Good News: A Sustained Drop In Spam Levels 75
Orome1 writes "Industry and government efforts have dealt a significant blow to spam, according to a Commtouch report that is compiled based on an analysis of more than 10 billion transactions handled on a daily basis. The sustained decrease in spam over the last year can be attributed to many factors, including: Botnet takedowns, increased prosecution of spammers and the source industries such as fake pharmaceuticals and replicas. However, spam is still four times the level of legitimate email and cybercriminals are increasing their revenues from other avenues, such as banking fraud malware."
Better Email Blocking (Score:5, Insightful)
Re: (Score:3, Informative)
Sorry, I have to disagree. My oldest _working_ e-mail address is 16 years old. I (obviously) never changed it. Yes, a lot of spam arrives. No, I see no spam there. There have always been ways for geeks to handle spam (more or less) efficiently.
That is so not true. I couldn't even handle it effectively at the enterprise level with the best tools around at one point. Things didn't get better until services like Brightmail came along using dummy addresses and active NOC actively adding rules, etc. Without services like that (in the past) you were screwed. Today, there's enough intelligence built in to handle most of it automatically, but that was so not always the case. It was a huge problem for the (huge) business I was in.
Re:Better Email Blocking (Score:4, Funny)
This comment is proof that spam has not been completely eliminated.
But instead of email, they're spamming comments sections.
I'm surprised he didn't include a link.
Actually, fairly true (Score:1)
Exploits of blogs, social media, search-engines and other such things have replaced traditional spam.
Try looking for a way to unlock an iphone on Google or Bing. Most of the top pages are just fake news/info sites that are trying to sell something (often products that don't work)
I recently emailed an educational institution to let them know that their CMS system was being hijacked by spammers peddling fake ebooks
Wordpress and other blogs are constantly being attacked, often with exploits used by either thos
Re: (Score:2)
Absolutely. How many "computer-helper.coms" can there be?
Even worse, you google "unlock an iphone" and you get some douchy "unlock-an-iphone.com" which you don't even have to click to know that it's just going to be some worthless site.
Email spam filters have gotten so good that now the entire internet is spam. It's one big phish
Re: (Score:2)
and the spam was still unbearable, until we threw in a Barracuda.
I prefer sharks with frickin' laser beams attached to their heads as my preferred method for executing captured spammers. But if Barracudas do it for you, well that's a start.</PINKY>
Filtering != Stopping (Score:5, Interesting)
In short, filtering will never, ever, solve the spam problem. The summary of the article mentions techniques that are effective at stopping spam, and there is a reason why filters are not on that list.
Re:Filtering != Stopping (Score:5, Interesting)
In short, filtering will never, ever, solve the spam problem. The summary of the article mentions techniques that are effective at stopping spam, and there is a reason why filters are not on that list.
Not necessarily. If no one receives your spam because their filters are effective, there will be no profitability left. And, with that, the industry will die. And then the filters will get lax, someone will start up again, a spurt of spam will arrive, the filters adjust, and again dead.
I don't see this any less effective than current methods. Convicting someone just opens up room for someone else to take his place. Take down a botnet, and those same people who allowed their computers to be infected once will get infected again with the next botnet.
All methods are chasing the impossible. But just because we can't eliminate murder doesn't mean we legalise it. Filtering is an important tool. It is not and, for all practical purposes, can not be the only tool. But omitting that tool is just as fatal of a mistake as ignoring the law as a tool.
Re: (Score:2)
I read a paper that suggested attacking the payment system. They found that a ridiculous amount (I think it was north of 80%) of spam got there payments processed by a dozen or so banks. The problem is of course those banks are in less than friendly countries in terms of having and enforcing laws against this kind of thing. So the solution they proposed was sanction countries/banks that process the payments since it is a lot easier than convincing 100M computer owners to get rid of the crap on their compute
Re: (Score:3)
If no one receives your spam because their filters are effective, there will be no profitability left
No filter is 100% effective. It costs effectively nothing to spam a 10 million addresses, but for sake of argument say it costs $100. If 1% of those get through the defenses, and 1% of the non-filtered recipients falls for your scam, you've got your hooks into 1,000 suckers. Even if you only take each sucker for $1 your ROI is 1000%.
