Good News: A Sustained Drop In Spam Levels

Orome1 writes "Industry and government efforts have dealt a significant blow to spam, according to a Commtouch report that is compiled based on an analysis of more than 10 billion transactions handled on a daily basis. The sustained decrease in spam over the last year can be attributed to many factors, including: Botnet takedowns, increased prosecution of spammers and the source industries such as fake pharmaceuticals and replicas. However, spam is still four times the level of legitimate email and cybercriminals are increasing their revenues from other avenues, such as banking fraud malware."

Better Email Blocking

[jellomizer]

Even though there is less spam, I have found that most email clients Such as Gmail have gotten very good at filtering out Spam. We forget how much we suffered back in the early 2000's where once we get too much spam our only choice was to change your email address to a name that is more cryptic then a password and only give it to people who you want. And wait until someone gets a virus and starts spamming you again. The email address I have been using for a long time now is an easy email to give however Gmail captures almost all the spam.

Re:Better Email Blocking

Sorry, I have to disagree. My oldest _working_ e-mail address is 16 years old. I (obviously) never changed it. Yes, a lot of spam arrives. No, I see no spam there. There have always been ways for geeks to handle spam (more or less) efficiently.

Re:Better Email Blocking

[doston]

Sorry, I have to disagree. My oldest _working_ e-mail address is 16 years old. I (obviously) never changed it. Yes, a lot of spam arrives. No, I see no spam there. There have always been ways for geeks to handle spam (more or less) efficiently.

That is so not true. I couldn't even handle it effectively at the enterprise level with the best tools around at one point. Things didn't get better until services like Brightmail came along using dummy addresses and active NOC actively adding rules, etc. Without services like that (in the past) you were screwed. Today, there's enough intelligence built in to handle most of it automatically, but that was so not always the case. It was a huge problem for the (huge) business I was in.

Re:Better Email Blocking

[Ark42]

Filters have gotten so good, they now block most legitimate email too!

Seriously. I'm getting sick of AOL, Earthlink, and MSN just deleting order receipt emails I send out to people when they buy my software. (Gmail and a million others don't have this problem).

The best part is when the customer emails to complain, I reply with their order details, then a few days later they forward the same complaint email with "2nd notice" added to the subject line. If I do reach the customer, not once has the deleted order receipt email been in their spam/junk/bulk email folders. ISPs just accept email for delivery and delete it it seems.

Re:Better Email Blocking

I don't want to product-whore, but I had lists of RBL's going, Sonicwall's solution, GFI Mail Essentials, client end filtering, etc. all going at once... and the spam was still unbearable, until we threw in a Barracuda.

Since then other products have gotten better, but that little 1u device (based on others work with regular updates from BN) was a game changer for us. I don't think I've seen more than 2 spam emails in any given week since we got that thing.

Re:Better Email Blocking

[EXrider]

Seriously. I'm getting sick of AOL, Earthlink, and MSN just deleting order receipt emails I send out to people when they buy my software. (Gmail and a million others don't have this problem). The best part is when the customer emails to complain, I reply with their order details, then a few days later they forward the same complaint email with "2nd notice" added to the subject line. If I do reach the customer, not once has the deleted order receipt email been in their spam/junk/bulk email folders. ISPs just accept email for delivery and delete it it seems.

I had this same issue with Time Warner a while back, they created a filter that would drop SMTP sessions on any mail with our company's 800 number in it going outbound through their SMTP servers, which several of our reps were using. They also were dropping any inbound mail with our 800 number in it, into their customer's spam folders. Since most ISP mail users don't even use webmail and set up crappy POP access with the mail client (or smartphone) of their choice, they don't even see this spam folder. This was a serious problem since 90% of the company has the 800 number listed in their email sig and all of our order and delivery status notifications have it as well. I went back and forth with their postmaster group and got useless responses like this...

Our services are not meant for business use, if you are a business class customer there are different sets of servers you may use. Oherwise you may upgrade your account. If you are a road runner user and you require sending of your own 800 number or url in your emails, you may use your own mail server for that business purpose or your business' mail server to send the message to bypass our system. We apologize for any inconvenience this may cause.

and this...

Our spam filters used on our mail system is somewhat automated. So the short answer is yes, if it doesn’t like a link or a phone number or a webpage or some of the contents in the message, the message gets filtered. Then the message goes to the junk mail folder of our clients automatically by default. They are not lost or deleted. The customers can only see those messages if they access their mail on WEBMAIL and visit the junk folder. Now, customers can further filter by chosing the option to auto delete all messages in that folder whithout them ever seeing it. If that's the case they may have accidently or intentionally not receive emails that they are expecting. To get around this you can resend the message and remove the culprit, or offending characters. Like spelling out a phone number five five five twelve twelve instead of 555-1212 or tina dot com instead of tina.com. There have been ingenious ways to do this by customers we have seen in the past.

There were around 100 customers in our DB with *.rr.com email addresses at the time, so we just had to tell them to call their Roadrunner support and ask why they couldn't receive email from us. They were also advised to stop using ISP mail accounts and open a free mail account with Gmail or Yahoo.

Re:Better Email Blocking

[amRadioHed]

Is that supposed to make Google sound evil? Cause it doesn't. Even if it was their only motivation for blocking spam, which is unlikely.

