AOL Cans 1 billion Spams In One Day 460
linuxwrangler writes "AOL announced today that its spam filters hit the 1 billion reject mark for a 24 hour period. This is an average of 28 rejects per day per member. In addition, AOL spam engineers say they receive 5.5 million spam submissions each day from AOL users. Other reports here(1) and here(2)."
Wow! (Score:5, Interesting)
Only leaves 103 apeice...
Failure rate? (Score:5, Interesting)
AOL members aren't sending 5.5 million spams a day (Score:5, Interesting)
AOL users are reporting 5.5 million spam messages a day to customer service.
Statistical analysis would be nice... (Score:5, Interesting)
I would really like to see what kinds of spam are being sent and received. Sorta like the Google Zeitgeist, but for mass email.
It would probably have the same #1 term, though...
dang (Score:1, Interesting)
Geeze... forget *BSD is dying, I think email is dying....
"Allow all mail" doesn't work? (Score:5, Interesting)
Save those bits! (Score:5, Interesting)
Intelligent filters (Score:2, Interesting)
If the filter is anything like the filters in use in public schools and library networks, then it would be a fair guess that quite a few legit emails were blocked by the filters. It seems like writting an intelligent filter is pretty hard.
Re:This is the most important story of the year (Score:4, Interesting)
Ah, frea speach. What an overrated 'right' that is. Sorry, but your precious Amendment only prevents the government from shutting you up. There's no reason AOL can't censor you, and there's nothing to stop the Slashdot mods putting you to -1. That was settled long ago; Sanford Wallace, the Ralsky of his day, sued AOL and Compuserve for filtering his junk out, and he lost.
It costs AOL $2 per month per user just to handle the spam traffic. AOL's huge userbase makes them a magnet for dictionary attacks. If you want an unfiltered mail feed, then by all means pay someone extra for spam storage, or run your own mail server.
Holy. (Score:2, Interesting)
I just totaled up the logs for the spam graph [dowco.com] I keep for our mail server. In maybe a year and a half, we've caught approx. 1.6 million spams. I thought we were doing well.
But Jesus Christ! Who here wants to start a pool? We'll bet on how long it'll take before AOL has stopped a googol of spam, total. I bet two and a half years; three tops.
Re:This is the most important story of the year (Score:5, Interesting)
No, we have not. Spam is the #1 complaint we get from our users. They don't want the stuff, so we're fighting it. We block what they ask us to block.
But, of course, we're AOL and this is Slashdot, so naturally everything we do is wrong.
Ambivalence (Score:5, Interesting)
Strategy (Score:2, Interesting)
wow that's expensive or is it cheap. (Score:5, Interesting)
I would guess that deleting spam is about as expensive as transmitting it for an ISP. that is the processor intensive task of scoring and removing a spam probably is a wash with the processor light task of tranmitting and storing it. Now for the sake of argument lets just guess a wild number for the cost of filtering or passing along a spam. lets say 0.001 dollars.
if that were true then a billion spam deleted would cost AOL 1million dollars per day (plus the ones that got through). that would be a third of a billion dollars a year. THat seems way to high. So it must be less. SO maybe its 0.000001 cents?? that would come to a third of a million dollars a year.
My guess is that the latter is probably a good guess. why? well how many engineers has AOL assigned to the de spamination? perhaps a third of a million dollars worth every year? it would of course not make sense to spend more on de spamination than the harm it costs.
so anyhow assuming this wild guessing is within an order of magnitude then the proper charge to fine a spammer would be some multiple of 0.000001 dollars per spam sent. which is not an awful lot.
so is spam really that costly to ISPs??? Maybe not
Mailing lists? (Score:3, Interesting)
I had several lists bounce back and forth from my Yahoo inbox to my Yahoo bulk box before Yahoo figured this out and stopped moving legitimate mailers like NYTimes.com, Palm and Apple news into the bulk category.
