and contributing in semi-relevant ways so that they aren't just auto-banned when they sign up.
I don't think that Spam is declining, I just think it's shifting methods to new ways that aren't being fully measured yet...
So instead of 332 spam messages a day, I'm only seeing 296 messages? Not really groundbreaking for me.
Playing Whack-A-Spammer is a losing proposition. Someone will start up a service at least as big as Spamit, and we're just as buried. I'm not at all hopeful that spam can be contained at all.
The only real solution is to go after the advertisers, the clients. I get occasional spam from what looks like mainstream advertisers, and if they get interested either in avoiding the bad press of spamming people OR they get interested in spammers using their trademarks without permission, maybe then we get some results.
But there's plenty of advertisers that don't care.
The ultimate solution is to make the spammers pay more than their clients will tolerate.
deleting the extra space after periods so i can stay relevant, yeah.
This article is rediculous:
What about the Christmas outbreak last year? Was it different?
I get the feeling the author is just spinning the numbers. Who knows, there could be no decline at all unless seasonal trends are fully accounted for.
check http://it.slashdot.org/comments.pl?sid=1929880&cid=34710824
in previous years i got more spam in November and first 20 days of December than the rest of the year... this year i get less spam during the same time
Higuita
Because most of that isn't real Viagra, it's Canadian/Indian knock-off Viagra.
I love the IBM commercial where "10% of the worlds medication is counterfeit" and they go on about tracking and safety. What it is really about is profits. They don't want counterfeit meds hitting the shelves. While this sounds good, the "counterfeit" meds aren't as dangerous as they seem. Some countries are not respecting patents so India and Canada can produce their own. Since it is sold and labeled as "Viagra" but isn't produced by the patent older or license, it is technically counterfeit. But it is just as safe as acetaminophen is to "Tylenol".
*Note: there has been a push for India and other countries to respect patents, I don't know where these efforts currently stand. These countries just don't want to pay the extortion rates from the patent holders.
Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
the worst article ive ever read. source is not linked, the axes on the graph arent even fucking labeled, and the method by which the sampling was acquired was not disclosed. furthermore lets take this with a grain of salt; commtouch sells an anti spam product to large isps and service providers that costs upwards of a quarter-million dollars a year to license and run. If the metric is from their honeypots that might be OK, but if its from their appliances then i call foul.
spam isnt just from one source anymore, so you see it coming from dedicated and shared hosting accounts, pools of compromized ips and web based email accounts without decent security controls.
Good people go to bed earlier.
That's not the point; if they actively benefit because of spammers, and their distribution method currently allows it, then they could stop it. This means that economic pressure on manufacturers will stop the spam.
But it's not true, and manufacturers don't like it. Drug producers don't like people buying knockoffs and Canadian drugs at reduced prices.
I'm a concientious
Have a look at the statistics I've been gathering at work:
Oxford University Dept. of Earth Sciences spam statistics.
As you can see, both the volume and percentage of spam relative to legitimate e-mails is down to the lowest levels in a couple of years, by an order of magnitude (in terms of volume) from its peak in July 2009.
Agrajag: "Oh no, not again!"
Even better, this university gets a lot more spam than i and check the graphs
http://picpaste.com/mx-fx7b1NOG.png
Higuita
Spam to my mail server has increased quite significantly the last three months. The most recent low was about the middle of this year (when my personal email address was "only" getting 600 spam emails per day on average), currently the average is closer to 1200 spam emails per day (About a year ago, it was around 1000 spam mails per day on average). Fortunately SpamAssassin catches pretty much everything.
Some interesting things I've noted from the count of spam:
* It drops markedly over weekends (sometimes by as much as two thirds). Either spammers take the weekends off, or the machines with the botnets installed are typically in businesses and are switched off over the weekend.
* I noted a big drop in spam when that "false positive" story broke with one of the antivirus vendors (I don't remember which one it was) which rendered a large number of Windows machines unbootable - perhaps these machines were infected after all.