Re:Better Email Blocking

[PopeRatzo]

and the spam was still unbearable, until we threw in a Barracuda.

This comment is proof that spam has not been completely eliminated.

But instead of email, they're spamming comments sections.

I'm surprised he didn't include a link.

Re:Better Email Blocking

Yup. That Barracuda is fed constantly with a link feed. I have to slog through all that shit as shift work reading spam and marking it as malware, phish, 419, etc before it goes to be scored and wrapped up in the feed and sent to your barracuda so you DON'T have to read all the shit I just read for hours the night before.

Re:Better Email Blocking

[hairyfeet]

Oh Lord, don't remind me, I used to have to clean up the crap. Man we have got it SO good now compared to the inboxes literally exploding with Viagra and porn spam. hell I use the gmail address tied to this UID as a spam dump and frankly...it almost never gets any spam, no matter how many places I leave it at. pretty amazing but then again the only spam I've seen in my yahoo in years has been the occasional one thanks to someone looking at porn videos with Firefox.

As for TFA, I wonder how many just moved to txt spam? because i must have been asked 2 dozen times this week about the "$1000 Walmart gift card" SMS spam that is going around, they must have sent that thing to every smart phone on the planet. What amazes me is that people that wouldn't fall for an email spam probably would have fallen for this one if I hadn't warned them off, i guess because txt spam is still too new for many.

Re:Better Email Blocking

[Guppy]

and the spam was still unbearable, until we threw in a Barracuda.

I prefer sharks with frickin' laser beams attached to their heads as my preferred method for executing captured spammers. But if Barracudas do it for you, well that's a start.</PINKY>

Re:Better Email Blocking

Hello,

I used to work for Barracuda Networks. It was my experience that all of their product lines are riddled with security vulnerabilities resulting from cheap, fresh out of University labor in Ann Arbor and Campbell, outsourced labor in the case of the BCC & WAF appliances, an outdated mandrake-fork userland/kernel, and all the devices in the field(for most product lines, some such as the the backup platform randomize the password. It also runs gentoo) share the same root password, though SSH is only allowed from support01.barracuda.com(not that you can't spoof that if you're on the LAN). Management is horrible, especially in the support department. At least they started a bug bounty program after an ex-coworker uploaded a 0day to exploit-db

Anyways, my advice is to do yourself a favor and stay away from Barracuda, or any other product Dean Drako/Michael Perone have their hands in, with the exception of FreeSWITCH. FreeSWITCH isn't owned by Barracuda, but they have several FreeSWITCH devs on hand for the barracuda IP-PBX development. Those guys are very smart.

PS: Their pay is shit.

Anon due to (expired) NDA and Drako being a litigious asshole.

Not for me

[truthsearch]

Just a personal perspective, but spam levels for me have skyrocketed in the last year on all of my accounts. And I'm careful where I use my email addresses. Fortunately filters are pretty good these days.

Re:Not for me

[ILongForDarkness]

What has worked for me is a good address and a trash address. I've had two addresses on Hotmail (yes I know this is pre-gmail days) for a decade or so. One has gotten 10 emails that actually hit my inbox, and maybe 1k that hit the junk folder. The other gets about 20 spam in the inbox a day, and 10's of k in the junk folder. I only use the good email to email friends and on resumes. Any forum, social site, gaming site, porn etc gets the disposable email. I only use it as a place for the "confirm this email" message to go to so that I can setup logins.

I also have a gmail account that I've been careful with for the last 4 years and haven't gotten a single spam message in my inbox and I use that account daily.

"It depends"

[AgentPhunk]

We have 5000+ users going through Google's Postini service, and up until about 6 months ago spam levels were within normal tolerances. Over the past 6 weeks we are getting CRUSHED with phishing attempts that make it through their filters. The quality of the phishing emails is excellent (they're basically just re-using an actual email from Verizon Wireless, American Express, etc, and substituting their malicious links.) Google shows absolutely no interest or concern - it seems they're looking at this as a commodity service, and trying to get everyone to move over to fully-hosted email in the cloud. Well, that's not us. We're looking at alternatives, including Cisco IronPort and Proof Point. Anyone care to weigh in on pros + cons, and also on cloud vs on premises?

Re:"It depends"

we evaluated postini and mcafeesaas (formerly mxlogic). We went with mxlogic/mcafee and it is pretty good overall. The load drop from our email server was quite noticeable!

Re:"It depends"

[DogDude]

We just pay for hosted Exchange. It ain't the cheapest, but we have exactly 0 problems.

Re:"It depends"

[guruevi]

Postfix, SpamAssassin, Amavis and ClamAV using some DNSBL. You can do greylisting too if you want although it usually delays legitimate e-mails by minutes to hours.

Which is also what Barracuda and SonicWALL uses in their appliances. IronPort I've heard was really bad at blocking spam and I've had bad experiences with any solution that requires the user to use a web interface to check their (blocked) messages.

Old People In Korea

[j.+andrew+rogers]

The obvious explanation is that old people in Korea finally stopped using email.

From 1000 to 200 a month

I never clean the spam folder, it automatically erases spam older than 30 days, so I always have a month's worth of spam.

A couple years ago the number of spam mails was usually around 1000, right now it's just 210, so yes, I've noticed a considerable decrease in the spam.

