The Significant Decline of Spam

Orome1 writes "In October Commtouch reported an 18% drop in global spam levels (comparing September and October). This was largely attributed to the closure of Spamit around the end of September. Spamit is the organization allegedly behind a fair percentage of the world's pharmacy spam. Analysis of the spam trends to date reveals a further drop in the amounts of spam sent during Q4 2010. December's daily average was around 30% less than September's. The average spam level for the quarter was 83% down from 88% in Q3 2010. The beginning of December saw a low of nearly 74%."

I have a solution

[elrous0]

Just set up some email routers to automatically append text that insults Muhammad to all SPAM messages. Pretty soon the spammers will all have their buildings burned down, their families threatened, etc. You just use one set of assholes to attack another set of assholes--the perfect solution.

Re:I have a solution

[MillionthMonkey]

Just set up some email routers to automatically append text that insults Muhammad to all SPAM messages.

Your post advocates a

(*) stupid ( ) technical ( ) legislative ( ) market-based (*) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. Aaaah who cares; I have to go to work.

Re:I have a solution

[fridaynightsmoke]

Russia and Nigeria have oil.

But Nigeria's oil industry is already owned by Shell. And they're working with US government to plant agents inside the Nigerian government so that the cheap oil keeps flowing.

The linked leaked cable doesn't say that. What it does say is that Shell are/were concerned about Russia giving missiles and/or other weaponary to rebels intending to attack Shell helicopters and other installations etc, with a view to Gazprom taking over Shell's oil wells in Nigeria. Shell asked the US Gov. if it knew anything.

Re:I have a solution

[ObsessiveMathsFreak]

Your post advocates a

(*) technical ( ) legislative ( ) market-based (*) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(*) It will stop spam for two weeks and then we'll be stuck with it
(*) Users of email will not put up with it
( ) Microsoft will not put up with it
(*) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
(*) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(*) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

(*) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
(*) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(*) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(*) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
(*) Extreme stupidity on the part of people who do business with spammers
(*) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
(*) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(*) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

( ) Sorry dude, but I don't think it would work.
(*) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

So...

[fuzzyfuzzyfungus]

Are we winning the war on spam, or are spammers(and their comparatively low returns) just being priced out of the botnet market by more lucrative cybercriminals, the DDoS extortion set, espionage agents public and private, various ideological axe grinders?

Given the fairly low-effort, fairly low-return nature of spamming, I imagine that it is sort of the botnet equivalent of a "screensaver" mode. More valuable than doing nothing; but priced out of the market once a more serious set of criminals comes along(especially now that there are relatively few fully legal spamming locations. This isn't the old days when the world's spam king was some American prick with multiple T1s running to his house, sending spam quite openly right out of his home jurisdiction...)

Re:So...

[garcia]

They can claim that spam is going down all they like but I haven't seen any reduction in my inbox and I have seen a HUGE increase (quick estimate is five-fold) in the spam comments which appear in my Akismet filter for Wordpress.

Re:So...

[arivanov]

1. At some point this summer FDA started looking into food supplements and actively removing "body builder" supplements which actually were a supplement for that muscle that is not quite muscle tissue and is affected by various sildenafil salts. A lot of SPAM was advertising these semi-legit operations and it is logical for it to reduce in volume as they get closed down.

2. Facebook, LinkedIn and their like have become easier routes than mail with higher success rates.

I would expect SPAM to decrease as a result of both of these even without major operations being taken down.

Re:So...

While I'm not a spammer in the legal sense, because I'm CAN-SPAM compliant. Most people here would consider me a spammer, because of some mental disorder about curing the world of whatever it is they don't like (in this case marketing). I've made well over 200k this year. Yes, it is down a bit, but that's mainly due to some recent changes in spam filtering, but now those filters have been figured out. Next year will be great again.

I'm in Las Vegas (spam beach west@!#$!!) and recently there was a guy arrested here for sending scam. It's reported he made over $500k this year and it's completly believable. That's something the antis don't understand there's LOTS of money in it and it's because of them. The tighter the filters get the more money we (that people who can get past them) make.