* I see a dent in the spam numbers every time there's an announcement about some botnet being taken down. However, the numbers only drop off for perhaps a week or two, after that the spam is back with a vengeance, usually at an even higher rate than before.
* The highest single day amount of spam to my personal email address this year was over 1900 spam messages.
Oolite: Elite-like game. For Mac, Linux and Windows
Oddly, more spam than usual has been getting past Gmail's filters in the past couple weeks. At least for me. Less spam but smarter I guess.
Too many people have been too affected by TV cop performance. In truth, there aren't any super-detectives that always find the guy, most cops are content to come and clean up after some major crime has happened, and most perps just get away with whatever.
There is no Columbo, no Kojak, no Jack Bauer, no CSI -- that's all fantasy. Maybe that's good, maybe not. Most departments are run by politics, and jurisdiction here is a real hairy issue. Probably the feds ought to take a little time off the "war on this and that" and do some real war on things that actually matter, rather than things that get press -- and in this case they might be surprised how much positive press they'd get were they effective. It probably looks too much like whack-a-mole to them at this point, because even though it costs everyone money, it only costs any one entity "some" but not huge money as a fraction of operating costs. I'd bet a bunch of these companies are actually pretty small outfits that move around a lot. I mean, how much setup does it take to be a pusher of fake sex drugs? One guy with an idea and a box of fake pills in mom's basement? Things like that are hard to catch up with, and seem like too-small busts to make some cop get a promotion, even though setting an example with a few might cool their jets nicely. It's how the IRS works for example -- a few really public busts, a few threats of audits, and everyone lays down and pays taxes out of fear.
Why guess when you can know? Measure!
I've noticed very much the opposite at work.
As you can see, there's been a general trend downwards, in jumps, since July-Sept. 2009.
The filters being used here are (1) IP addresses with valid DNS entries, (2) DNS blacklists, (3) ClamAV (with spam signatures added), followed by (4) SpamAssassin, which has been detuned so that it doesn't produce any false positives. Seeing as only a few spams actually get past ClamAV this is merely to catch those which don't have a signature yet.
P.S.: Off topic: Right on commander! ;-)
Agrajag: "Oh no, not again!"
http://it.slashdot.org/comments.pl?sid=1927208&cid=34689212
Hmmmm? Did Your big mouth and skimming get you into a jam again?? Absolutely. You tried taking on your betters, and your skimming and your stupidity did you in, promptly. How embarassing for you clone. It was totally hilarious watching you run away! There will be NO burying this clone, for your trolling others here repeatedly, and under your other registered username here too of clone53421 (1310749) as well.
Even if they could produce the real stuff, that is far more profitable and less cumbersome to sell sugar pills - or nothing at all.
That is a bit like fake rolex. Rolex-quality level fakes exist, stolen rolex exist, but the half homeless vendor with his blanket at the corner of the street is not the guy where you can get those from.
the company I work for was averaging 300k a day, bit down about 66% this week (there was a significant drop in August however). I attribute it to people getting new PCs and taking their old spambots off line...
Thanks to file sharing, I purchase more CDs
Thanks to the RIAA, I buy them used...
What really gets me is the amount of of dating spam that gets sent to an account I use for FreeBSD porting & CPAN. One would think spammers would avoid certain domains as they're only used by techies. Then again, maybe we're so desperate we'll jump at any chance of talking to a bird.
That's why I like using the "+" separator whenever I can. It allows easy filtering and I know exactly where it was received from.
Unfortunately a lot of web form validation systems don't accept the format "person+foo@domain.com" as valid, and I have to end up removing the "+foo". When I was more active on Usenet I used a date-based format for my posting ("person+unetYYmmDD@domain.com") that I updated semi-regularly. I then created a ".forward+unetYYmmDD" that put things into /dev/null once the address was harvested after a few months.