Re:From 1000 to 200 a month

[hobarrera]

This is actually a pretty good way to measure incoming spam.

I used to receive about 100 spam emails per day (I have a wildcarded address, so *@domain.com went to MY email). Nowadays, I get about 15 to 20.

I still get a lot of spam

[cpu6502]

I went through and unsubscribed from all my newsletters, plus clicking on the little "unsubscribe me" on various advertising, but it made little difference. I still get about 25 emails a day that I do not want.

Re:I still get a lot of spam

[Delarth799]

What I have found is that after clicking the "unsubscribe me" button on letters I end up getting even more spam from other places. I think they use that as a way to confirm its a real email address to spam you with other junk.

Re:I still get a lot of spam

[ArcherB]

What I have found is that after clicking the "unsubscribe me" button on letters I end up getting even more spam from other places. I think they use that as a way to confirm its a real email address to spam you with other junk.

Well, the unsubscribe button works quite well if the email is something you actually subscribed to or it's a company that you purchased something from in the past. For example, Zag sends me about two or three emails a week. I have no problem using the "unsubscribe" button because I actually bought something from them. ProFlowers.com is a notorious spammer if you've ever purchased anything from them. I hit unsubscribe on their emails because I bought something from them. They know my email address is legit. The unsubscribe works in these cases.

However, when someone sends me a viagra or other obvious spam, I simply ignore and delete. Since these people do not know who I am and I did not give them my email address, clicking the unsubscribe button will simply confirm your email address. They are simply throwing stuff against a wall to see what sticks. Don't be that sticky thing.

Re:I still get a lot of spam

[Kjella]

Meh, unless it's a newsletter or mailing list I specifically signed up for and not a hidden away pre-checked checkbox somewhere then per my definition it is spam and the spam button it is. I don't care if you got my "consent", if you tricked me into it then this is my fuck you too.

Re:I still get a lot of spam

[ArcherB]

Meh, unless it's a newsletter or mailing list I specifically signed up for and not a hidden away pre-checked checkbox somewhere then per my definition it is spam and the spam button it is. I don't care if you got my "consent", if you tricked me into it then this is my fuck you too.

Yes, it's still spam, but the spammer in this case is someone who knows your email address is legit. Clicking the "unsubscribe" button will not confirm your email address to them because it's already confirmed.

Think of it this way. There are two types of sales calls. You have the cold call, which is where you call someone who you have never had any dealings with. And then you have the call from the people who you have dealt with in the past. For example, if you had your car serviced three months ago, the dealership may call you to remind you that you are due for service again. The cold call is like the Viagra spam or the "I saw your profile on the web" spam. The "due for service" call is like the email you get from ProFlowers or some other company you've had dealings with in the past.

Yes, it's all Spam, but the unsubscribe button serves two opposite functions.

Is it ALL spam, or just EMAIL spam, that's down?

[gman003]

Yes, email spam is dropping. But is it truly because we're winning, or is it because we're not keeping up with the times?

I read maybe 20 emails a week. None of them are spam. But I spend far, far more times on forums, or in comment sections on various blogs or news sites. Spam levels there seem to be rising. And I imagine spammers are finding ways to exploit Facebook and Twitter, as well.

Perhaps spammers have just realized that you get better results spamming Web 2.0 than spamming Web 1.0.

Filtering != Stopping

[damn_registrars]

The article is talking about stopping spam, as in preventing it from being sent. Filters do not do that. Filtered spam still costs people money as it still consumes resources and takes up storage space on servers on the internet. Filters have to be adjusted and trained, and they consume CPU time as well.

In short, filtering will never, ever, solve the spam problem. The summary of the article mentions techniques that are effective at stopping spam, and there is a reason why filters are not on that list.

Re:Filtering != Stopping

[Tanktalus]

In short, filtering will never, ever, solve the spam problem. The summary of the article mentions techniques that are effective at stopping spam, and there is a reason why filters are not on that list.

Not necessarily. If no one receives your spam because their filters are effective, there will be no profitability left. And, with that, the industry will die. And then the filters will get lax, someone will start up again, a spurt of spam will arrive, the filters adjust, and again dead.

I don't see this any less effective than current methods. Convicting someone just opens up room for someone else to take his place. Take down a botnet, and those same people who allowed their computers to be infected once will get infected again with the next botnet.

All methods are chasing the impossible. But just because we can't eliminate murder doesn't mean we legalise it. Filtering is an important tool. It is not and, for all practical purposes, can not be the only tool. But omitting that tool is just as fatal of a mistake as ignoring the law as a tool.

Re:Filtering != Stopping

[ILongForDarkness]

Totally agree. I worked for an anti-spam company a couple years ago. We were seeing 90-95% spam traffic to our customers systems (mostly smaller ISPs, email hosting providers, regional governments, universities etc). Say for example one of the hosting providers has 200+ servers running MS Exchange. If 90% of the traffic is spam and it actually reaches to the mail server you got essentally 90% of your servers are tied up serving the spammers and 10% real emails.

Appliances like Iron Port help in that they stop the spam from getting to your mail servers usually but you still have the traffic getting all the way inbound (or outbound in the case of a bot or something coming from your network). So you are screwed in terms of bandwidth (fortunately spam does tend to be relatively small messages compared to real emails which tend to have more attachments). What was cool with the tech at the company I worked for is that they throttled the traffic of unknown or suspected spammers. Slow a bots connection down, or drop it if they don't obey protocols (a lot of them will start sending the message after the HELO without waiting for a response for example) and you save a huge amount of connections/bandwidth you process to completion. We were getting 100k+ simultaneous messages on 4 core servers.

