A Welcome Shift: Spam Now Constitutes Less Than Half of All Email

← Back to Stories (view on slashdot.org)

A Welcome Shift: Spam Now Constitutes Less Than Half of All Email

Posted by timothy on Friday July 17, 2015 @05:55PM from the millions-could-starve-film-at-11 dept.

An anonymous reader writes: According to Symantec's latest Intelligence Report, spam has fallen to less than 50% of all email in June – a number we haven't seen in over a decade. Of all emails received by Symantec clients in June, junk emails only accounts for 49.7% down from 52.1% in April which shows a huge drop. Year over year, spam has decreased as well due to internet providers doing a better job at filtering and shutting down spam bots.

77 of 114 comments (clear)

Min score:

Reason:

Sort:

Still too much by Z00L00K · 2015-07-17 18:02 · Score: 3

It's still too much, it has to be stopped, and the penalties for junk mail and online fraud are way too mild.

--
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
1. Re:Still too much by TheRealQuestor · 2015-07-17 18:09 · Score: 2
  
  Agreed but to be honest I get maybe 1 or 2 junk mails in my Outlook inbox every couple of months or so. I have pretty much forgotten the days where I'd get 100's a day. I've forgotten that it was even an issue to be honest. I just don't see them anymore as I send all my email through my primary email to my gmail and finally to my outlook and they just aren't there anymore. Primary filters, gmail filters, and outlook just doesn't see them, I'm pretty much shocked when one does get through lol.
2. Re:Still too much by Tablizer · 2015-07-17 18:27 · Score: 2, Insightful
  
  The real fix is to charge for email. To send an email, have a 2 cent charge. 1 cent goes to the ISP, and the other to a governing and enforcement body -- the ePost Office.
  Spammers right now send for almost free. If they had to pay two cents for each recipient, it would put most out of business.
  And they'd have to leave a money trail, making it easier to find and bust them.
  
  --
  Table-ized A.I.
3. Re:Still too much by houstonbofh · 2015-07-17 18:41 · Score: 1
  
  It's still too much...
  But when you consider how much e-mail traffic itself has dropped, the spam drop is even more significant. I see more spam on FaceBook now then I do in e-mail.
4. Re:Still too much by bobjr94 · 2015-07-17 18:50 · Score: 1
  
  If hotmail (outlook, msn mail or whatever) could just filter out the 10 viagra emails I get a day, that would be great. Even creating custom filters dont work, since change spelling and senders in each email.
5. Re:Still too much by dknj · 2015-07-17 18:54 · Score: 4, Insightful
  
  Your post advocates a
  ( ) technical ( ) legislative (X) market-based ( ) vigilante
  approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
  ( ) Spammers can easily use it to harvest email addresses (X) Mailing lists and other legitimate email uses would be affected ( ) No one will be able to find the guy or collect the money ( ) It is defenseless against brute force attacks (X) It will stop spam for two weeks and then we'll be stuck with it (X) Users of email will not put up with it (X) Microsoft will not put up with it ( ) The police will not put up with it ( ) Requires too much cooperation from spammers (X) Requires immediate total cooperation from everybody at once (X) Many email users cannot afford to lose business or alienate potential employers ( ) Spammers don't care about invalid addresses in their lists ( ) Anyone could anonymously destroy anyone else's career or business
  Specifically, your plan fails to account for
  ( ) Laws expressly prohibiting it (X) Lack of centrally controlling authority for email (X) Open relays in foreign countries ( ) Ease of searching tiny alphanumeric address space of all email addresses (X) Asshats ( ) Jurisdictional problems (X) Unpopularity of weird new taxes ( ) Public reluctance to accept weird new forms of money ( ) Huge existing software investment in SMTP ( ) Susceptibility of protocols other than SMTP to attack ( ) Willingness of users to install OS patches received by email ( ) Armies of worm riddled broadband-connected Windows boxes ( ) Eternal arms race involved in all filtering approaches (X) Extreme profitability of spam ( ) Joe jobs and/or identity theft ( ) Technically illiterate politicians ( ) Extreme stupidity on the part of people who do business with spammers ( ) Dishonesty on the part of spammers themselves ( ) Bandwidth costs that are unaffected by client filtering ( ) Outlook
  and the following philosophical objections may also apply:
  (X) Ideas similar to yours are easy to come up with, yet none have ever been shown practical ( ) Any scheme based on opt-out is unacceptable ( ) SMTP headers should not be the subject of legislation ( ) Blacklists suck ( ) Whitelists suck ( ) We should be able to talk about Viagra without being censored ( ) Countermeasures should not involve wire fraud or credit card fraud ( ) Countermeasures should not involve sabotage of public networks ( ) Countermeasures must work if phased in gradually (X) Sending email should be free ( ) Why should we have to trust you and your servers? ( ) Incompatiblity with open source or open source licenses ( ) Feel-good measures do nothing to solve the problem (X) Temporary/one-time email addresses are cumbersome ( ) I don't want the government reading my email ( ) Killing them that way is not slow and painful enough
  Furthermore, this is what I think about you:
  (X) Sorry dude, but I don't think it would work. ( ) This is a stupid idea, and you're a stupid person for suggesting it. ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
6. Re:Still too much by Krishnoid · 2015-07-17 19:03 · Score: 1
  
  You worry too much -- this problem will eventually take care of itself. Seriously, how much larger can people's penises get, anyway?
7. Re:Still too much by Tablizer · 2015-07-17 19:10 · Score: 1
  
  I don't suggest doing away with the current system; just adding a new service. Maybe it can be pioneered by universities, and then when others see how it greatly reduces junk, they too will join.
  