I believe Gmail supports the +foo modifier, but my company exchange system sadly does not.
Then why have I been seeing more lately?
mark
The best quote from that cable:
Why can't we just have a rule that any email that has more than 3 spelling errors gets nuked?
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
You're only playing whac-a-mole when you go after individual spammers and spam gangs like this. Knock one out, and another will rise to take their place. Even if you disassemble a botnet, that will only be a momentary setback until they build a new one of a different set of compromised PCs.
If you want to really stop spam, you need to deal with the underlying cause of spam. You need to reject the foolish notion that spam is sent to piss you off personally, and acknowledge that spam is sent to make money. You need to go after the people who are funding the spam; if you can cut off the funding to the spammers (from the owners of the spamvertised domains) you will see spam finally whither and die.
Until then, all other changes are temporary and hollow at best.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Either you only communicate with grammar/spelling nazis, or don't realize how even well educated people suddenly lose about 40 IQ points when they compose an email. For example, this is a legitimate and important email from a business professional to a client (formatting preserved):
------
Hi (redacted) I Congratulation's to both of you. still do not have pre approval from them yet. here are list of the inspectors.
Title Co info it is on the offer. please have the verification of your money in bank please just email me a copy of bank statement or get it from your bank. thanks (redacted)
Please see the attachment Inspectors list.
------
Some of us have friends that suck at spelling.
"We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
If you go to amazon, you should be able to get an automatic self winder Invicta with a japanese movement that looks like a Rolex Submariner for about $90. Would that count as a fake rolex?
"We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
Dude, you’re replying to a well-known troll... I actually had to check your posting history just to make sure you weren’t another of his sock-puppets. Just wanted to give you the heads-up.
Distributed Denial of APK: It takes 15 seconds to reply to him anonymously, but wastes tons of his time if we all do it.
If you're sending fairly legit opt-in, I have no argument against you. I've got plenty of tech sites which I've subscribed to in various ways (often starting with contests etc), but which have legit unsubscribe links etc
As I enjoy reading the product listings, I continue to receive their email.
I have a few ebay sellers that auto-subscribed me to their mailing lists after I bought stuff from their stores, etc. They're a bit less "legit" in terms of the opt-in, but if they ever become truly annoying I'll just unsubscribe.
The worst sites for being unsubscribe'able are generally dating sites and job-hunt sites. I've got sites I haven't used for years, don't remember the passwords for, and continue to get mail from (often without proper unsubscribe links). THOSE piss me off, and start to strain the border of "legit" (I think an unsubscribe link is required for some anti-spam compliance). If I can't find a way to get rid of them, I hit the "mark as spam" button a few times and then filter them off to nowhere.
The rest of the spam, 99% is eaten by gmail's filters, that's the stuff I never asked for in any way.
So depending on where you fall in the pile, I won't immediately say that you're an "evil spammer." Sending mass-mail to those that want it isn't necessarily a bad thing, especially if you allow a legit unsubscribe.
Hell, I've even worked on the email marketing systems, etc, myself. One of the first things I did at my previous employer was explain why having a "subscribe to our newsletter" box our sites that *didn't* validate/confirm the subscriber owned the address was a very bad thing (luckily they let me fix it).
> Would that count as a fake rolex?
How much does it look like a Rolex? Does it infringe their trade dress or trademarks?
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
There's a product just out that will make your spam last longer, stop declining and stand proud, and be the envy of every ISP on your block.
And she will thank you for it.
Have gnu, will travel.
what this implies is that the selective targeting and assassination of a dozen or so of the top spammers would significantly reduce spam worldwide.
and a continuing program of taking out the top 10 spammers every few months would keep it down.
...I still think a bounty on spammers is the ONLY solution that has any real chance of working. too bad it's technically illegal as spammers are nominally human.