Re: (Score:2)
If no one receives your spam because their filters are effective, there will be no profitability left
No filter is 100% effective. It costs effectively nothing to spam a 10 million addresses, but for sake of argument say it costs $100. If 1% of those get through the defenses, and 1% of the non-filtered recipients falls for your scam, you've got your hooks into 1,000 suckers. Even if you only take each sucker for $1 your ROI is 1000%.
You really need to read the rest of my comment. Perhaps my snarkiness was too subtle. The point is that ignoring filters as a useful tool in our arsenal is costly. Especially when said filtering can be done by your web-email host (e.g., hotmail, gmail, etc.) in such a way that does not require any set up from a user. (Getting spamassassin on my own account took far more work and is still not terribly hard.)
The other point, where the snarkiness really came in, is that there is no solution that will be 10
Re: (Score:2)
Spam has two levels of cost - the victimization of the people who receive the spam, and the bandwidth and processing costs borne by ISPs and network operators. I know from firsthand experience working at a large ISP that anti-spam alone was a multi-million dollar cost center and accounted for around 85% of our bandwidth costs.
Based on what I've seen, improving filter efficiency at the backbone/ISP level has the paradoxical effect of increasing spam traffic - if enough of their messages aren't getting thro
Re: (Score:3)
In short, filtering will never, ever, solve the spam problem. The summary of the article mentions techniques that are effective at stopping spam, and there is a reason why filters are not on that list.
Not necessarily. If no one receives your spam because their filters are effective, there will be no profitability left.
You vastly oversimplified the problem with that statement. A filter cannot solve the problem because it can never be adequate. A filter only starts an arms race with the spammers, they will constantly change their tactics to get around the filters. That then requires more work to be done to the filters to learn the new techniques, which drives the filters to consume even more resources. Filters are an always-losing strategy.
And then the filters will get lax, someone will start up again, a spurt of spam will arrive, the filters adjust, and again dead.
You have imagined a situation that will never, ever, happen. Filters will nev
Re: (Score:2)
Not necessarily. If no one receives your spam because their filters are effective, there will be no profitability left.
You vastly oversimplified the problem with that statement.
Yes. That was on purpose. (See my other comment in this thread [slashdot.org].)
Filters are an always-losing strategy.
As is every other option. Every other solution vastly oversimplifies the problem (thus I thought I could, too), and can never, by themselves, eliminate spam. Ever. They all look good in theory, but they always lose in reality. That doesn't make the attempt any less useful.
And then the filters will get lax, someone will start up again, a spurt of spam will arrive, the filters adjust, and again dead.
You have imagined a situation that will never, ever, happen. Filters will never stop spam. They will always be reactionary to spam, and spam will always be outsmarting the filters.
Yup. I've imagined a situation that will never, ever happen. As have the proponents of every other solution.
Re: (Score:2)
Filters are an always-losing strategy.
As is every other option.
On that regard, you are dead wrong. While filters can never be anything other than reactionary, there are other steps that can be taken - and have been taken successfully - that are proactive.
Every other solution vastly oversimplifies the problem
Then you haven't looked into enough solutions. There is one in particular that hasn't come up in this discussion that is proactive, highly effective, and does not vastly oversimplify the problem.
and can never, by themselves, eliminate spam. Ever
Can any one solution eliminate spam on its own? Not entirely. However, filters cannot even contribute. In the end, fi
Re: (Score:2)
If no one receives your spam because their filters are effective, there will be no profitability left.
You'd think that, but real life begs to differ.
What really happened is that no filter is ever 100%. So we can improve our filters from 90% to 99% or maybe to 99.99%.
But the spammer won't stop spamming. What he will do is increase his output. Instead of 10,000 mails he will send 100,000 mails, and then 10 mio.
Re: (Score:2)
It takes someone with balls to take the place of someone that went to prision/got convicted. And it sure needs to be profitable.
Six or seven years ago, I knew people who would have sent spam for money. Nowadays, the risk is simply too much, I'm sure they wouldn't.
