Good News: A Sustained Drop In Spam Levels 75
Orome1 writes "Industry and government efforts have dealt a significant blow to spam, according to a Commtouch report that is compiled based on an analysis of more than 10 billion transactions handled on a daily basis. The sustained decrease in spam over the last year can be attributed to many factors, including: Botnet takedowns, increased prosecution of spammers and the source industries such as fake pharmaceuticals and replicas. However, spam is still four times the level of legitimate email and cybercriminals are increasing their revenues from other avenues, such as banking fraud malware."
"It depends" (Score:5, Interesting)
We have 5000+ users going through Google's Postini service, and up until about 6 months ago spam levels were within normal tolerances. Over the past 6 weeks we are getting CRUSHED with phishing attempts that make it through their filters. The quality of the phishing emails is excellent (they're basically just re-using an actual email from Verizon Wireless, American Express, etc, and substituting their malicious links.) Google shows absolutely no interest or concern - it seems they're looking at this as a commodity service, and trying to get everyone to move over to fully-hosted email in the cloud. Well, that's not us. We're looking at alternatives, including Cisco IronPort and Proof Point. Anyone care to weigh in on pros + cons, and also on cloud vs on premises?
Is it ALL spam, or just EMAIL spam, that's down? (Score:4, Interesting)
Yes, email spam is dropping. But is it truly because we're winning, or is it because we're not keeping up with the times?
I read maybe 20 emails a week. None of them are spam. But I spend far, far more times on forums, or in comment sections on various blogs or news sites. Spam levels there seem to be rising. And I imagine spammers are finding ways to exploit Facebook and Twitter, as well.
Perhaps spammers have just realized that you get better results spamming Web 2.0 than spamming Web 1.0.
Filtering != Stopping (Score:5, Interesting)
In short, filtering will never, ever, solve the spam problem. The summary of the article mentions techniques that are effective at stopping spam, and there is a reason why filters are not on that list.
Re:I still get a lot of spam (Score:4, Interesting)
Re:Filtering != Stopping (Score:5, Interesting)
In short, filtering will never, ever, solve the spam problem. The summary of the article mentions techniques that are effective at stopping spam, and there is a reason why filters are not on that list.
Not necessarily. If no one receives your spam because their filters are effective, there will be no profitability left. And, with that, the industry will die. And then the filters will get lax, someone will start up again, a spurt of spam will arrive, the filters adjust, and again dead.
I don't see this any less effective than current methods. Convicting someone just opens up room for someone else to take his place. Take down a botnet, and those same people who allowed their computers to be infected once will get infected again with the next botnet.
All methods are chasing the impossible. But just because we can't eliminate murder doesn't mean we legalise it. Filtering is an important tool. It is not and, for all practical purposes, can not be the only tool. But omitting that tool is just as fatal of a mistake as ignoring the law as a tool.
This is, at best, wishful thinking (Score:5, Interesting)
Low-end spammers are now fully integrated with malware authors, botnet operators, phishers, purveyors of illicit/illegal content, data brokers, and carders. High-end spammers are now quite successful at assuming the mantle of "respectable corporations" while continuing to do what they've always done. In both cases, the profits are huge, more than enough to encourage them to continue in fact of the largely-insignificant threat of prosecution. (Only the stupid ones get caught, and there is some evidence which suggests that they're being caught because their fellow spammers set them up.)
Have their been some temporary, isolated successes in fight against spam? Sure. But the key words are "temporary" and "isolated". As others with long experience in the field have said, we're only at the beginning of the spam fight, and it's going to get MUCH worse: there are known techniques that spammers have only just begun exploiting, and when they become pervasive, they're going to break every anti-spam methodology currently deployed. (Which is kinda the reason they were developed.)
When will this happen? Dunno. Crystal ball cloudy. But when it does, it's going to catch the ignorant newbies and incompetent amateurs at a number of commercial "anti-spam" operations completely by surprise, because they're too busy selling overpriced, worthless crap to actually do this thing we call "research", where, you know, you LEARN things about your adversary so that you can actually have a decent chance of anticipating their next move instead of getting blindsided by it. To put it another way: if you're running your own anti-spam setup using a combination of firewalls, 'nix, open-source MTA, DNSBLs, etc. then you're in a decent position to adapt quickly when the need arises. If you've made the horrible mistake of outsourcing to the chumps out there who are in it for a quick buck, then you're going to be really screwed.