  --
  Table-ized A.I.
8. Re:Still too much by ArmoredDragon · 2015-07-17 19:37 · Score: 2
  
  I think it would be considerably easier if SMTP was updated to require not only a reverse DNS arpa pointer record of the sending server, but the reverse DNS record must also have a matching MX record. Almost all legitimate mail servers already do this, and the ones that don't easily can.
  Right now, most SMTP implementations don't require DNS at all, and unless spammers can hack every DNS server that most POP servers use, then their botnets aren't going to be able to send spam.
9. Re:Still too much by Anonymous Coward · 2015-07-17 19:41 · Score: 1
  
  LOL, sign me up for the expensive email that no one else is connected to.
10. Re: Still too much by Anonymous Coward · 2015-07-17 19:44 · Score: 1
  
  I think your idea would also make an opportunity for some spammers as it would guarantee delivery and give them a receipt. And for early adopters would give a spot near the top of your inbox. Then it would be like a subscription spam filter because the only people dumb enough to pay for email is spammers.
11. Re:Still too much by Opportunist · 2015-07-17 20:10 · Score: 1
  
  I think I dimly remember MS trying to pull some shit like this. Imagine how much of a bomb it has to be if a juggernaut like MS can't pull it off.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
12. Re:Still too much by Opportunist · 2015-07-17 20:12 · Score: 4, Insightful
  
  If you consider for a moment that quite a bit of spam comes from hacked accounts (because it's trivial to filter out spam sources that have broken MX records or are untrustworthy for other reasons), you might get an idea why it's NOT a good idea and who'd eventually foot that bill.
  But hey, it may finally make people consider protecting against trojans relevant when it hits their wallet with four-five digits.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
13. Re:Still too much by Tablizer · 2015-07-17 20:16 · Score: 1
  
  Gates wanted MS to be the Post-Office
  
  --
  Table-ized A.I.
14. Re:Still too much by SgtAaron · 2015-07-17 20:21 · Score: 2
  
  Agreed but to be honest I get maybe 1 or 2 junk mails in my Outlook inbox every couple of months or so.
  Sysadmins who happen to administer email servers have not forgotten. It's still an issue, big time.
15. Re:Still too much by JaredOfEuropa · 2015-07-17 21:09 · Score: 1
  
  So FB does have a use: as a honeypot. Thanks Mark!
  
  Spam has been moving towards web based services for a while now. Almost all message boards have antispam measures now; every now and then you may run into an orphaned board without such measures, and it'll be wall to wall spam. The ratio of spam and legitimate posts on my Wordpress site used to be over 10/1 until I added some (premium) spam control, but a few spams still make it through. I see the same on a Drupal site I administer. Those spammers are really making the effort in getting through.
  
  --
  If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
16. Re:Still too much by FaxeTheCat · 2015-07-17 21:10 · Score: 1
  
  There is already the SPF policy framework. No need to invent something new. http://www.openspf.org/
17. Re:Still too much by GigaplexNZ · 2015-07-17 21:43 · Score: 1
  
  Google even tried a free email replacement called Wave. That didn't catch on either.
18. Re:Still too much by Dan541 · 2015-07-17 23:12 · Score: 1
  
  The real fix is to charge for email. To send an email, have a 2 cent charge. 1 cent goes to the ISP, and the other to a governing and enforcement body -- the ePost Office.
  This has to be a troll right?
  Spammers simply won't pay some fancy communication tax.
  
  --
  An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
19. Re:Still too much by Dan541 · 2015-07-17 23:16 · Score: 1
  
  If my university charted charging to send and receive email I would just stick to using my own email for free (per email).
  
  --
  An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
20. Re:Still too much by Dan541 · 2015-07-17 23:25 · Score: 1
  
  Spam has been moving towards web based services for a while now. Almost all message boards have antispam measures now; every now and then you may run into an orphaned board without such measures, and it'll be wall to wall spam. The ratio of spam and legitimate posts on my Wordpress site used to be over 10/1 until I added some (premium) spam control, but a few spams still make it through.
  It makes more sense for spammers to target blog comments for the simple fact that many people can view a single spam as opposed to just one email recipient. Add to the fact that anti-spam technology for blogs is not as advanced as it is for email and it's like spammer paradise.
  Crooks are also moving into advertising networks. The a mount of malware that is distributed through advertisements is not insignificant.
  
  --
  An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
21. Re:Still too much by N1AK · 2015-07-17 23:26 · Score: 1
  
  It would make more sense to charge people you don't 'know' to receive email their email, and even that doesn't make sense as it would push spammers towards even more focus on hacking into other people's email addresses or servers where they wouldn't be the one paying.
  
  Email doesn't need to have a charge to dissuade spam, the amount of spam is falling and if there was a concerted effort to find and prosecute a much higher proportion of spammers it would fall much further.
22. Re:Still too much by Ark42 · 2015-07-18 00:00 · Score: 3, Insightful
  
  Hotmail/MSN/Outlook mail is well known for just not delivering lots of legitimate mail now. You may not see spam there, but you may not get mail from a friend who doesn't use common webmail like gmail or Yahoo. The mail does not even go to your junk/spam folders, and it does not get bounced to the sender. They just silently accept and delete incoming mail, without any notification.
  I'd, personally, rather see spam getting through than email become a useless technology that fades away because people can't rely on it anymore.
  