Re:Holy. (Score:2, Interesting)
I'll easily take you up on that bet, as a googol is more than the number of elementary particles in the universe
In fact, even if AOL stops 1 billion spams/day, it will take 10^91 days to accumulate 1 googol... which is "somewhat" large. (I know, spam will probably increase exponentially, but still...)
Source:http://whatis.techtarget.com/definition/
Some are configured to reject ALL outside email (Score:5, Interesting)
Re:bandwidth usage (Score:1, Interesting)
20 messages not so bad? Well, the subjects are deceptive -- "Re: Contract Extension", "Proposal for Work", etc.. If they get past the filters they're likely to be valid so I end up checking them. Each costs me 5 seconds or so. OK, 5 minutes a day wasted may not be a huge amount. Multiply that by a year and I've lost a day to reading spam.
Let's talk about my Netscape account. I used to use it for personal email. Each week it receives close to a thousand spams. It's completely useless now. The problem is that some old friends still have that email address so occasionally they send me something. If I catch it I'll tell them about another personal address but why should I have to?
Bandwidth, as you've noted, is negligible for me. But the cost in time (both for reading and for implementing a spam filtering policy) is not.
If you could press a button... (Score:5, Interesting)
Re:How? (Score:5, Interesting)
Having all email routed to my inbox means that my figures above include dictionary attacks.
Using tagged addresses also runs up the total a lot. Every time I give out my email address, either on a registration form or in a public posting, I use a different tag.
I started tagging addresses in the early days of spam. Remember when we foolishly thought we could attach a disclaimer to usenet posts along the lines of "send me spam, and I'll bill you $50 under the anti-fax laws"? Well, I was dumb. I figured that in order to "prove" that unsolicited email was unsolicited, I had to have some proof [google.com] of how the spammer got my email address, and that I had a clear disclaimer.
The good news: I have a pretty good idea of which of my online activities generate spam (e.g., posts to control.cancel and *.test, my NIC registrations, and usenet group-creation votes all seem to be popular for the spam-database trollers)
The bad news: I can easily get hit 30, 40, or 50 times for any one mass-spewing a spammer decides to do.
The totals above contain NO false positives -- they're all tied to tagged addresses which only produce spam. Not included are the 50 or so false negatives I get a day, which get tackled through other means [tmda.net].
Re:This is the most important story of the year (Score:3, Interesting)
None of us will probably use AOL's service, but their abuse department certainly earned our respect.
The untold story (Score:1, Interesting)
I run an email server for my private needs. It is not an open relay and I do not spam but there is one RBL that has decided that any mail coming directly from the user IP address space of my provider is suspicious. I've never had a problem but my fiance, Kim, has run into a few servers that bounce her emails.
If you've guessed that AOL is now blocking mail from my server then you guessed correct. Kim doesn't have many contacts on AOL and they don't get much mail from her but she discovered, within the last week, that mail to any of these contacts bounces back.
So AOL's solution to block spam is to use RBL's--the message specifically mentions the familiar RBL that blocks my address range. I understand that the RBL's are in a difficult situation because their task is monumentally difficult but at least one has chosen an easy way out. I've long considered this RBL to be practicing bad netizenship and I now feel justified because their services are being utilitized by the provider who has been historically associated with bad netizens.
Re:wow that's expensive or is it cheap. (Score:3, Interesting)
there is a claim that spam costs money. Money to the ISP for bandwidth and money to the end user for reading/deleting. is this really true?
Then later:
I would guess that deleting spam is about as expensive as transmitting it for an ISP.
If deleting it costs money, and not deleting it costs money, then it costs money.
Re:Unbeleivable. (Score:3, Interesting)
However, nothing says I can't post a screenshot of my spam-box as viewed via pine.
For the poster who asked about the amount of spam-per-address...to be honest, I'm not sure. I didn't keep a good record of how many different tags I've used, and I'm not entirely sure how to adjust for the effects of dictionary attacks.
