Good News: A Sustained Drop In Spam Levels

Orome1 writes "Industry and government efforts have dealt a significant blow to spam, according to a Commtouch report that is compiled based on an analysis of more than 10 billion transactions handled on a daily basis. The sustained decrease in spam over the last year can be attributed to many factors, including: Botnet takedowns, increased prosecution of spammers and the source industries such as fake pharmaceuticals and replicas. However, spam is still four times the level of legitimate email and cybercriminals are increasing their revenues from other avenues, such as banking fraud malware."

Better Email Blocking

[jellomizer]

Even though there is less spam, I have found that most email clients Such as Gmail have gotten very good at filtering out Spam. We forget how much we suffered back in the early 2000's where once we get too much spam our only choice was to change your email address to a name that is more cryptic then a password and only give it to people who you want. And wait until someone gets a virus and starts spamming you again. The email address I have been using for a long time now is an easy email to give however Gmail captures almost all the spam.

Re:Better Email Blocking

[doston]

Sorry, I have to disagree. My oldest _working_ e-mail address is 16 years old. I (obviously) never changed it. Yes, a lot of spam arrives. No, I see no spam there. There have always been ways for geeks to handle spam (more or less) efficiently.

That is so not true. I couldn't even handle it effectively at the enterprise level with the best tools around at one point. Things didn't get better until services like Brightmail came along using dummy addresses and active NOC actively adding rules, etc. Without services like that (in the past) you were screwed. Today, there's enough intelligence built in to handle most of it automatically, but that was so not always the case. It was a huge problem for the (huge) business I was in.

Re:Better Email Blocking

[PopeRatzo]

and the spam was still unbearable, until we threw in a Barracuda.

This comment is proof that spam has not been completely eliminated.

But instead of email, they're spamming comments sections.

I'm surprised he didn't include a link.

Re:Better Email Blocking

[hairyfeet]

Oh Lord, don't remind me, I used to have to clean up the crap. Man we have got it SO good now compared to the inboxes literally exploding with Viagra and porn spam. hell I use the gmail address tied to this UID as a spam dump and frankly...it almost never gets any spam, no matter how many places I leave it at. pretty amazing but then again the only spam I've seen in my yahoo in years has been the occasional one thanks to someone looking at porn videos with Firefox.

As for TFA, I wonder how many just moved to txt spam? because i must have been asked 2 dozen times this week about the "$1000 Walmart gift card" SMS spam that is going around, they must have sent that thing to every smart phone on the planet. What amazes me is that people that wouldn't fall for an email spam probably would have fallen for this one if I hadn't warned them off, i guess because txt spam is still too new for many.

"It depends"

[AgentPhunk]

We have 5000+ users going through Google's Postini service, and up until about 6 months ago spam levels were within normal tolerances. Over the past 6 weeks we are getting CRUSHED with phishing attempts that make it through their filters. The quality of the phishing emails is excellent (they're basically just re-using an actual email from Verizon Wireless, American Express, etc, and substituting their malicious links.) Google shows absolutely no interest or concern - it seems they're looking at this as a commodity service, and trying to get everyone to move over to fully-hosted email in the cloud. Well, that's not us. We're looking at alternatives, including Cisco IronPort and Proof Point. Anyone care to weigh in on pros + cons, and also on cloud vs on premises?

Is it ALL spam, or just EMAIL spam, that's down?

[gman003]

Yes, email spam is dropping. But is it truly because we're winning, or is it because we're not keeping up with the times?

I read maybe 20 emails a week. None of them are spam. But I spend far, far more times on forums, or in comment sections on various blogs or news sites. Spam levels there seem to be rising. And I imagine spammers are finding ways to exploit Facebook and Twitter, as well.

Perhaps spammers have just realized that you get better results spamming Web 2.0 than spamming Web 1.0.

Filtering != Stopping

[damn_registrars]

The article is talking about stopping spam, as in preventing it from being sent. Filters do not do that. Filtered spam still costs people money as it still consumes resources and takes up storage space on servers on the internet. Filters have to be adjusted and trained, and they consume CPU time as well.

In short, filtering will never, ever, solve the spam problem. The summary of the article mentions techniques that are effective at stopping spam, and there is a reason why filters are not on that list.

Re:Filtering != Stopping

[Tanktalus]

In short, filtering will never, ever, solve the spam problem. The summary of the article mentions techniques that are effective at stopping spam, and there is a reason why filters are not on that list.

Not necessarily. If no one receives your spam because their filters are effective, there will be no profitability left. And, with that, the industry will die. And then the filters will get lax, someone will start up again, a spurt of spam will arrive, the filters adjust, and again dead.

I don't see this any less effective than current methods. Convicting someone just opens up room for someone else to take his place. Take down a botnet, and those same people who allowed their computers to be infected once will get infected again with the next botnet.