  --
  Morphing Software
23. Re:Still too much by msauve · 2015-07-18 00:17 · Score: 1
  
  "I think it would be considerably easier if SMTP was updated to require not only a reverse DNS arpa pointer record of the sending server, but the reverse DNS record must also have a matching MX record. "
  
  So, break virtually all MUAs (which send using SMTP), and force everyone to use webmail? Good luck with that.
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
24. Re:Still too much by www.sorehands.com · 2015-07-18 00:35 · Score: 1
  
  First, it is not spam if you have a relationship.
  How is it getting easier to filter? It is not easy, you as an end user just does not see it because providers do most of the work for you.
  
  --
  Fight Spammers!
25. Re:Still too much by jaseuk · 2015-07-18 00:41 · Score: 1
  
  You mean like iMessage?
  Where entry fee is an Apple device?
  Jason
26. Re:Still too much by wvmarle · 2015-07-18 02:21 · Score: 2
  
  You see how well that works for traditional paper junk mail, where the cost of sending out mailings, even delivered door to door, is easily an order of magnitude higher than the number you suggest.
  It's totally non-existent thanks to this cost, right?
27. Re: Still too much by Opportunist · 2015-07-18 03:15 · Score: 1
  
  That's not something that MS tried to established, that's something MS was (as usual) late to and tried desperately to catch up with.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
28. Re:Still too much by JustAnotherOldGuy · 2015-07-18 03:48 · Score: 2
  
  ^^^^ This times 1000.
  
  Email has become fairly unreliable because many of the larger providers simply drop any suspect email, and they do it silently. No bounceback, no indication that it was rejected, nothing. They just drop it without any indication whatsoever. You send an email and it never arrives, never comes back as undeliverable, it just disappears.
  
  In the last few years I've seen this happening more and more and more, to the point that I sometimes have to call the recipient to see if they got what I sent.
  
  --
  Just cruising through this digital world at 33 1/3 rpm...
29. Re:Still too much by Khashishi · 2015-07-18 04:37 · Score: 1
  
  Imagine the face on the poor guy whose computer got owned when ze looks at their internet bill.
30. Re:Still too much by Actually,+I+do+RTFA · 2015-07-18 07:29 · Score: 1
  
  I've liked that form response for a while. It tragecially now looks out date. To wit:
  
  ( ) Public reluctance to accept weird new forms of money
  is no longer an acceptable objection.
  
  --
  Your ad here. Ask me how!
31. Re:Still too much by davester666 · 2015-07-18 10:22 · Score: 1
  
  Finally, just over 50% of all email is now valuable marketing information, because you have a business relationship with the sender!
  
  --
  Sleep your way to a whiter smile...date a dentist!
32. Re:Still too much by webnut77 · 2015-07-18 13:12 · Score: 1
  
  So, break virtually all MUAs (which send using SMTP), and force everyone to use webmail? Good luck with that.
  /etc/postfix/main.cf
  # Restricts what recipient addresses we accept in the RCPT TO commands # smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated . .
  Now what were you saying?
33. Re:Still too much by msauve · 2015-07-18 16:11 · Score: 1
  
  I was saying the the OP was an unworkable solution. You seem to be arguing something completely different.
  
  --
  "National Security is the chief cause of national insecurity." - Celine's First Law
34. Re:Still too much by ArmoredDragon · 2015-07-18 17:00 · Score: 1
  
  Ok so since IPv6 breaks a lot of shit, let's not transition to it either.
Now only if we could do that with real mail! by Irate+Engineer · 2015-07-17 18:10 · Score: 4, Insightful

Is there such a thing as a spam filter for regular (paper) junk mail?
It's like some perverse life cycle - my paper recycling gets picked up, made into paper, which is then made into junk mail, which is then delivered, and unceremoniously dumped into my paper recycling without being read.

--
Left MS Windows for Linux Mint and never looked back!
Vote for Bernie in 2016!
1. Re:Now only if we could do that with real mail! by Opportunist · 2015-07-17 20:14 · Score: 1
  
  That's why we installed a paper bin right next to our mail boxes along with a note for the average spam delivery goon that he can save himself and us a lot of work by simply dumping his junk right there because it's where it's going to end up anyway.
  Believe it or not, it does actually work with a few of them.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
2. Re:Now only if we could do that with real mail! by Anonymous Coward · 2015-07-17 20:53 · Score: 4, Informative
  
  Eg. in the Netherlands you can find stickers on mailboxes saying "NO to unaddressed advert print -- NO to local circulars". The latter are "local news" rags dropped in every mailbox, paid for by advertising. Typically the local municipality publishes notices in them, so it's not unusual to see "NO -- YES" stickers. There also do exist YES -- NO and YES -- YES variants of the stickers but those are understandably rare. These are not backed by any law, but since people tend to get irate if the stickers aren't respected, they usually are. Someone came up with them and the design stuck.
  One example and another example (including NO -- YES variant).
  An image search for "nee nee sticker" gets lots of examples, including the inevitable jokes. In eg. Germany you can see different designs, search for "bitte keine werbung".
3. Re:Now only if we could do that with real mail! by Registered+Coward+v2 · 2015-07-18 01:30 · Score: 1
  
  Is there such a thing as a spam filter for regular (paper) junk mail?
  It's like some perverse life cycle - my paper recycling gets picked up, made into paper, which is then made into junk mail, which is then delivered, and unceremoniously dumped into my paper recycling without being read.
  Yes, it's called United States Postal Service Form 1500; which let you decide what mail is offensive and should be stopped.
  