If you buy Viagra from a spam email, you'll likely get a placebo, or worse, something toxic... So it really isn't the mega companies hiring them, but the knock-off companies and their ilk, and they're operating outside the law as they always have. The internet has just expanded their audience.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Check out the amazon listing. Apparently, they changed some of the look and feel under pressure from rolex.
"We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
Sure, nothing's ever perfect, and that's a pretty good example. It would take some whitelisting if someone typically writes like that. However, one day out of frustration with Yahoo's filters I made a couple of my own filters on the words "urgent" and "dearest", and that nuked 30% of my spam straight to trash instead of my inbox.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
I don’t trust much he says, partly due to the fact that he’s been banned on forums before because he registers sock-puppet accounts to bump his threads and write fake “testimonials” about how they used “apk’s guide” and haven’t had a virus in the past however long. Not to mention the ridiculous amount of spam and the fact that his posts appear to be written by a pseudo-random copypasta generator, due to the typical similarities in them.
And we all know he IP-resets to get around the postlimit here on Slashdot.
Distributed Denial of APK: It takes 15 seconds to reply to him anonymously, but wastes tons of his time if we all do it.
Google provided the link I was looking for: the ultimate guide to APK
http://arstechnica.com/civis/viewtopic.php?p=19122373#p19122373
If he has value, I’d say that value is mostly comedic.
Distributed Denial of APK: It takes 15 seconds to reply to him anonymously, but wastes tons of his time if we all do it.
his work wasn't 1/2 bad...For a script...
Imo, it's MOSTLY there
LOL, as much as I’d love to take credit for the script, I really didn’t write it.
in Access? You have NO "varchar", only fixed size text fields
False. Access calls it a memo field type instead of a varchar field type. It holds up to 63,999 characters.
(& it always defaults to the LONGEST entry, padding the rest to equal length to said longest entry, making the HOSTS file "bloated")
Also false. Fixed-length text fields are not padded with spaces in Access:
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
A "VARCHAR" field allows different lengths of text to be in each row, in a particular column, and to NOT HAVE TO HAVE THE COLUMN BE THE SAME LENGTH!
E.G.=> Text1 vs. TextText1
Both are text fields, but the 2nd one is longer than the first. The VARCHAR field will make 5 spaces for "text1" & 9 spaces for "texttext1", but NOT FORCE THE "text1" entry to be the SAME 9 DIGIT LENGTH, via padding, that "texttext1" is.
I know what a varchar field is, you arrogant prick. That’s what the memo field does in Access. You’re an idiot.
Try an export... see what happens!
(I.E.-> You'll end up with a file with TONS of "trailing blanks" as padding
Then you exported it wrong, moron. Go in to the settings and change it from “fixed width” to “delimited”. Then change the field delimiter to “{space}” or “{tab}” and the text delimiter to “{none}”.
Your failure at exporting data from Access does not me wrong make.
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
P.S. There’s a reason the hosts file is plain text. Anyone who needs a database to manage their hosts file is a fucking moron. It was never meant to be that large.
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
No, because HOSTS FILES ARE NOT COMMA (or otherwise) DELIMITED FOOL!
YOU FUCKING IDIOT, read the next part where I said to change the delimiter to a space / tab!
Who’s skimming now, hmm?
Your failure to make a correctly working HOSTS file on export
Tested and works. YOU are the one who failed at reading comprehension to duplicate what I told you to do.
unlike your "script kiddie script"
I’ll say it again. That wasn’t my script. I don’t do shell scripts. Keep shrilling your insanity, nobody cares.
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
Fuck off, troll.
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
No no senor, it doesn't work: You end up with a file that is NOT "line-by-line", but instead a file that has entries like so, on export:
Wrong, that's the field delimiter not the record delimiter. Nice try APK.
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
Do you think I’m going to shit my pants because you found my facebook? You’re wrong.
I have a pseudonym because I CAN have a pseudonym. And you are a cyber-stalker and you’re harassing me. Quit.
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
I have not been formally accused of any crime. I am not a felon.
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.