All methods are chasing the impossible. But just because we can't eliminate murder doesn't mean we legalise it. Filtering is an important tool. It is not and, for all practical purposes, can not be the only tool. But omitting that tool is just as fatal of a mistake as ignoring the law as a tool.

Re:Filtering != Stopping

[ILongForDarkness]

Totally agree. I worked for an anti-spam company a couple years ago. We were seeing 90-95% spam traffic to our customers systems (mostly smaller ISPs, email hosting providers, regional governments, universities etc). Say for example one of the hosting providers has 200+ servers running MS Exchange. If 90% of the traffic is spam and it actually reaches to the mail server you got essentally 90% of your servers are tied up serving the spammers and 10% real emails.

Appliances like Iron Port help in that they stop the spam from getting to your mail servers usually but you still have the traffic getting all the way inbound (or outbound in the case of a bot or something coming from your network). So you are screwed in terms of bandwidth (fortunately spam does tend to be relatively small messages compared to real emails which tend to have more attachments). What was cool with the tech at the company I worked for is that they throttled the traffic of unknown or suspected spammers. Slow a bots connection down, or drop it if they don't obey protocols (a lot of them will start sending the message after the HELO without waiting for a response for example) and you save a huge amount of connections/bandwidth you process to completion. We were getting 100k+ simultaneous messages on 4 core servers.

Regardless that something can be filtered doesn't mean it doesn't cost something to do the filtering, the affect on deliverablity of the sending domain or even ISP level emails.

Re:Filtering != Stopping

[Tassach]

If no one receives your spam because their filters are effective, there will be no profitability left

No filter is 100% effective. It costs effectively nothing to spam a 10 million addresses, but for sake of argument say it costs $100. If 1% of those get through the defenses, and 1% of the non-filtered recipients falls for your scam, you've got your hooks into 1,000 suckers. Even if you only take each sucker for $1 your ROI is 1000%.

Re:Filtering != Stopping

[damn_registrars]

In short, filtering will never, ever, solve the spam problem. The summary of the article mentions techniques that are effective at stopping spam, and there is a reason why filters are not on that list.

Not necessarily. If no one receives your spam because their filters are effective, there will be no profitability left.

You vastly oversimplified the problem with that statement. A filter cannot solve the problem because it can never be adequate. A filter only starts an arms race with the spammers, they will constantly change their tactics to get around the filters. That then requires more work to be done to the filters to learn the new techniques, which drives the filters to consume even more resources. Filters are an always-losing strategy.

And then the filters will get lax, someone will start up again, a spurt of spam will arrive, the filters adjust, and again dead.

You have imagined a situation that will never, ever, happen. Filters will never stop spam. They will always be reactionary to spam, and spam will always be outsmarting the filters.

I don't see this any less effective than current methods.

I can show you why, but if you chose not to acknowledge what is in front of you, then I cannot help you.

Convicting someone just opens up room for someone else to take his place

On that I agree with you. punitive actions, up to and including murder (which a disturbing number of people support for this) won't work.

Take down a botnet, and those same people who allowed their computers to be infected once will get infected again with the next botnet.

Building a botnet takes time, and taking one down is easily more effective at stopping spam than filtering. That is in part though because of the indisputable fact that filters are worthless at spam prevention.

Filtering is an important tool. It is not and, for all practical purposes, can not be the only tool. But omitting that tool is just as fatal of a mistake as ignoring the law as a tool.

I didn't say it cannot be used. I said it is worthless in actually stopping and preventing spam. Those are two very different arguments.

Re:I still get a lot of spam

[Delarth799]

What I have found is that after clicking the "unsubscribe me" button on letters I end up getting even more spam from other places. I think they use that as a way to confirm its a real email address to spam you with other junk.

Re:I still get a lot of spam

[ArcherB]

What I have found is that after clicking the "unsubscribe me" button on letters I end up getting even more spam from other places. I think they use that as a way to confirm its a real email address to spam you with other junk.

Well, the unsubscribe button works quite well if the email is something you actually subscribed to or it's a company that you purchased something from in the past. For example, Zag sends me about two or three emails a week. I have no problem using the "unsubscribe" button because I actually bought something from them. ProFlowers.com is a notorious spammer if you've ever purchased anything from them. I hit unsubscribe on their emails because I bought something from them. They know my email address is legit. The unsubscribe works in these cases.

However, when someone sends me a viagra or other obvious spam, I simply ignore and delete. Since these people do not know who I am and I did not give them my email address, clicking the unsubscribe button will simply confirm your email address. They are simply throwing stuff against a wall to see what sticks. Don't be that sticky thing.

This is, at best, wishful thinking

[Arrogant-Bastard]

Those of us who have spent the past few decades in the trenches dealing with spam know that this -- at very best -- wishful thinking. The long-term trend line is up, with the only real debate being over the shape of the curve. Momentary decreases, such as the one reported here, are either (a) an artifact of the measurement methodology -- and many methodologies are horribly flawed or (b) real, but unimportant.