  --
  I'm a consultant - I convert gibberish into cash-flow.
4. Re:Now only if we could do that with real mail! by Irate+Engineer · 2015-07-18 02:48 · Score: 1
  
  USPS Form 1500 only pertains to sexually oriented advertisements. Unless one wants to claim an obscure fetish about credit card offers I don't see how this form would help.
  
  --
  Left MS Windows for Linux Mint and never looked back!
  Vote for Bernie in 2016!
5. Re:Now only if we could do that with real mail! by Solandri · 2015-07-18 05:12 · Score: 1
  
  Unlike email, which spammers send essentially for free, paper junk mail is paid for and in fact provides about 1/3rd of the funding for the US Postal Service.
  
  Actually, when you put it like that, marketing (spam + selling marketing info) pays for 100% of most people's email. If you have a free email account with Google, Yahoo, Microsoft, etc., it's not really free. It's being paid for by selling your info to marketers. Just like spam/junk mail.
6. Re:Now only if we could do that with real mail! by Registered+Coward+v2 · 2015-07-18 08:29 · Score: 1
  
  USPS Form 1500 only pertains to sexually oriented advertisements. Unless one wants to claim an obscure fetish about credit card offers I don't see how this form would help.
  IIRC it doesn't require any explaination of why it is objectionable. Always use the rules in your favor.
  
  --
  I'm a consultant - I convert gibberish into cash-flow.
Celebrate! by Tablizer · 2015-07-17 18:21 · Score: 2

That news makes me so happy, I'm gonna send a check to that Nigerian Prince needing help getting his money out of a foreign bank.

--
Table-ized A.I.
Nobody emails them by darkain · 2015-07-17 18:22 · Score: 2

Maybe nobody emails them specifically? I still get ~7,000 junk emails per month (caught by spam filters), compared to maybe 200-500 legit messages.
49% wooo hooo by Tablizer · 2015-07-17 18:34 · Score: 2

One half? High standards! That's like saying a car "only bursts into flames on Tuesdays now". It's a fucked up system; it just went from being mega-fucked down to hyper-fucked. I guess if you are used to being mega-fucked, then hyper-fucked seems better.

--
Table-ized A.I.
Re:Why are yo not drunk? by ladislavb · 2015-07-17 18:36 · Score: 2, Informative

Living in the era of the borderless world wide web, I really hate to remind some Slashdot readers that there are many many places on earth where it is NOT feiday night right now.
Re:What a load of BS by Tablizer · 2015-07-17 18:39 · Score: 2

This sounds like Bill Gates a few years ago when he claimed spam wasn't a problem.
"640 spams a day oughta be enough for anybody."

--
Table-ized A.I.
Re:Why are yo not drunk? by Anonymous Coward · 2015-07-17 18:45 · Score: 2, Funny

You need to just get a lief

I'm not gay and I'm not into Vikings.
Re:Why are yo not drunk? by rossdee · 2015-07-17 19:36 · Score: 1

"Serionsly, it's Feiday night! Why are you reading this?"
It may surprise you to learn that not everybody works 9 to 5 Monday to Friday
SPF, DKIM, and DMARC by Demonoid-Penguin · 2015-07-17 19:42 · Score: 5, Informative

The Symantec report quotes numbers - not reasons. The referenced "story" just quotes a summary of figures from the Report.
The biggest changes to email in the last year have not been arrests or deaths of spammers - but the implementation of SPF, DKIM and DMARC by email providers.
Especially in my experience, has greatly increased the amount of email rejected for delivery (so sorry, the claimed source is clearly spoofed, now filed in the big round grey folder). The "direct"/email marketing forums are full of "entrepreneurs" complaining about it (boo-fucking-hoo).
Primarily it stops forged From headers with providers that reject failures or missing authentication (e.g. Yahoo), Secondly it (DMARC) increases spam reports by providers that use the data, resulting in faster and more accurate spam filters from the suppliers.
Next year will be hell on spammers as many email providers follow Yahoo's lead and change their DMARC policy to "p=reject". Maybe then we'll see mailing list providers stop whining about the policy and work-around it (instead of continuing to do things the way they've always done things in a changing world), and they'll see a reduction in the amount of spam they are resending. Anecdotal evidence is that they've all seen an increase in spam as spammers target mail providers that don't enforce SPF, DKIM and DMARC.
Sure the full implementation will piss off some that aren't actually spammers (*cough*MailChimp*cough) but it'll also make phishing a lot harder. Eventually it may even shut up those who don't understand it, well, maybe. It isn't perfect, though it's not a bad as clueless Seltzer claims. In a perfect world people would deploy DNSSEC on their email servers so better sender authentication methods could be used - and all email senders and recipients would use and understand PGP (fat chance of that happening).
1. Re:SPF, DKIM, and DMARC by umafuckit · 2015-07-17 20:14 · Score: 1
  
  It also doesn't provide a graph of spam rate over time. Just three pie charts showing changes over the last three months.
  
  --
  soylentnews.org
2. Re:SPF, DKIM, and DMARC by Zocalo · 2015-07-17 20:57 · Score: 1
  
  Or the kinds of accounts that are seeing the falls in spam. If those users responsible for the bulk have the spam passing through the monitoring systems have either abandonned email for social media alternatives like Facebook and Twitter, or just become more aware that providing their email address to every site that asks for it isn't a good idea, then you probably would see a huge reduction in spam *overall*. For the rest of us that have been more careful all along, then the change is probably far less significant, and may actually have gone up as our compromised email addresses continue to get shared around various spammers.
  