Re:Filtering != Stopping (Score:5, Interesting)
Totally agree. I worked for an anti-spam company a couple years ago. We were seeing 90-95% spam traffic to our customers systems (mostly smaller ISPs, email hosting providers, regional governments, universities etc). Say for example one of the hosting providers has 200+ servers running MS Exchange. If 90% of the traffic is spam and it actually reaches to the mail server you got essentally 90% of your servers are tied up serving the spammers and 10% real emails.
Appliances like Iron Port help in that they stop the spam from getting to your mail servers usually but you still have the traffic getting all the way inbound (or outbound in the case of a bot or something coming from your network). So you are screwed in terms of bandwidth (fortunately spam does tend to be relatively small messages compared to real emails which tend to have more attachments). What was cool with the tech at the company I worked for is that they throttled the traffic of unknown or suspected spammers. Slow a bots connection down, or drop it if they don't obey protocols (a lot of them will start sending the message after the HELO without waiting for a response for example) and you save a huge amount of connections/bandwidth you process to completion. We were getting 100k+ simultaneous messages on 4 core servers.
Regardless that something can be filtered doesn't mean it doesn't cost something to do the filtering, the affect on deliverablity of the sending domain or even ISP level emails.
Re: (Score:2)
No normal modern attempt to address spam will "solve" the spam problem in the sense of stop it completely. Recreating the concept of email from scratch and disallowing non-identified MTAs, that might do it.
Filtering is how you handle spam today. Also, note that not every "filter" needs training — you have a limited view of filters. A full 30% of the spam that my sy
Re: (Score:2)
The article is talking about stopping spam, as in preventing it from being sent. Filters do not do that.
Yes, they do. Very often, spam to my domain never gets to the "DATA" stage of the SMTP transaction. The few bytes seen before that (sender and recipient addresses) aren't worth worrying about...there are probably more bytes in random probe packets on a daily basis.
The tool that does this is greylisting [wikipedia.org], despite the claims for the past 5 years that greylisting would cease being an effective tool against spam. The first e-mail from a legitimate server is delayed 5 minutes...from then on, there is no delay,
Re: (Score:2)
The article is talking about stopping spam, as in preventing it from being sent. Filters do not do that.
Yes, they do. Very often, spam to my domain never gets to the "DATA" stage of the SMTP transaction.
No, they do not. Your message even confirms that. The email is still sent, your mail server just doesn't accept it. The spam is still internet traffic that gets routed from the spamming system to yours. Just because it doesn't necessarily take up storage space on your system doesn't mean it doesn't traverse the internet as traffic.
The tool that does this is greylisting, despite the claims for the past 5 years that greylisting would cease being an effective tool against spam. The first e-mail from a legitimate server is delayed 5 minutes...from then on, there is no delay, so the impact on communications is negligible.
Greylisting is still a filtering technique. You have to train your mail server to do it, and you have to update records (or refer to remote records) for which domains to ac
Re: (Score:2)
No, they do not. Your message even confirms that. The email is still sent, your mail server just doesn't accept it.
Read up on the SMTP protocol, and you'll see that if sending system never gets to the "DATA" command, then the e-mail hasn't been "sent". Everything that humans perceive as "e-mail" is sent as part of "DATA". This includes headers, too.
The spam is still internet traffic that gets routed from the spamming system to yours.
Since the actual content of the e-mail is never sent down the wire, the entire SMTP transaction is less than 10 TCP/IP packets. Once my system sends the "450" result code, it closes the TCP connection, and nothing more is sent. Now, it's possible that the spammer system k
Re: (Score:2)
Filters have gotten so good, they now block most legitimate email too!
Seriously. I'm getting sick of AOL, Earthlink, and MSN just deleting order receipt emails I send out to people when they buy my software. (Gmail and a million others don't have this problem).
The best part is when the customer emails to complain, I reply with their order details, then a few days later they forward the same complaint email with "2nd notice" added to the subject line. If I do reach the customer, not once has the deleted orde
Re: (Score:2)
Re: (Score:2)
Is that supposed to make Google sound evil? Cause it doesn't. Even if it was their only motivation for blocking spam, which is unlikely.