Regardless that something can be filtered doesn't mean it doesn't cost something to do the filtering, the affect on deliverablity of the sending domain or even ISP level emails.

Re:Filtering != Stopping

[ILongForDarkness]

I read a paper that suggested attacking the payment system. They found that a ridiculous amount (I think it was north of 80%) of spam got there payments processed by a dozen or so banks. The problem is of course those banks are in less than friendly countries in terms of having and enforcing laws against this kind of thing. So the solution they proposed was sanction countries/banks that process the payments since it is a lot easier than convincing 100M computer owners to get rid of the crap on their computer, filter all spam in every language etc.

As long as some messages make it through, which they will because no filter is going to be perfect there is always an incentive to spam. It takes an afternoon of your time setting up a piece of malware on a site. You can lease botnets, buy email addresses etc. It is a really cheap market to get into and as long as the response rate is greater than 0 there will be someone out there making little enough money to make it worth it for them. Sell one pack of counterfeit viagra for $40 when you're from a country were $200 is an annual wage doesn't take much to make a living at it. One paying customer a month is more than you'd earn working.

Re:Filtering != Stopping

[Tassach]

If no one receives your spam because their filters are effective, there will be no profitability left

No filter is 100% effective. It costs effectively nothing to spam a 10 million addresses, but for sake of argument say it costs $100. If 1% of those get through the defenses, and 1% of the non-filtered recipients falls for your scam, you've got your hooks into 1,000 suckers. Even if you only take each sucker for $1 your ROI is 1000%.

Re:Filtering != Stopping

At this moment your comment is moderated to a lower score than what you are replying to. It should be the reverse, because you ARE correct and the GP is wrong.
If the effectiveness of spam delivery goes down percentagewise, the spammers will send MORE spam. The spam requires NO effort or expense on their part, so why not?

Re:Filtering != Stopping

[Onymous+Coward]

Filters have to be adjusted and trained, and they consume CPU time as well.

In short, filtering will never, ever, solve the spam problem.

No normal modern attempt to address spam will "solve" the spam problem in the sense of stop it completely. Recreating the concept of email from scratch and disallowing non-identified MTAs, that might do it.

Filtering is how you handle spam today. Also, note that not every "filter" needs training — you have a limited view of filters. A full 30% of the spam that my system blocks is blocked based on the remote MTA not using a (RFC-required) FQDN in the SMTP HELO. That's a computationally trivial check.

Re:Filtering != Stopping

[damn_registrars]

In short, filtering will never, ever, solve the spam problem. The summary of the article mentions techniques that are effective at stopping spam, and there is a reason why filters are not on that list.

Not necessarily. If no one receives your spam because their filters are effective, there will be no profitability left.

You vastly oversimplified the problem with that statement. A filter cannot solve the problem because it can never be adequate. A filter only starts an arms race with the spammers, they will constantly change their tactics to get around the filters. That then requires more work to be done to the filters to learn the new techniques, which drives the filters to consume even more resources. Filters are an always-losing strategy.

And then the filters will get lax, someone will start up again, a spurt of spam will arrive, the filters adjust, and again dead.

You have imagined a situation that will never, ever, happen. Filters will never stop spam. They will always be reactionary to spam, and spam will always be outsmarting the filters.

I don't see this any less effective than current methods.

I can show you why, but if you chose not to acknowledge what is in front of you, then I cannot help you.

Convicting someone just opens up room for someone else to take his place

On that I agree with you. punitive actions, up to and including murder (which a disturbing number of people support for this) won't work.

Take down a botnet, and those same people who allowed their computers to be infected once will get infected again with the next botnet.

Building a botnet takes time, and taking one down is easily more effective at stopping spam than filtering. That is in part though because of the indisputable fact that filters are worthless at spam prevention.

Filtering is an important tool. It is not and, for all practical purposes, can not be the only tool. But omitting that tool is just as fatal of a mistake as ignoring the law as a tool.

I didn't say it cannot be used. I said it is worthless in actually stopping and preventing spam. Those are two very different arguments.

Re:Filtering != Stopping

[Tom]

If no one receives your spam because their filters are effective, there will be no profitability left.

You'd think that, but real life begs to differ.

What really happened is that no filter is ever 100%. So we can improve our filters from 90% to 99% or maybe to 99.99%.

But the spammer won't stop spamming. What he will do is increase his output. Instead of 10,000 mails he will send 100,000 mails, and then 10 mio.

Re:Filtering != Stopping

[Tanktalus]

If no one receives your spam because their filters are effective, there will be no profitability left

No filter is 100% effective. It costs effectively nothing to spam a 10 million addresses, but for sake of argument say it costs $100. If 1% of those get through the defenses, and 1% of the non-filtered recipients falls for your scam, you've got your hooks into 1,000 suckers. Even if you only take each sucker for $1 your ROI is 1000%.