  Interesting as a data point, but without knowing the trends that led to it it's essentially just a meaningless statistic.
  
  --
  UNIX? They're not even circumcised! Savages!
3. Re:SPF, DKIM, and DMARC by Demonoid-Penguin · 2015-07-17 21:29 · Score: 1
  
  It also doesn't provide a graph of spam rate over time. Just three pie charts showing changes over the last three months.
  Agreed, remarkably short of information. Usually their reports are accompanied by press releases, and marketing. I wonder what's different this time.
  Note that while Symantec uses figures from their email scanning products - it doesn't correspond with figures from larger monitors e.g.
  Senderbase - which shows a slight increase of 234.53 billion av.pd (85.93% of global traffic) for the last 12 months, against 222.88 billion av. pd (86.00% of global traffic) for the last 6 months, and 187.14 billion av. pd (86.41% of global traffic) for the last month (nowhere near half).
  Securelist 3rd qtr 2014 (note the drop during that period), and 1st qtr. 2015
  Backgrounds for dartboards - the main offenders
  I also wonder whether any reduction in email spam has just resulted in more spam via SMS and "social" networks (as well as mailing lists).
Spam stems from lack of negative feedback by Morgaine · 2015-07-17 19:59 · Score: 5, Interesting

Control Theory is applied mainly to electronic systems, but it's equally applicable to all systems everywhere, with no exception. That includes networking, and it even governs human systems.
It's a truism in Control Theory that a system without negative feedback is a system that is out of control. All non-trivial systems without negative feedback head towards an uncontrolled state on the slightest perturbation of initial conditions.
Email is one such system. It was designed without negative feedback back in the early days of the academic Internet before malicious actors appeared on the scene. Because there is no "cost" associated with sending an email, the system went out of control --- the primary effect of that is spam. (This "cost" has nothing to do with money.)
In Control Theory terms, "cost" is any control metric that tracks an undesired effect and reduces that effect when applied to its cause. One of the most universal undesired effects is resource consumption, and that's directly applicable to the email problem because many kinds of resources are used up by spam when it arrives at MTAs and at end-user mailboxes --- examples are CPU time, storage space, network bandwidth, end-user time, and many other things. They're all resources, and spam is the direct result of the spammer feeling no "cost" when he consumes other people's resources. There is no negative feedback being applied to his posting of spam.
"Cost" in the control theoretical sense could be many things when applied to email, for example a slowdown in the spammer's ability to post his next email proportional to the rate of sending and to the number of recipients. There are dozens of possible ways to make a spammer feel a "cost" as negative feedback for his actions, many of them leaving normal mail users entirely undisturbed by the negative feedback. Unfortunately email has none of these control methods available, and it probably never will because it's too late in the day.
One day however, a new asynchronous communication protocol will be designed to replace SMTP. It must be designed with a mechanism for negative feedback integral to the protocol and non-optional, or else the spam problem will appear again, sure as night follows day.
Note that we have many other systems out of control in computer networking, it's not just email. For example, there is no negative feedback applied to rampant abuse of user-side scripting by web pages. Web developers feel no cost regardless of how much end-user CPU, storage, or network bandwidth they employ, and since there is no negative feedback applied to their over-use, browsers typically have their CPUs pegged at 100% and the Web has turned to molasses. As techies we try to control the Web excesses with NoScript (for example) just as we try to control spam with SpamAssassin, but these are just fighting symptoms. You can't cure a disease by fighting symptoms.
This is a universal truth. No negative feedback spells trouble ahead.

--
"The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
1. Re:Spam stems from lack of negative feedback by JaredOfEuropa · 2015-07-17 22:59 · Score: 2
  
  You can charge that cost (in whatever form it comes) to spammers only; if you apply it to everyone equally, you'll run into another phenomenon called "market failure". And identifying spam and spammers is something that many researchers and developers have tried solving already. That's the real problem: it is hard to distinguish spam sources, usage patterns and content from legitimate emailers, especially bulk emailers. How do you propose to "track an undesired effect" in email?
  
  --
  If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
2. Re:Spam stems from lack of negative feedback by Kjella · 2015-07-18 00:30 · Score: 1
  
  It's a truism in Control Theory that a system without negative feedback is a system that is out of control. All non-trivial systems without negative feedback head towards an uncontrolled state on the slightest perturbation of initial conditions. (...) In Control Theory terms, "cost" is any control metric that tracks an undesired effect and reduces that effect when applied to its cause.
  Most consumption is actually demand limited, even if you make a toll road free there's a fairly finite amount of time I'd spend driving it or how much I'd eat at a free buffet. I've never had negative feedback on my email volume, yet never had my consumption spin out of control because it's inherently self-regulating how much I'd care to consume even if it is a free and unregulated resource.
  Spammers operate under the edge condition where they'd like to send an infinite number of emails (more money) and they got near zero self-cost in time (same bullshit for everyone) and money (stolen resources). 0.00001 gain / 0.0000001 cost = profit. All it would take is a tiiiiny amount of cost added and this edge case would disappear, but applying it per email would be a mess whether it's a technical, legal or commercial solution.
  So instead we try to raise the cost of being a spammer as such by blacklists and verifying headers and domain keys, if you constantly have to make complex setups to spam and quickly lose your welcome the overhead for the hit-and-runs starts eating into your profits. If we're down to 50% that's not bad, "spam, real, real, spam, spam, real, spam, real, real, spam, spam" sounds a whole lot better than "spam, spam, spam, spam, spam, spam, spam, real(!), spam, spam"
  