Re:Is it ALL spam, or just EMAIL spam, that's down (Score:5, Interesting)
The spammers are moving on. In the past, there were enough people out there that would click on their links, send money, buy whatever crap is out there, or just be general marks. However, by now, anyone fleece-able is now penniless and in the streets.
Instead, the spam I see is less of trying to sell wanker drugs, but either coming with an attachment payload for a Trojan dropper, or if there is a website included, the website is chock full of exploits. Spam is more insidious because it used to be about selling stuff. Now it is about taking over the computer or device.
The drop in spam is because the criminals have moved from just sending E-mail out to focusing on Web browser exploits and other more lucrative gains. Getting someone to click a link which is rife with zero-days pays far better than getting someone to buy a box of blue M&Ms.
Targeted exploits are more common now. With ID theft so common, combined with the fact that VoIP allows a scammer from anywhere to fake a local number (even 911) in order to demand, cajole, or request information or even money. It used to be only the friend of a friend's cousin's inlaw who would be stung by it. Now, someone calling, saying they are so and so (and able to try to mimic their voice, claiming to have their jaw cracked so it doesn't sound the same), saying that so and so's wife with the name isn't around and that they need cash wired pronto is becoming the norm.
Spammers have moved away from the botnets to the phone boiler rooms, where if one has enough info and targets older Americans, the payoff can be extremely lucrative with zero chance of legal action taken.
What we are seeing is the next evolution in crime which usually goes as follows:
1: xxx crime gets popular
2: Counter measures are taken.
3: xxx crime dodges counter measures.
4: Actual working counter measures are taken.
5: The criminals move onto a new hustle.
This was true back in the 1900s when safes were broken into on a weekly basis until burglar alarm systems became the norm, then burglary evolved into home invasions and knock-and-shoots. Similar with car theft. When thieves were unable to smash a steering column lock for a prize, they went to carjacking.
What we will see instead of spammers are more social engineering attacks, where people use stolen information to target individuals via phone, E-mail, or FB in order to blackmail, extort, or scam cash.
Of course, the next threat after that is when criminal organization "A" a continent away starts making partners with local street gangs. Then, the guys on computers in Elbonia can tell the gangbangers over in a victim's local neighborhood who to rob because their cellphones are a ways away, and the Elbonian gang has access to a method of tracking in real time (perhaps some added "functionality" in a popular app). Or, the Elbonian gang hacks a school's database, then sells that info to a local gang to figure out which kids are "latchkey", and now has a steady ransom source. In return, the local gang does some hits and social engineering for the Elbonians.
Re:Filtering != Stopping (Score:5, Interesting)
Totally agree. I worked for an anti-spam company a couple years ago. We were seeing 90-95% spam traffic to our customers systems (mostly smaller ISPs, email hosting providers, regional governments, universities etc). Say for example one of the hosting providers has 200+ servers running MS Exchange. If 90% of the traffic is spam and it actually reaches to the mail server you got essentally 90% of your servers are tied up serving the spammers and 10% real emails.
Appliances like Iron Port help in that they stop the spam from getting to your mail servers usually but you still have the traffic getting all the way inbound (or outbound in the case of a bot or something coming from your network). So you are screwed in terms of bandwidth (fortunately spam does tend to be relatively small messages compared to real emails which tend to have more attachments). What was cool with the tech at the company I worked for is that they throttled the traffic of unknown or suspected spammers. Slow a bots connection down, or drop it if they don't obey protocols (a lot of them will start sending the message after the HELO without waiting for a response for example) and you save a huge amount of connections/bandwidth you process to completion. We were getting 100k+ simultaneous messages on 4 core servers.
Regardless that something can be filtered doesn't mean it doesn't cost something to do the filtering, the affect on deliverablity of the sending domain or even ISP level emails.