You really need to read the rest of my comment. Perhaps my snarkiness was too subtle. The point is that ignoring filters as a useful tool in our arsenal is costly. Especially when said filtering can be done by your web-email host (e.g., hotmail, gmail, etc.) in such a way that does not require any set up from a user. (Getting spamassassin on my own account took far more work and is still not terribly hard.)

The other point, where the snarkiness really came in, is that there is no solution that will be 100% effective. If there was, we'd be using it to stop murders, which is much higher on the priority list of far more people. So, if you can reduce the amount of spam seen by naive victims by 50% (awfully high, I expect) by shutting down botnets, capturing and convicting those who initiate it, etc., and you can eliminate 99% (your number, I think we can do better) through filtering, we've just eliminated 149% of all spam. Sorry, snarkiness crept in. 99.5%. That's still much better than either method by itself.

Further, the groups of people with the skills/authority to do either one don't have much, if any, overlap. You practically need to be a law enforcement officer with jurisdiction over some aspect of the case to shut down the botnet and/or charge those responsible. There are many others, again, Google, Microsoft, Spamassassin, etc., who are working on the filtering side.

Theoretically, if you convict all the spammers, spamming ceases. In practice, others fill in the gap, more or less. Theoretically, if you filter 100% of the spam, spamming ceases to be profitable, and spamming ceases. In practice, you can't get to 100%. Neither is a reason to stop the attempt, as they both are somewhat effective at stemming the tide of vicitimisation, which, let's face it, is far more important than stemming the tide of spam itself. And, stemming the tide of victimisation will stem the tide of spam itself - without the profit available, those who expect large sums of money will find something else to do, and that will only leave those whose needs are more meager, and thus may be less educated, and thus less effective.

Re:Filtering != Stopping

[Tanktalus]

Not necessarily. If no one receives your spam because their filters are effective, there will be no profitability left.

You vastly oversimplified the problem with that statement.

Yes. That was on purpose. (See my other comment in this thread.)

Filters are an always-losing strategy.

As is every other option. Every other solution vastly oversimplifies the problem (thus I thought I could, too), and can never, by themselves, eliminate spam. Ever. They all look good in theory, but they always lose in reality. That doesn't make the attempt any less useful.

And then the filters will get lax, someone will start up again, a spurt of spam will arrive, the filters adjust, and again dead.

You have imagined a situation that will never, ever, happen. Filters will never stop spam. They will always be reactionary to spam, and spam will always be outsmarting the filters.

Yup. I've imagined a situation that will never, ever happen. As have the proponents of every other solution. So? That was my point! But, I will maintain that filtering is more or less as effective at slowing spam, on average, as law enforcement. And that is largely because law enforcement does nothing most of the time, but sometimes stops an entire operation, having a huge effect at that time. Unfortunately, the system is too complex to really prove one way or the other - we're not about to stop everyone from using spam filters for a while to see how spam grows without filtering to compare it against with filtering. Law enforcement really can simply compare before-and-after snap shots of spam and take most of the credit for that difference, so it makes better news.

Re:Filtering != Stopping

[damn_registrars]

Filters are an always-losing strategy.

As is every other option.

On that regard, you are dead wrong. While filters can never be anything other than reactionary, there are other steps that can be taken - and have been taken successfully - that are proactive.

Every other solution vastly oversimplifies the problem

Then you haven't looked into enough solutions. There is one in particular that hasn't come up in this discussion that is proactive, highly effective, and does not vastly oversimplify the problem.

and can never, by themselves, eliminate spam. Ever

Can any one solution eliminate spam on its own? Not entirely. However, filters cannot even contribute. In the end, filters make the problem worse - they are a short-term solution that is disgustingly ignorant to the long-term reality.

That doesn't make the attempt any less useful.

Unless you are calling filters your attempt to stop spam, that is.

But, I will maintain that filtering is more or less as effective at slowing spam, on average, as law enforcement.

I hate to come crushing down on you with reality, but you're dead fucking wrong on that matter. While law enforcement isn't very useful in slowing spam, filters do the opposite and actually accelerate the rate at which spam is sent out. They also increase the cost of using the internet for every single user online by consuming bandwidth, storage space, and CPU time all around the world. Law enforcement at least in 99.99% of the cases does nothing, and hence adds no cost to internet usage for most users.

we're not about to stop everyone from using spam filters for a while to see how spam grows without filtering to compare it against with filtering

I don't know if you honestly have no clue how filters work, or if you're just trying to bury reason and logic in bullshit and nonsense. You don't have to turn off filters to see how uneffective they are at stopping spam. You only need to see how much spam is processed by the filters to see the volume increase. Long ago we passed the point where the majority of all email is spam, that was well after filters were widely deployed. The situation only continued to get worse from there. Every email server that is running some kind of filter has to hold on to the incoming email messages and filter them against whatever kind of hash it uses to identify spam. It then holds on to the spam for some amount of time so that people who need/want to can check for false positives. Every so often some poor bastard has to spend time to retrain said filter because inevitably spammers will find ways to get around them.

In other words, filters will never solve the problem. They will only continue to increase the cost of using the internet for everyone.

Re:Filtering != Stopping

[nabsltd]

The article is talking about stopping spam, as in preventing it from being sent. Filters do not do that.

Yes, they do. Very often, spam to my domain never gets to the "DATA" stage of the SMTP transaction. The few bytes seen before that (sender and recipient addresses) aren't worth worrying about...there are probably more bytes in random probe packets on a daily basis.