Low-end spammers are now fully integrated with malware authors, botnet operators, phishers, purveyors of illicit/illegal content, data brokers, and carders. High-end spammers are now quite successful at assuming the mantle of "respectable corporations" while continuing to do what they've always done. In both cases, the profits are huge, more than enough to encourage them to continue in fact of the largely-insignificant threat of prosecution. (Only the stupid ones get caught, and there is some evidence which suggests that they're being caught because their fellow spammers set them up.)

Have their been some temporary, isolated successes in fight against spam? Sure. But the key words are "temporary" and "isolated". As others with long experience in the field have said, we're only at the beginning of the spam fight, and it's going to get MUCH worse: there are known techniques that spammers have only just begun exploiting, and when they become pervasive, they're going to break every anti-spam methodology currently deployed. (Which is kinda the reason they were developed.)

When will this happen? Dunno. Crystal ball cloudy. But when it does, it's going to catch the ignorant newbies and incompetent amateurs at a number of commercial "anti-spam" operations completely by surprise, because they're too busy selling overpriced, worthless crap to actually do this thing we call "research", where, you know, you LEARN things about your adversary so that you can actually have a decent chance of anticipating their next move instead of getting blindsided by it. To put it another way: if you're running your own anti-spam setup using a combination of firewalls, 'nix, open-source MTA, DNSBLs, etc. then you're in a decent position to adapt quickly when the need arises. If you've made the horrible mistake of outsourcing to the chumps out there who are in it for a quick buck, then you're going to be really screwed.

Re:Is it ALL spam, or just EMAIL spam, that's down

[mlts]

The spammers are moving on. In the past, there were enough people out there that would click on their links, send money, buy whatever crap is out there, or just be general marks. However, by now, anyone fleece-able is now penniless and in the streets.

Instead, the spam I see is less of trying to sell wanker drugs, but either coming with an attachment payload for a Trojan dropper, or if there is a website included, the website is chock full of exploits. Spam is more insidious because it used to be about selling stuff. Now it is about taking over the computer or device.

The drop in spam is because the criminals have moved from just sending E-mail out to focusing on Web browser exploits and other more lucrative gains. Getting someone to click a link which is rife with zero-days pays far better than getting someone to buy a box of blue M&Ms.

Targeted exploits are more common now. With ID theft so common, combined with the fact that VoIP allows a scammer from anywhere to fake a local number (even 911) in order to demand, cajole, or request information or even money. It used to be only the friend of a friend's cousin's inlaw who would be stung by it. Now, someone calling, saying they are so and so (and able to try to mimic their voice, claiming to have their jaw cracked so it doesn't sound the same), saying that so and so's wife with the name isn't around and that they need cash wired pronto is becoming the norm.

Spammers have moved away from the botnets to the phone boiler rooms, where if one has enough info and targets older Americans, the payoff can be extremely lucrative with zero chance of legal action taken.

What we are seeing is the next evolution in crime which usually goes as follows:

1: xxx crime gets popular
2: Counter measures are taken.
3: xxx crime dodges counter measures.
4: Actual working counter measures are taken.
5: The criminals move onto a new hustle.

This was true back in the 1900s when safes were broken into on a weekly basis until burglar alarm systems became the norm, then burglary evolved into home invasions and knock-and-shoots. Similar with car theft. When thieves were unable to smash a steering column lock for a prize, they went to carjacking.

What we will see instead of spammers are more social engineering attacks, where people use stolen information to target individuals via phone, E-mail, or FB in order to blackmail, extort, or scam cash.

Of course, the next threat after that is when criminal organization "A" a continent away starts making partners with local street gangs. Then, the guys on computers in Elbonia can tell the gangbangers over in a victim's local neighborhood who to rob because their cellphones are a ways away, and the Elbonian gang has access to a method of tracking in real time (perhaps some added "functionality" in a popular app). Or, the Elbonian gang hacks a school's database, then sells that info to a local gang to figure out which kids are "latchkey", and now has a steady ransom source. In return, the local gang does some hits and social engineering for the Elbonians.

Stopping Spam!

[DaMattster]

You don't need to wait for law enforcement to stop spam in its tracks. OpenBSD's Spam Deferrel daemon does an excellent job of combating spam without the overhead involved of filtration. Through a combination of tar pitting and grey listing, I was able to take the family business' spam counts from 1,000 a day to 2 or 3 per week. OpenBSD's tar pitting sets a TCP recieve window of 1 byte per second on known IP addresses that send spam. Additionally, you can create spam trapping addresses and I've done this and placed them in the open on bulletin boards and newsgroups. In fact, I've used spam trapping addresses to harvest IPs of known spammers and add those to a blacklist. There is no performance drop on our end. The most persistent spammer hung in for nearly an hour before giving up the ghost.