  --
  Live today, because you never know what tomorrow brings
3. Re:Spam stems from lack of negative feedback by wvmarle · 2015-07-18 02:32 · Score: 1
  
  How to measure (and slow down) sending rates of some bulk mailer, who sends e-mail to hosts all over the world?
  The source doesn't have to follow the protocol - they just send out as fast as they can. The destinations (plural - probably big big numbers) have no idea what other destinations get from that source. Most of them will see just a few e-mails come in, that's their share. All the spammer has to do is not send everything for Yahoo at the same time, but intersperse it with mails to other destinations and Yahoo doesn't throttle him - or maybe Yahoo does throttle, but that won't stop the spammer from targeting other destinations in the meantime. They probably do that already, simply by having hundreds of outbound smtp sessions running at the same time.
4. Re:Spam stems from lack of negative feedback by t551 · 2015-07-18 05:49 · Score: 1
  
  I suspect that most SMTP servers already implement rate-limiting for everyone, everywhere.
  The GP's objection was that you are vastly underestimating the number of nodes that a spammer can connect to. When he has a million upstream SMTP servers, it doesn't matter if he's rate-limited to one email an hour by each of them; he's still sending a million emails an hour.
Re:What a load of BS by Opportunist · 2015-07-17 20:15 · Score: 1

You probably don't get many invoices.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Flawed statistics are flawed by Opportunist · 2015-07-17 20:18 · Score: 2

Yay, we're down to 50%! that means spam is down, right?
Nope. Sorry. Spam is alive and well as it always was. But more and more companies are switching to mail for sending their bills. What you used to get as a dead tree edition, you now get via bits. Your ISP sends his invoice via email, so do Amazon, EBay, PayPal and pretty much any online trader.
Spam mail isn't down. Legitimate (for varying definitions of legitimate) mail is up. That's all.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
1. Re:Flawed statistics are flawed by SgtAaron · 2015-07-17 20:48 · Score: 1
  
  Nope. Sorry. Spam is alive and well as it always was. But more and more companies are switching to mail for sending their bills.
  I think you meant email for sending bills. Yes that's a good thing. I still stuff envelopes for those who refuse to get invoices via email.
  And no, the spam problem is still alive and well. I responded to a user earlier who said he only gets 1 or 2 spams a month in his inbox, so no spam problem. He neglected completely all the behind-the-scenes work that goes into that excellent result. But there is still a ton of cpu time all over the planet dedicated to filtering that shit out!
  I'm tired of spammers, seriously tired.
2. Re:Flawed statistics are flawed by gavron · 2015-07-17 20:52 · Score: 1
  
  ^^^That.
  And appliances are now sending out email, including Nest thermostats, Ubiquiti cameras, CyberPower UPSs, etc.
  So the overall number of spam messages hasn't decreased at all. Spammers are still in an arms-war with sysadmins to get around e.g. SpamAssassin. However, there are now more messages so the percentage has lowered.
  Frankly, having read Symantec's "report" I find it devoid of data or numbers, just ending-statistics without a measure or quantification. However the "news" keeps quoting them and people keep discussing it as if it's facts, so they are getting their PR without having to do any real work. It could really all be based on what "engineer Johnson saw when he peeked at yesterday's incoming smtp maillog."
  E
3. Re:Flawed statistics are flawed by Opportunist · 2015-07-17 23:41 · Score: 1
  
  Personal communication is dwarfed compared to the amount of invoices and announcements sent out by companies. It's pretty much the same as it is with old fashioned mail, the amount of letters sent by individuals dwindled down when other forms of communication came into use but the amount of commercial mail covered for this billionfold.
  It's similar today with email. What used to be sent via postal services is more and more shifted towards electronic communication. Yes, people already shift away from it for their private correspondence, moving from email to social media services and instant messaging. Commercial correspondence on the other hand is increasing. Just look at your own inbox and check just how many mails you get that come from some company or another one. There's bills and delivery info from amazon, there's Steam informing you about some sale, there's your pizza place confirming your order, there's your ISPs invoice, there's your car dealer informing you about the checkup that's due, there's your doctor confirming the appointment, there's .... any kind of commercial crap you got in our mail 5 years ago now litters you inbox.
  And none of it is considered spam. Despite being usually treated just the same way.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
4. Re:Flawed statistics are flawed by Mandrel · 2015-07-17 23:50 · Score: 1
  
  Spam mail isn't down. Legitimate (for varying definitions of legitimate) mail is up.
  The opposite could also be true: As the young move from email to social apps, spammers have quickly followed. Just like how spam disappeared from USENET faster than legitimate posts as USENET began to die. I'd like to see evidence that pointed to the correct reason.
  I get about 15000 spam emails a month.
5. Re:Flawed statistics are flawed by laffer1 · 2015-07-17 23:57 · Score: 1
  
  The other difference is that Yahoo and Google have locked down email so that legitimate email isn't getting delivered. Now other providers are following the same rules. When you block a lot of email, it never gets delivered.
  There are certain people I just can't mail anymore.
  