The tool that does this is greylisting, despite the claims for the past 5 years that greylisting would cease being an effective tool against spam. The first e-mail from a legitimate server is delayed 5 minutes...from then on, there is no delay, so the impact on communications is negligible.

Re:Filtering != Stopping

[hobarrera]

It takes someone with balls to take the place of someone that went to prision/got convicted. And it sure needs to be profitable.
Six or seven years ago, I knew people who would have sent spam for money. Nowadays, the risk is simply too much, I'm sure they wouldn't.

Re:Filtering != Stopping

[damn_registrars]

The article is talking about stopping spam, as in preventing it from being sent. Filters do not do that.

Yes, they do. Very often, spam to my domain never gets to the "DATA" stage of the SMTP transaction.

No, they do not. Your message even confirms that. The email is still sent, your mail server just doesn't accept it. The spam is still internet traffic that gets routed from the spamming system to yours. Just because it doesn't necessarily take up storage space on your system doesn't mean it doesn't traverse the internet as traffic.

The tool that does this is greylisting, despite the claims for the past 5 years that greylisting would cease being an effective tool against spam. The first e-mail from a legitimate server is delayed 5 minutes...from then on, there is no delay, so the impact on communications is negligible.

Greylisting is still a filtering technique. You have to train your mail server to do it, and you have to update records (or refer to remote records) for which domains to accept, which to reject, and which to evaluate. In other words, just like any other filter, it still consumes CPU time, human time, and it still allows the spam to be sent.

Re:Filtering != Stopping

Good idea and the rest of your post was suitably depressing to have been modded up.

Re:Filtering != Stopping

[nabsltd]

No, they do not. Your message even confirms that. The email is still sent, your mail server just doesn't accept it.

Read up on the SMTP protocol, and you'll see that if sending system never gets to the "DATA" command, then the e-mail hasn't been "sent". Everything that humans perceive as "e-mail" is sent as part of "DATA". This includes headers, too.

The spam is still internet traffic that gets routed from the spamming system to yours.

Since the actual content of the e-mail is never sent down the wire, the entire SMTP transaction is less than 10 TCP/IP packets. Once my system sends the "450" result code, it closes the TCP connection, and nothing more is sent. Now, it's possible that the spammer system keeps sending, but since most spam comes from bots on Windows using the Microsoft TCP/IP stack, that's unlikely.

Greylisting is still a filtering technique. You have to train your mail server to do it, and you have to update records (or refer to remote records) for which domains to accept, which to reject, and which to evaluate.

You really need to read up a bit on what you write about. Since I activated the greylist, I spend basically no time on configuration (the last change to the code was on Nov 3, 2008). I don't spend any time "training" anything, since the software does all the updating of the database that needs to be done. CPU time is negiligible (one indexed and cached database lookup per incoming SMTP connection, and about one database write per 15 connections.

Re:Filtering != Stopping

[Tassach]

Spam has two levels of cost - the victimization of the people who receive the spam, and the bandwidth and processing costs borne by ISPs and network operators. I know from firsthand experience working at a large ISP that anti-spam alone was a multi-million dollar cost center and accounted for around 85% of our bandwidth costs.

Based on what I've seen, improving filter efficiency at the backbone/ISP level has the paradoxical effect of increasing spam traffic - if enough of their messages aren't getting through, the spammers will just keep throwing more spam at you until enough leaks through for them to get a sucker. If you improve your filter efficiency by an order of magnitude, they'll just throw an order of magnitude more spam at you, and since they are typically using stolen resources to do their spamming, it's not costing them much (if any) more to do so. The cost remains near-zero and even a single successful scam can potentially net hundreds if not thousands of dollars.

The core problem is that SMTP is fundamentally broken with regards to spam (among many other problems). It's a problem the authors just didn't (and probably couldn't) envision. The problem won't go away as long as sending millions of emails is effectively free (in terms of time, computation, and money)

The rate at which a bot or rogue server can send email is entirely network-bound. Email has to be redesigned from the top down so that it is inherently rate-limited by some irreducible factor. Increasing the computational cost to send email using a memory-bound function seems to be the best way to do this (the rationale being that memory bandwidth has historically only increased at a fraction of CPU speed).

The tl;dr version is that crime pays... and unfortunately that will never change. What can do is change is the economics of sending email by increasing the computational cost by several orders of magnitude. This may not solve the problem of individuals getting scammed, but it will dramatically reduce network congestion and infrastructure costs.

College

[XPeter]

When I was applying to colleges back in December, I received thousands of e-mails from universities all across the globe. Unfortunately, hardly any of them got caught by Google's spam net.

MAFIAA

Somehow the MAFIAA will try to relate this to anti-piracy efforts.

Good news

Well, that must mean that lovely prince who kept writing me finally found somebody who could help him. Poor guy deserves it, after trying so long.

This is, at best, wishful thinking

[Arrogant-Bastard]

Those of us who have spent the past few decades in the trenches dealing with spam know that this -- at very best -- wishful thinking. The long-term trend line is up, with the only real debate being over the shape of the curve. Momentary decreases, such as the one reported here, are either (a) an artifact of the measurement methodology -- and many methodologies are horribly flawed or (b) real, but unimportant.