Re: (Score:3)
Not for me (Score:2)
Just a personal perspective, but spam levels for me have skyrocketed in the last year on all of my accounts. And I'm careful where I use my email addresses. Fortunately filters are pretty good these days.
Re: (Score:2)
What has worked for me is a good address and a trash address. I've had two addresses on Hotmail (yes I know this is pre-gmail days) for a decade or so. One has gotten 10 emails that actually hit my inbox, and maybe 1k that hit the junk folder. The other gets about 20 spam in the inbox a day, and 10's of k in the junk folder. I only use the good email to email friends and on resumes. Any forum, social site, gaming site, porn etc gets the disposable email. I only use it as a place for the "confirm this email"
"It depends" (Score:5, Interesting)
We have 5000+ users going through Google's Postini service, and up until about 6 months ago spam levels were within normal tolerances. Over the past 6 weeks we are getting CRUSHED with phishing attempts that make it through their filters. The quality of the phishing emails is excellent (they're basically just re-using an actual email from Verizon Wireless, American Express, etc, and substituting their malicious links.) Google shows absolutely no interest or concern - it seems they're looking at this as a commodity service, and trying to get everyone to move over to fully-hosted email in the cloud. Well, that's not us. We're looking at alternatives, including Cisco IronPort and Proof Point. Anyone care to weigh in on pros + cons, and also on cloud vs on premises?
My vote is for on premises. (Score:2)
My vote is for on premises. Mostly because I used to be responsible for the email system at a former employer.
The key benefit is the amount of logging you can set. I knew EVERY connection that was made (incoming and outgoing).
If someone complained about email I could tell EXACTLY what was attempted / completed and when and what the error/completion message was.
So I was able to set up a lot of spam trap addresses and use those to improve the filtering in real time (bayesian analysis rocks).
Re: (Score:2)
Postfix, SpamAssassin, Amavis and ClamAV using some DNSBL. You can do greylisting too if you want although it usually delays legitimate e-mails by minutes to hours.
Which is also what Barracuda and SonicWALL uses in their appliances. IronPort I've heard was really bad at blocking spam and I've had bad experiences with any solution that requires the user to use a web interface to check their (blocked) messages.
Old People In Korea (Score:2)
The obvious explanation is that old people in Korea finally stopped using email.
From 1000 to 200 a month (Score:1)
I never clean the spam folder, it automatically erases spam older than 30 days, so I always have a month's worth of spam.
A couple years ago the number of spam mails was usually around 1000, right now it's just 210, so yes, I've noticed a considerable decrease in the spam.
Re: (Score:2)
This is actually a pretty good way to measure incoming spam.
I used to receive about 100 spam emails per day (I have a wildcarded address, so *@domain.com went to MY email). Nowadays, I get about 15 to 20.
I still get a lot of spam (Score:2)
I went through and unsubscribed from all my newsletters, plus clicking on the little "unsubscribe me" on various advertising, but it made little difference. I still get about 25 emails a day that I do not want.
Re:I still get a lot of spam (Score:4, Interesting)
Re:I still get a lot of spam (Score:5, Informative)
What I have found is that after clicking the "unsubscribe me" button on letters I end up getting even more spam from other places. I think they use that as a way to confirm its a real email address to spam you with other junk.
Well, the unsubscribe button works quite well if the email is something you actually subscribed to or it's a company that you purchased something from in the past. For example, Zag sends me about two or three emails a week. I have no problem using the "unsubscribe" button because I actually bought something from them. ProFlowers.com is a notorious spammer if you've ever purchased anything from them. I hit unsubscribe on their emails because I bought something from them. They know my email address is legit. The unsubscribe works in these cases.
However, when someone sends me a viagra or other obvious spam, I simply ignore and delete. Since these people do not know who I am and I did not give them my email address, clicking the unsubscribe button will simply confirm your email address. They are simply throwing stuff against a wall to see what sticks. Don't be that sticky thing.