This time of year there's 2 schools of thought. The first school of thought says mailing this time of year isn't worth the reward / risk, because most people are traveling and not in front of their computers. Where the risk is getting your ips hammered by blacklists before the new year. The other school of thought says mail as much as you can so your offers fill up their inbox / junk folders and have more ips than normal in reserve for when you get nailed for the increased volume.

Re:So...

[CohibaVancouver]

I could probably make a lot of money scamming little old ladies, or working as a hitman or a pimp - However I choose not to because it's morally wrong. Just because I have no respect for you because you can make tons of cash spamming doesn't mean I have a mental disorder - It just means I have you in the same category as cowards who scam grannies.

Re:So...

[1u3hr]

For a while, a couple years ago, I would get 2-3 a week on that account, then google sprinkled some googledust on the servers and it's now practically non-existent.

Which makes it all the more infuriating the way that Google ignores the deluge of spam sent to Usenet via GoogleGroups accounts. Obviously they could prevent it, or at least not propagate it, using the same methods. Instead their neglect looks like a deliberate policy to make Usenet a garbage heap and drive people to their own forums.

Re:So...

[shrimppesto]

yes, but sadly, complying with all U.S. laws does not make you any less of a turd.

Junk filters make it less effective

[Trip6]

When I first got email in the late 1800s there were no junk filters. Today, I specify a single spam mail as junk and I never see that type of spam again unless I want to.

Spam less effective = less of it sent.

Re:Junk filters make it less effective

When I first got email in the late 1800s there were no junk filters.

I should say not. If the Pony Express rider went to all that trouble to deliver the letter, it would be rude to throw it out.

Re:Junk filters make it less effective

[morgan_greywolf]

I am so getting off Trip6's lawn. You should, too.

Seasonal variation

[oobayly]

I've noticed that spam & dictionary attack are seasonal. Over Christmas I saw less than 20% of the usual attacks on our servers. I'm guessing this is due to peoples bot-ridden machines not being switched on as much.

What really gets me is the amount of of dating spam that gets sent to an account I use for FreeBSD porting & CPAN. One would think spammers would avoid certain domains as they're only used by techies. Then again, maybe we're so desperate we'll jump at any chance of talking to a bird.

Poor detection

[OiBoy]

I've been getting significantly MORE spam in the last month. I would assume that they base their metrics on how much spam was caught and identified. Since apparently more is getting through to me now, the article should really be titled "Significant Decline of Spam DETECTION".

Why not go after the companies hiring the spammers

[pak9rabid]

What I've never understood is how come the governments haven't ever gone after the companies hiring these spammers to spam their shit all over the Internet? I mean, if we're so gung-ho about stopping spammers, you'd think the obvious place to start would be the companies that are hiring these scummy assholes to do their bidding for them (I'm sure the spammers aren't just advertising other companies' products out of the kindness of their hearts)...\/1@gr4, I'm looking at you.

Re:Only email spam?

[mlts]

Comment spam hasn't slowed down. I think its because E-mail spam is starting to have such a low return ratio compared to getting spam in front of eyeballs via Facebook or Web forums.

For a spammer, cracking into a Facebook account, posting links up to a malicious website to distribute malware is far more lucrative than just spewing out and hoping the outgoing ISP, the relays, the user's mail server, and the user's MUA doesn't stomp the spam first. A FB account is almost guaranteed to be read, and oftentimes, the link clicked on.

Imperceptible improvement

[rickb928]

So instead of 332 spam messages a day, I'm only seeing 296 messages? Not really groundbreaking for me.

Playing Whack-A-Spammer is a losing proposition. Someone will start up a service at least as big as Spamit, and we're just as buried. I'm not at all hopeful that spam can be contained at all.

The only real solution is to go after the advertisers, the clients. I get occasional spam from what looks like mainstream advertisers, and if they get interested either in avoiding the bad press of spamming people OR they get interested in spammers using their trademarks without permission, maybe then we get some results.