Low-end spammers are now fully integrated with malware authors, botnet operators, phishers, purveyors of illicit/illegal content, data brokers, and carders. High-end spammers are now quite successful at assuming the mantle of "respectable corporations" while continuing to do what they've always done. In both cases, the profits are huge, more than enough to encourage them to continue in fact of the largely-insignificant threat of prosecution. (Only the stupid ones get caught, and there is some evidence which suggests that they're being caught because their fellow spammers set them up.)

Have their been some temporary, isolated successes in fight against spam? Sure. But the key words are "temporary" and "isolated". As others with long experience in the field have said, we're only at the beginning of the spam fight, and it's going to get MUCH worse: there are known techniques that spammers have only just begun exploiting, and when they become pervasive, they're going to break every anti-spam methodology currently deployed. (Which is kinda the reason they were developed.)

When will this happen? Dunno. Crystal ball cloudy. But when it does, it's going to catch the ignorant newbies and incompetent amateurs at a number of commercial "anti-spam" operations completely by surprise, because they're too busy selling overpriced, worthless crap to actually do this thing we call "research", where, you know, you LEARN things about your adversary so that you can actually have a decent chance of anticipating their next move instead of getting blindsided by it. To put it another way: if you're running your own anti-spam setup using a combination of firewalls, 'nix, open-source MTA, DNSBLs, etc. then you're in a decent position to adapt quickly when the need arises. If you've made the horrible mistake of outsourcing to the chumps out there who are in it for a quick buck, then you're going to be really screwed.

Re:This is, at best, wishful thinking

[Tom]

if you're running your own anti-spam setup using a combination of firewalls, 'nix, open-source MTA, DNSBLs, etc. then you're in a decent position to adapt quickly when the need arises.

The problem is that it takes time.

I run my own mailserver, for myself and a small number of people close to me. For the past two years or so, the spam that passes all my filters (well-configured MTA with aggressive rejects for SMTP errors, greylisting, spam-assassin) has increased from almost none to now 10-20 per day. And simply keeping things updated doesn't do much anymore.

And I really have better things to do with my time than fighting spam. :-(

Re:Is it ALL spam, or just EMAIL spam, that's down

[mlts]

The spammers are moving on. In the past, there were enough people out there that would click on their links, send money, buy whatever crap is out there, or just be general marks. However, by now, anyone fleece-able is now penniless and in the streets.

Instead, the spam I see is less of trying to sell wanker drugs, but either coming with an attachment payload for a Trojan dropper, or if there is a website included, the website is chock full of exploits. Spam is more insidious because it used to be about selling stuff. Now it is about taking over the computer or device.

The drop in spam is because the criminals have moved from just sending E-mail out to focusing on Web browser exploits and other more lucrative gains. Getting someone to click a link which is rife with zero-days pays far better than getting someone to buy a box of blue M&Ms.

Targeted exploits are more common now. With ID theft so common, combined with the fact that VoIP allows a scammer from anywhere to fake a local number (even 911) in order to demand, cajole, or request information or even money. It used to be only the friend of a friend's cousin's inlaw who would be stung by it. Now, someone calling, saying they are so and so (and able to try to mimic their voice, claiming to have their jaw cracked so it doesn't sound the same), saying that so and so's wife with the name isn't around and that they need cash wired pronto is becoming the norm.

Spammers have moved away from the botnets to the phone boiler rooms, where if one has enough info and targets older Americans, the payoff can be extremely lucrative with zero chance of legal action taken.

What we are seeing is the next evolution in crime which usually goes as follows:

1: xxx crime gets popular
2: Counter measures are taken.
3: xxx crime dodges counter measures.
4: Actual working counter measures are taken.
5: The criminals move onto a new hustle.

This was true back in the 1900s when safes were broken into on a weekly basis until burglar alarm systems became the norm, then burglary evolved into home invasions and knock-and-shoots. Similar with car theft. When thieves were unable to smash a steering column lock for a prize, they went to carjacking.

What we will see instead of spammers are more social engineering attacks, where people use stolen information to target individuals via phone, E-mail, or FB in order to blackmail, extort, or scam cash.

Of course, the next threat after that is when criminal organization "A" a continent away starts making partners with local street gangs. Then, the guys on computers in Elbonia can tell the gangbangers over in a victim's local neighborhood who to rob because their cellphones are a ways away, and the Elbonian gang has access to a method of tracking in real time (perhaps some added "functionality" in a popular app). Or, the Elbonian gang hacks a school's database, then sells that info to a local gang to figure out which kids are "latchkey", and now has a steady ransom source. In return, the local gang does some hits and social engineering for the Elbonians.

Bad News:

[Culture20]

I'm seeing a marked increase in SMS spam, which is far more annoying due to its immediateness.

penny tax on email

A 2 cent tax on email message routed through a public ISP, payable by the sender, would be one of those elegant solutions that require no content review boards. Suddenly, sending out spam to 100,000 mailboxes would cost $2000.

Re:penny tax on email

You know a penny worth one cent, not two, right?

Re:penny tax on email

[shentino]

Is that before or after you've smelted it for the copper?

Re:penny tax on email

[jonwil]

ok, and where are the people who run mailing lists like the GCC mailing lists, linux kernel mailing list or any of the hundreds of other legitimate (and in some cases quite high volume) mailing lists out there supposed to find the money to pay this tax on all their emails?