  --
  MidnightBSD: The BSD for Everyone
6. Re:Flawed statistics are flawed by Demonoid-Penguin · 2015-07-18 00:15 · Score: 4, Insightful
  
  The other difference is that Yahoo and Google [sic and every other BP email provider] have locked down email so that legitimate email isn't getting delivered. Now other providers are following the same rules. When you block a lot of email, it never gets delivered.
  There are certain people I just can't mail anymore.
  Then implement SPF, DKIM and DMARC - it's not hard compared to correctly configuring a mail server. As a bonus halfwits with a spare 10 minutes won't be able to spoof your email address.
  But until you do something other than complain you remain part of the problem instead of part of the solution.
7. Re:Flawed statistics are flawed by wvmarle · 2015-07-18 02:41 · Score: 1
  
  They probably check what's passing through the upstream filters, and is handled by a spamfilter.
  My spam filter catches some 45-50 spams a day. It misses those with attachments (irritating - get 5-10 of those daily) and a few others that are hard to classify as spam (rather legit business related but not my business), but overall doing a decent job. I'm getting a similar number of legit mails a day, a large number of those being stuff like meetup and facebook status messages. So that'd be indeed about half/half for spam vs ham.
  However, that 45-50 spam a day is AFTER greylisting, which basically requires every first-time sender (FROM, TO, source IP) to retry 5-30 minutes later. Many spambots just don't. I have this active for years, and when I installed it the amount of caught junk went down from some 300 a day to 30 a day. If this 10-fold difference is still the case, I'd be getting some 450-500 spam a day, or a 90% spam to 10% ham ratio. I'm not about to switch off greylisting to try this out, though :-)
Re:Why are yo not drunk? by SgtAaron · 2015-07-17 20:26 · Score: 1

LOL. I'll bite 72442. I'm drinking, too, but somehow manged to tpe ths. Cheers!
LinkedIn... by jb_nizet · 2015-07-17 21:04 · Score: 2

Do they count LinkedIn email as spam? Because that would probably make the number climb to 75%.
> Unsubscribe from LinkedIn
> Delete email account
> Sell house, live in woods
> Find bottle in river
> Has note inside
> It's from LinkedIn
Source: https://twitter.com/darylginn/...
XP by tomhath · 2015-07-17 22:51 · Score: 1

There are still a couple of hundred million XP machines running. As that number declines so does the amount of spam, but there's a long way to go.
1. Re:XP by Demonoid-Penguin · 2015-07-18 00:47 · Score: 5, Interesting
  There are still a couple of hundred million XP machines running. As that number declines so does the amount of spam, but there's a long way to go.
  The number of XP boxes on the internet has little to do with spam. It did when cheap VPS, cloud and broadband was uncommon. Blame their owners for a lot of things - but blame for spam is misplaced (the main exception being Michael Lindsay's "customers"). It's far cheaper, and easier to either rent a host or pay a mailing service than it is to rent (or build) a bot-net of sufficient size to produce a measurable amount of the worlds spam. SPF, DKIM and DMARC has also considerably reduced the viability of bot-nets for spamming as the major email providers reject their unauthenticated headers, or quickly identify them as spam.
  The majority of those services provided by a small number of companies (in order of volume):- softbank.co.jp, unicom-bj, unicom-sc, drpeng.com.cn, webexxpurts.com, gmo.jp, kddi.ne.jp, kyivstar.net, uplus.co.kr, softcom.com.
  The majority of spam is commissioned by a small number of arseholes (a significant number of them are bases in North America since China cleaned up it's act). In order of volume:-
  
  Canadian Pharmacy - Ukraine. A long time running pharmacy spam operation. They send tens of millions of spams per day using botnet techniques. Probably based in Eastern Europe, Ukraine/Russia. Host spammed web sites on botnets and on bulletproof Chinese web hosting.
  Dante Jimenez / Aiming Invest - United States. Spamwarez, lists, "bulletproof" hosting in the finest South Florida tradition. Working with worst cybercriminal botnet spammers. Now mostly involved in massive botnet spamming with hosting on hacked servers and Eastern European hosters.
  Yair Shalev / Kobeni Solutions - United States. High volume snowshoe spammer from Florida, (former?) partner-in-spam of ROKSO spammer Darrin Wohl. Son-in-law of ROKSO listed spammer Dan Abramovich. Sued by FTC in 2014 due to fraud.
  Yambo Financials - Ukraine. Huge spamhaus tied into distribution and billing for child, animal, and incest-porn, pirated software, and pharmaceuticals. Run their own merchant services (credit-card "collection" sites) set up as a fake "bank."
  Mike Boehm and Associates - United States. Snowshoe spam organization that uses large numbers of inexpensive, automated VPS hosting IPs and domains in whatever TLD is currently cheapest to send high volumes of spam to extremely dirty, scraped lists. Operates under many business and individual names.
  Michael Persaud - United States. Long time snowshoe type spammer.
  Michael Lindsay - United States. Lindsay's iMedia Networks is a full-fledged spam-hosting operation serving bulletproof hosting at high premiums to well known ROKSO-listed spammers. His customers spam via botnet zombies with spam payloads hosted offshore, tunneled back to his servers. He and the gang have been hijacking (stealing) IP address space from companies for years to spam from. Illegal in the USA.
  Jagger Babuin / BHSI - Canada. Romanian spammer now living in Vancouver BC. Also known as the "Dr Oz" spammer.
  First Place SEO & financial fraud spam gang - United States. Seem to be either Northern New Jersey or San Diego, California based scammers. They rent endless numbers of servers and buy endless domains to then pump out "SEO", search-engine-rankings and financial fraud scam spams.
  Josh Henderson or Nicholson - bulletproofvps.com - Canada. Offshore Bulletproof Hosting is his thing.
  Top 10 countries that produce and export spam, in order of significance:- United States, China, Russian Federation, Ukraine, Japan, United Kingdom, India, Germany, Brazil, Turkey
  Sources
Lawsuits by www.sorehands.com · 2015-07-18 01:59 · Score: 4, Interesting