But there's plenty of advertisers that don't care.

The ultimate solution is to make the spammers pay more than their clients will tolerate.

Re:bah

[higuita]

i cant give you those answers, but i see a similar trend, spam is dropping since end of August/start of September

check the graph (rejects and spam tags are spam):

http://picpaste.com/spam.png

in the previous years, i would see a big increase of spam since November until Christmas, this is the first time in years that i get less spam in Christmas than the rest of the year... i see now that i'm not the only one

i have a usual level of spam of 60% during the year and its now on a spam ratio of 25% (but this week is usually a slow week for spam every year)

better graph showing the spam drop

[higuita]

Even better, this university gets a lot more spam than i and check the graphs

http://picpaste.com/mx-fx7b1NOG.png

I don't really believe it

[Alioth]

Spam to my mail server has increased quite significantly the last three months. The most recent low was about the middle of this year (when my personal email address was "only" getting 600 spam emails per day on average), currently the average is closer to 1200 spam emails per day (About a year ago, it was around 1000 spam mails per day on average). Fortunately SpamAssassin catches pretty much everything.

Some interesting things I've noted from the count of spam:

* It drops markedly over weekends (sometimes by as much as two thirds). Either spammers take the weekends off, or the machines with the botnets installed are typically in businesses and are switched off over the weekend.
* I noted a big drop in spam when that "false positive" story broke with one of the antivirus vendors (I don't remember which one it was) which rendered a large number of Windows machines unbootable - perhaps these machines were infected after all.
* I see a dent in the spam numbers every time there's an announcement about some botnet being taken down. However, the numbers only drop off for perhaps a week or two, after that the spam is back with a vengeance, usually at an even higher rate than before.
* The highest single day amount of spam to my personal email address this year was over 1900 spam messages.

Just the facts Ma'am.

[MROD]

I've noticed very much the opposite at work.

As you can see, there's been a general trend downwards, in jumps, since July-Sept. 2009.

The filters being used here are (1) IP addresses with valid DNS entries, (2) DNS blacklists, (3) ClamAV (with spam signatures added), followed by (4) SpamAssassin, which has been detuned so that it doesn't produce any false positives. Seeing as only a few spams actually get past ClamAV this is merely to catch those which don't have a signature yet.

P.S.: Off topic: Right on commander! ;-)

Re:Why not go after the companies hiring the spamm

[gutnor]

Even if they could produce the real stuff, that is far more profitable and less cumbersome to sell sugar pills - or nothing at all.
That is a bit like fake rolex. Rolex-quality level fakes exist, stolen rolex exist, but the half homeless vendor with his blanket at the corner of the street is not the guy where you can get those from.

person+foo@domain.com

What really gets me is the amount of of dating spam that gets sent to an account I use for FreeBSD porting & CPAN. One would think spammers would avoid certain domains as they're only used by techies. Then again, maybe we're so desperate we'll jump at any chance of talking to a bird.

That's why I like using the "+" separator whenever I can. It allows easy filtering and I know exactly where it was received from.

Unfortunately a lot of web form validation systems don't accept the format "person+foo@domain.com" as valid, and I have to end up removing the "+foo". When I was more active on Usenet I used a date-based format for my posting ("person+unetYYmmDD@domain.com") that I updated semi-regularly. I then created a ".forward+unetYYmmDD" that put things into /dev/null once the address was harvested after a few months.

I believe Gmail supports the +foo modifier, but my company exchange system sadly does not.

Re:Don't be so quick to claim victory

[arth1]

Let me guess: You live in Hawaii?

Re:Only email spam?

[Fulcrum+of+Evil]

You know, the baseball bat thing is a good idea, but it's missing details: buy the bat with cash, wait a week or two, keep it in a plastic bag, and wear cheap gloves. When you're done, leave the bat and dispose of the gloves later on - use the plastic bag and a public trash can somewhere you don't buy anything. It's the little things that are so important.