Re:penny tax on email

They should just post that stuff on a web site. Use password authentication if necessary

Don't forget the ISPs / hosting providers

[John+Bokma]

ISPs and hosting providers are also getting better and better at avoiding to handle abuse complains. Some don't have an email address at all, and you have to use a ticket system. And if you are finally able to reach them (via Facebook(!), or their sales chat), you might get list washed or just plainly ignored. As a spam reporter you're not making them any money, just costing them.

Re:Don't forget the ISPs / hosting providers

As a spam reporter you're not making them any money, just costing them.

Really? I would think that botnets would be using a lot of bandwidth. I guess not?

My vote is for on premises.

[khasim]

My vote is for on premises. Mostly because I used to be responsible for the email system at a former employer.

The key benefit is the amount of logging you can set. I knew EVERY connection that was made (incoming and outgoing).

If someone complained about email I could tell EXACTLY what was attempted / completed and when and what the error/completion message was.

So I was able to set up a lot of spam trap addresses and use those to improve the filtering in real time (bayesian analysis rocks).

In other news...

[roc97007]

...has anyone else noticed a sharp increase in spam phone calls?

Re:In other news...

yes, according to my honeypot SIP queries (VOIP) are through the roof, phreaking isnt dead yet except this time its not a couple of teenagers looking for some fun but serious criminals looking for someone else to pay for their scamming

Stopping Spam!

[DaMattster]

You don't need to wait for law enforcement to stop spam in its tracks. OpenBSD's Spam Deferrel daemon does an excellent job of combating spam without the overhead involved of filtration. Through a combination of tar pitting and grey listing, I was able to take the family business' spam counts from 1,000 a day to 2 or 3 per week. OpenBSD's tar pitting sets a TCP recieve window of 1 byte per second on known IP addresses that send spam. Additionally, you can create spam trapping addresses and I've done this and placed them in the open on bulletin boards and newsgroups. In fact, I've used spam trapping addresses to harvest IPs of known spammers and add those to a blacklist. There is no performance drop on our end. The most persistent spammer hung in for nearly an hour before giving up the ghost.

Re:Stopping Spam!

Grey listing is awesome. It does slow email delivery a bit, but who cares, it's worth it.

Baed on My Server Logs...

[NotSanguine]

Based on a survey of daily reports from my employer's Ironport box, we have seen a 15-20% drop in the amount of spam at the Ironport box, from ~50-70% of all emails (ranging from ~200,000-250,000 on weekdays, about half that on weekends) received to ~30-50% of all emails received each day are tagged as spam by the Ironport appliance.

It's impossible to say with just that information whether there is less spam or if Ironport is just catching less of it. From my personal experience, spam still gets through, but our MUA filters spam out pretty effectively.

So FWIW, based on my experience, I have to agree with TFA's contention.

Y'know, there are people involved int thos too...

[JohnPombrio]

Uh, perhaps spam is decreasing because people who receive spam are getting a clue that they tend to lose money and get screwed when they reply to the spam? Always a possibility. All the people cannot be stupid all the time, can they?

Actually, fairly true

[phorm]

Exploits of blogs, social media, search-engines and other such things have replaced traditional spam.
Try looking for a way to unlock an iphone on Google or Bing. Most of the top pages are just fake news/info sites that are trying to sell something (often products that don't work)
I recently emailed an educational institution to let them know that their CMS system was being hijacked by spammers peddling fake ebooks

Wordpress and other blogs are constantly being attacked, often with exploits used by either those intending to hijack the server, a viewer's PC, or the content in order to post spam.

Re:Actually, fairly true

[PopeRatzo]

Try looking for a way to unlock an iphone on Google or Bing. Most of the top pages are just fake news/info sites that are trying to sell something (often products that don't work)

Absolutely. How many "computer-helper.coms" can there be?

Even worse, you google "unlock an iphone" and you get some douchy "unlock-an-iphone.com" which you don't even have to click to know that it's just going to be some worthless site.

Email spam filters have gotten so good that now the entire internet is spam. It's one big phishing expedition.

Must be thanks to Flashback

[daemonenwind]

We all know that spam is typically served from infected machines. With Windows 7 deployment growing, Windows machines have been harder to break into.

So now virus writers have the Flashback virus getting into Macs so they can get spam servers.

I guess this shows that even spammers can't get much done with a Mac.

Huh

Seems that every time there's a drop in spam reported, I see a rise in my inboxes, and vice versa.

There's only one way to stop spam

Make it legal to punch people who buy ANYTHING that comes as spam. Once we stop the Stupids from giving money to the spammers, they will go away. Until then, nothing will stop them.

Other factors are cloud services and anti-spam

[bAdministrator]

Businesses--or rather small businesses that are more prone to vulnerabilities due to poor maintenance--are largely going over to cloud services which filter outbound and inbound e-mail. The cloud service anti-spam engines gain more data for heuristics which applies to all customers.

IT administrators have probably also become more aware of restricting outbound SMTP traffic at the firewall or client level.

Tracking Spam Since June 2010

[WebSorcerer]

I've been keeping track of all the spam I have received in a GOOGLE Document.

The mail is from four accounts and has been pre-filtered by the ISPs, which probably skews the data. So, for what it's worth, here it is:

Spreadsheet Graph