Re: (Score:2)
Meh, unless it's a newsletter or mailing list I specifically signed up for and not a hidden away pre-checked checkbox somewhere then per my definition it is spam and the spam button it is. I don't care if you got my "consent", if you tricked me into it then this is my fuck you too.
Re: (Score:2)
Meh, unless it's a newsletter or mailing list I specifically signed up for and not a hidden away pre-checked checkbox somewhere then per my definition it is spam and the spam button it is. I don't care if you got my "consent", if you tricked me into it then this is my fuck you too.
Yes, it's still spam, but the spammer in this case is someone who knows your email address is legit. Clicking the "unsubscribe" button will not confirm your email address to them because it's already confirmed.
Think of it this way. There are two types of sales calls. You have the cold call, which is where you call someone who you have never had any dealings with. And then you have the call from the people who you have dealt with in the past. For example, if you had your car serviced three months ago, t
Is it ALL spam, or just EMAIL spam, that's down? (Score:4, Interesting)
Yes, email spam is dropping. But is it truly because we're winning, or is it because we're not keeping up with the times?
I read maybe 20 emails a week. None of them are spam. But I spend far, far more times on forums, or in comment sections on various blogs or news sites. Spam levels there seem to be rising. And I imagine spammers are finding ways to exploit Facebook and Twitter, as well.
Perhaps spammers have just realized that you get better results spamming Web 2.0 than spamming Web 1.0.
Re:Is it ALL spam, or just EMAIL spam, that's down (Score:5, Interesting)
The spammers are moving on. In the past, there were enough people out there that would click on their links, send money, buy whatever crap is out there, or just be general marks. However, by now, anyone fleece-able is now penniless and in the streets.
Instead, the spam I see is less of trying to sell wanker drugs, but either coming with an attachment payload for a Trojan dropper, or if there is a website included, the website is chock full of exploits. Spam is more insidious because it used to be about selling stuff. Now it is about taking over the computer or device.
The drop in spam is because the criminals have moved from just sending E-mail out to focusing on Web browser exploits and other more lucrative gains. Getting someone to click a link which is rife with zero-days pays far better than getting someone to buy a box of blue M&Ms.
Targeted exploits are more common now. With ID theft so common, combined with the fact that VoIP allows a scammer from anywhere to fake a local number (even 911) in order to demand, cajole, or request information or even money. It used to be only the friend of a friend's cousin's inlaw who would be stung by it. Now, someone calling, saying they are so and so (and able to try to mimic their voice, claiming to have their jaw cracked so it doesn't sound the same), saying that so and so's wife with the name isn't around and that they need cash wired pronto is becoming the norm.
Spammers have moved away from the botnets to the phone boiler rooms, where if one has enough info and targets older Americans, the payoff can be extremely lucrative with zero chance of legal action taken.
What we are seeing is the next evolution in crime which usually goes as follows:
1: xxx crime gets popular
2: Counter measures are taken.
3: xxx crime dodges counter measures.
4: Actual working counter measures are taken.
5: The criminals move onto a new hustle.
This was true back in the 1900s when safes were broken into on a weekly basis until burglar alarm systems became the norm, then burglary evolved into home invasions and knock-and-shoots. Similar with car theft. When thieves were unable to smash a steering column lock for a prize, they went to carjacking.
What we will see instead of spammers are more social engineering attacks, where people use stolen information to target individuals via phone, E-mail, or FB in order to blackmail, extort, or scam cash.
Of course, the next threat after that is when criminal organization "A" a continent away starts making partners with local street gangs. Then, the guys on computers in Elbonia can tell the gangbangers over in a victim's local neighborhood who to rob because their cellphones are a ways away, and the Elbonian gang has access to a method of tracking in real time (perhaps some added "functionality" in a popular app). Or, the Elbonian gang hacks a school's database, then sells that info to a local gang to figure out which kids are "latchkey", and now has a steady ransom source. In return, the local gang does some hits and social engineering for the Elbonians.
College (Score:1)
When I was applying to colleges back in December, I received thousands of e-mails from universities all across the globe. Unfortunately, hardly any of them got caught by Google's spam net.