Lawsuits against companies for illegal spam also reduces spam.
in 2003, I filed a spam lawsuit against a drug spammer in Florida. Shortly after I settled, the amount of spam I received went down by about 50%.
I filed several spam lawsuits between 2013 and 2014. The e-mail load on my mail server went down by 75%.
Between May 27 2013 and Sat Jul 18 2015 (782 days) my server processed 4,801,196 e-mails (6,1397/day).
In 2012, my server typically processed between 20k-22k e-mails per day.
Between Aug 11 2008 and Nov 29 2008 (110 days) my served processed 1,419,128 e-mails. (12,901/day) But In 2011 I more than doubled the number of e-mail users.
When you sue the advertisers, they may terminate some of the spammer and the advertisers get some of the money from the spam networks that they use. At the very least, spam lawsuits get you on the spammer's suppression lists.

--
Fight Spammers!
1. Re:Lawsuits by Demonoid-Penguin · 2015-07-18 02:44 · Score: 1
  
  Lawsuits against companies for illegal spam also reduces spam.
  Agreed. Occasionally ACMA reluctantly sends a warning letter to spammer here - that's the "authority" charged with prosecuting spammers. Once or twice they've reluctantly taken legal action (they're corrupt and lazy). Sending unsolicited commercial email is an offence in Australia - none of that "opt-out" bullshit. I've filed thousands of complaints with them - and provided comprehensive documentation on the parties involved and the number of spams they've sent, as well as organise many others to do the same. Maybe I should try civil action - though our legal system is completely different to yours.
  
  When you sue the advertisers, they may terminate some of the spammer and the advertisers get some of the money from the spam networks that they use. At the very least, spam lawsuits get you on the spammer's suppression lists.
  A big one is mail-nutrilife-australia.com they operate a phishing scam for email addresses they resell to spammers, they pose as a competition and use Virgin, BP, Caltex, and Woolworths as part of the scam - maybe those companies could be convinced to take legal action against them. The servers are based in Luxenberg, but the principal is based in the USA.
  Thanks for the ideas, and especially for doing something.
Not a very meaningful number by damn_registrars · 2015-07-18 02:00 · Score: 1

This appears to be a survey of spam that is caught by Symantec software. There is plenty of spam that is caught in hardware filters, ISP filters, and filters that are run by various free email services. The Symantec software is often filtering pretty late in the game.

Furthermore, no sane person should ever be patting themselves on the back if they are only addressing the problem with filters, as they will never resolve the spam problem completely. Spam is an economic problem, and only economic solutions will make it go away. Filters completely ignore that component and just encourage spammers to send out more spam and do more to make the FP and FN rates unfavorable for users.

--
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Amount of SPAM has NOT Dropped. by ntrcessor · 2015-07-18 02:28 · Score: 1

The amount of SPAM hasn't dropped, the amount being DELIVERED has. I get the reports from my SPAM Filter provider, and basically they show that the amount of SPAM hitting all the hosted domains we have is doing way UP not DOWN. Just the amount of that that is getting delivered is going down. The Symantec report is not clear as to what they are actually basing their numbers on, but it is probably just on their install base, and the amount of SPAM REACHING the install base is lower as more providers have things in place to block SPAM before it gets to the servers. So NO the amount of actual SPAM is still rising.Just the amount being delivered to the Inbox is lower. These are not equivalent.

--
"Brrr, it's a titty bit nipple out(BLUSH) err, I mean a little bit nippy out."--ME walking w/ some coeds on a cold day.
Profit by manu0601 · 2015-07-18 12:50 · Score: 1

It seems that spam gangs moved to more profitable activities. The raise of ransomwares and point of sale hacking may be a hint at why we get less spam.
Re:Curious that. by Demonoid-Penguin · 2015-07-18 16:42 · Score: 1

The majority of spam I receive is coming from Linux servers.
But keep Slashturbating like it's 1999, while never updating your fucking CMS or properly fucking configuring sendmail, you cunts.
All sorts of OS get botted, both physical and virtual. And those bot farms do all sorts of things from bitcoin farming to spamming. But to return to the subject from the fanboi tangent - if the internet fairy waved his magic wand and made bot farms disappear you wouldn't see much difference in the amount of spam being delivered, and shortly thereafter levels would return to "normal".
As long as it pays to send spam it will continue to exist. If people stopped buying shit from spam, and people stopped paying for products sold by spam - the problem would disappear. These are the reasons why an earlier proposition in this story to charge for email is stupid. Creating another ICANN wouldn't work because those that make money from spam can buy favorable justice.
That doesn't mean that the disappearance of bot farms wouldn't be a good thing. And before some dipshit suggests it - a computer drivers license would have no effect (not that it'll stop the pro-certification-for-everythingtards).
Creating more bureaucracy to fix the failure of systems is the triumph of optimism over experience. In both cases: spam; and bot farms - there are existing mechanisms that can solve the problem, they just aren't employed. Fix the system problems - just because they aren't completely successful doesn't make it less unlikely that building new ones to replace them will be more successful (there's an engineering analogy there somewhere).
Hint: most people don't buy as the result of spam, most companies don't employ spammers, most hosting companies won't tolerate spammers - if that changed we'd see a shit load more spam.