I'd guess that I easily somewhere between 70-100 spams per day to the address I originally used in the InterNIC record for my domain, for example, but I haven't kept stats at that level.
I'm unfortunately running a tar pit. But I've got to make up a measurable portion of submissions to uce@ftc.gov...not that that does any good.
So yeah, I get way more than my fair share of spam, because of being curious/stupid and tagging my address. I'm certainly not representative of how much spam Joe Average NetUser is getting. However, I think my spamlog may be interesting reading in the context of the overall growth of spam on the net.
I've been tracking my spam volume in the form above since 10 April 2002. One of these days I need to write up an article on how this is evidence of the expansion of spam.
One encouraging factoid: The rate of spam volume growth, at least for my little cesspool, seems to be slowing, at least as compared to what I saw during the last half of 2002. I don't know whether this is a real slowing, or just more filtering going on upstream from me, however....
P.S. -- 15 spams arrived between the time I pasted the listing from pine and my hitting preview a few seconds ago. :(
costs (Score:2, Interesting)
if we have 1 billion spams per day, at roughly 5kb per message, this equals to almost 5TB of wasted bandwidth. This is only what is caught. Now with this we can start estimating the costs per day for dealing with spam.
Lets consider bandwidth cost $1 per GB, AOL being as large as they are may be able to make that less. At that cost it is $5000 per day. This does not include the cost for extra equiptment to deal with the extra bandwidth, for people to write anti-spam software, etc. i'm going to estimate that it cost AOL over $10000 per day because of spam. or over 3.5 million in one year.
Re:This is the most important story of the year (Score:3, Interesting)
Besides, if you tried to implement a whitelist for all of AOL, the spammers would get around it pretty quickly - just sign up for a free trial, send yourself spam, add the spam to the whitelist, and away you go. It would have to be per-user to be meaningful, and if they implemented it, it would just mean most AOL users would start using Hotmail or Yahoo instead, as I'm sure many do already.
Email viruses (Score:3, Interesting)
AFAICT, all those came from the fact that I made the mistake of listing my real email address when I uploaded a Winamp skin. It was up for less than a week in December, and I'm still getting viruses now. The hotmail one I put up to replace it (only ever used for that Winamp skin) gets a similar level.
AOL spam solution (Score:2, Interesting)
What AOL really needs to do is:
1) allow more than 100 entries in the exlusion list (500 would be more reasonable)
2) perform more checking that the email header is really correct (reverse DNS etc). How can it be that spam is injected into the AOL gateway when clearly the FROM address is bogus?
I receive about 500 spam mails per month into my account; 20 real messages. More than 20 juk mails for every real message. I spend way too much time clicking the DELETE button!
Re:This is the most important story of the year (Score:2, Interesting)
Re:Some are configured to reject ALL outside email (Score:2, Interesting)
Yes, the master screenname (AOL allows up to seven screennames) can set the e-mail blocking for each name...they can all be different. So, my kid is only allowed to receive e-mail from known addresses, while my junkmail account (the one I use whenever I *have* to give out an address to some website) is left wide open (I rarely look at it), and my spouse's is different still. So, while all the users may not know their settings, whoever did the master account setup does.
Lately, I've been using the beta AOL Communicator, which seems to be catching roughly +90% of the spam before it hits my inbox, and I've only noticed one false positive over the last month.
small company stats... (Score:5, Interesting)
Spam became a huge problem here roughly a year ago, and it started taking up too much employee time. So roughly six months ago, we started using Spam Assassin. In that six months, Spam assassin has caught roughly 90% of the spam we get, totalling well over 500,000 spam mails.
Am I crazy, or is 1/2 million spams for only 7 people in less than six months absolutely insane or what? How can anyone argue that these spammers are running legitamite businesses?
I think it's high-time for some legis-fuckin-lation to curb this insanity :)
How effective is spam? (Score:2, Interesting)
If I advertise a silly product to 50 million email addresses, how likely am I to get customers?