This is, at best, wishful thinking (Score:5, Interesting)
Low-end spammers are now fully integrated with malware authors, botnet operators, phishers, purveyors of illicit/illegal content, data brokers, and carders. High-end spammers are now quite successful at assuming the mantle of "respectable corporations" while continuing to do what they've always done. In both cases, the profits are huge, more than enough to encourage them to continue in fact of the largely-insignificant threat of prosecution. (Only the stupid ones get caught, and there is some evidence which suggests that they're being caught because their fellow spammers set them up.)
Have their been some temporary, isolated successes in fight against spam? Sure. But the key words are "temporary" and "isolated". As others with long experience in the field have said, we're only at the beginning of the spam fight, and it's going to get MUCH worse: there are known techniques that spammers have only just begun exploiting, and when they become pervasive, they're going to break every anti-spam methodology currently deployed. (Which is kinda the reason they were developed.)
When will this happen? Dunno. Crystal ball cloudy. But when it does, it's going to catch the ignorant newbies and incompetent amateurs at a number of commercial "anti-spam" operations completely by surprise, because they're too busy selling overpriced, worthless crap to actually do this thing we call "research", where, you know, you LEARN things about your adversary so that you can actually have a decent chance of anticipating their next move instead of getting blindsided by it. To put it another way: if you're running your own anti-spam setup using a combination of firewalls, 'nix, open-source MTA, DNSBLs, etc. then you're in a decent position to adapt quickly when the need arises. If you've made the horrible mistake of outsourcing to the chumps out there who are in it for a quick buck, then you're going to be really screwed.
Don't forget the ISPs / hosting providers (Score:1)
Re: (Score:2)
if you're running your own anti-spam setup using a combination of firewalls, 'nix, open-source MTA, DNSBLs, etc. then you're in a decent position to adapt quickly when the need arises.
The problem is that it takes time.
I run my own mailserver, for myself and a small number of people close to me. For the past two years or so, the spam that passes all my filters (well-configured MTA with aggressive rejects for SMTP errors, greylisting, spam-assassin) has increased from almost none to now 10-20 per day. And simply keeping things updated doesn't do much anymore.
And I really have better things to do with my time than fighting spam. :-(
Bad News: (Score:2)
Re: (Score:2)
Is that before or after you've smelted it for the copper?
Re: (Score:2)
ok, and where are the people who run mailing lists like the GCC mailing lists, linux kernel mailing list or any of the hundreds of other legitimate (and in some cases quite high volume) mailing lists out there supposed to find the money to pay this tax on all their emails?
In other news... (Score:2)
Stopping Spam! (Score:4)
Baed on My Server Logs... (Score:2)
Based on a survey of daily reports from my employer's Ironport box, we have seen a 15-20% drop in the amount of spam at the Ironport box, from ~50-70% of all emails (ranging from ~200,000-250,000 on weekdays, about half that on weekends) received to ~30-50% of all emails received each day are tagged as spam by the Ironport appliance.
It's impossible to say with just that information whether there is less spam or if Ironport is just catching less of it. From my personal experience, spam still gets through, b
Y'know, there are people involved int thos too... (Score:1)
Must be thanks to Flashback (Score:2)
We all know that spam is typically served from infected machines. With Windows 7 deployment growing, Windows machines have been harder to break into.
So now virus writers have the Flashback virus getting into Macs so they can get spam servers.
I guess this shows that even spammers can't get much done with a Mac.
Other factors are cloud services and anti-spam (Score:1)
Businesses--or rather small businesses that are more prone to vulnerabilities due to poor maintenance--are largely going over to cloud services which filter outbound and inbound e-mail. The cloud service anti-spam engines gain more data for heuristics which applies to all customers.
IT administrators have probably also become more aware of restricting outbound SMTP traffic at the firewall or client level.
Tracking Spam Since June 2010 (Score:1)
I've been keeping track of all the spam I have received in a GOOGLE Document.
The mail is from four accounts and has been pre-filtered by the ISPs, which probably skews the data. So, for what it's worth, here it is:
Spreadsheet Graph [google.com]