Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Spam The Internet IT Technology Your Rights Online

Good News: A Sustained Drop In Spam Levels 75

Orome1 writes "Industry and government efforts have dealt a significant blow to spam, according to a Commtouch report that is compiled based on an analysis of more than 10 billion transactions handled on a daily basis. The sustained decrease in spam over the last year can be attributed to many factors, including: Botnet takedowns, increased prosecution of spammers and the source industries such as fake pharmaceuticals and replicas. However, spam is still four times the level of legitimate email and cybercriminals are increasing their revenues from other avenues, such as banking fraud malware."
This discussion has been archived. No new comments can be posted.

Good News: A Sustained Drop In Spam Levels

Comments Filter:
  • by jellomizer ( 103300 ) on Thursday April 05, 2012 @02:25PM (#39589565)
    Even though there is less spam, I have found that most email clients Such as Gmail have gotten very good at filtering out Spam. We forget how much we suffered back in the early 2000's where once we get too much spam our only choice was to change your email address to a name that is more cryptic then a password and only give it to people who you want. And wait until someone gets a virus and starts spamming you again. The email address I have been using for a long time now is an easy email to give however Gmail captures almost all the spam.
    • by damn_registrars ( 1103043 ) <damn.registrars@gmail.com> on Thursday April 05, 2012 @02:42PM (#39589803) Homepage Journal
      The article is talking about stopping spam, as in preventing it from being sent. Filters do not do that. Filtered spam still costs people money as it still consumes resources and takes up storage space on servers on the internet. Filters have to be adjusted and trained, and they consume CPU time as well.

      In short, filtering will never, ever, solve the spam problem. The summary of the article mentions techniques that are effective at stopping spam, and there is a reason why filters are not on that list.
      • by Tanktalus ( 794810 ) on Thursday April 05, 2012 @02:53PM (#39589985) Journal

        In short, filtering will never, ever, solve the spam problem. The summary of the article mentions techniques that are effective at stopping spam, and there is a reason why filters are not on that list.

        Not necessarily. If no one receives your spam because their filters are effective, there will be no profitability left. And, with that, the industry will die. And then the filters will get lax, someone will start up again, a spurt of spam will arrive, the filters adjust, and again dead.

        I don't see this any less effective than current methods. Convicting someone just opens up room for someone else to take his place. Take down a botnet, and those same people who allowed their computers to be infected once will get infected again with the next botnet.

        All methods are chasing the impossible. But just because we can't eliminate murder doesn't mean we legalise it. Filtering is an important tool. It is not and, for all practical purposes, can not be the only tool. But omitting that tool is just as fatal of a mistake as ignoring the law as a tool.

        • I read a paper that suggested attacking the payment system. They found that a ridiculous amount (I think it was north of 80%) of spam got there payments processed by a dozen or so banks. The problem is of course those banks are in less than friendly countries in terms of having and enforcing laws against this kind of thing. So the solution they proposed was sanction countries/banks that process the payments since it is a lot easier than convincing 100M computer owners to get rid of the crap on their compute

        • by Tassach ( 137772 )

          If no one receives your spam because their filters are effective, there will be no profitability left

          No filter is 100% effective. It costs effectively nothing to spam a 10 million addresses, but for sake of argument say it costs $100. If 1% of those get through the defenses, and 1% of the non-filtered recipients falls for your scam, you've got your hooks into 1,000 suckers. Even if you only take each sucker for $1 your ROI is 1000%.

          • If no one receives your spam because their filters are effective, there will be no profitability left

            No filter is 100% effective. It costs effectively nothing to spam a 10 million addresses, but for sake of argument say it costs $100. If 1% of those get through the defenses, and 1% of the non-filtered recipients falls for your scam, you've got your hooks into 1,000 suckers. Even if you only take each sucker for $1 your ROI is 1000%.

            You really need to read the rest of my comment. Perhaps my snarkiness was too subtle. The point is that ignoring filters as a useful tool in our arsenal is costly. Especially when said filtering can be done by your web-email host (e.g., hotmail, gmail, etc.) in such a way that does not require any set up from a user. (Getting spamassassin on my own account took far more work and is still not terribly hard.)

            The other point, where the snarkiness really came in, is that there is no solution that will be 10

            • by Tassach ( 137772 )

              Spam has two levels of cost - the victimization of the people who receive the spam, and the bandwidth and processing costs borne by ISPs and network operators. I know from firsthand experience working at a large ISP that anti-spam alone was a multi-million dollar cost center and accounted for around 85% of our bandwidth costs.

              Based on what I've seen, improving filter efficiency at the backbone/ISP level has the paradoxical effect of increasing spam traffic - if enough of their messages aren't getting thro

        • In short, filtering will never, ever, solve the spam problem. The summary of the article mentions techniques that are effective at stopping spam, and there is a reason why filters are not on that list.

          Not necessarily. If no one receives your spam because their filters are effective, there will be no profitability left.

          You vastly oversimplified the problem with that statement. A filter cannot solve the problem because it can never be adequate. A filter only starts an arms race with the spammers, they will constantly change their tactics to get around the filters. That then requires more work to be done to the filters to learn the new techniques, which drives the filters to consume even more resources. Filters are an always-losing strategy.

          And then the filters will get lax, someone will start up again, a spurt of spam will arrive, the filters adjust, and again dead.

          You have imagined a situation that will never, ever, happen. Filters will nev

          • Not necessarily. If no one receives your spam because their filters are effective, there will be no profitability left.

            You vastly oversimplified the problem with that statement.

            Yes. That was on purpose. (See my other comment in this thread [slashdot.org].)

            Filters are an always-losing strategy.

            As is every other option. Every other solution vastly oversimplifies the problem (thus I thought I could, too), and can never, by themselves, eliminate spam. Ever. They all look good in theory, but they always lose in reality. That doesn't make the attempt any less useful.

            And then the filters will get lax, someone will start up again, a spurt of spam will arrive, the filters adjust, and again dead.

            You have imagined a situation that will never, ever, happen. Filters will never stop spam. They will always be reactionary to spam, and spam will always be outsmarting the filters.

            Yup. I've imagined a situation that will never, ever happen. As have the proponents of every other solution.

            • Filters are an always-losing strategy.

              As is every other option.

              On that regard, you are dead wrong. While filters can never be anything other than reactionary, there are other steps that can be taken - and have been taken successfully - that are proactive.

              Every other solution vastly oversimplifies the problem

              Then you haven't looked into enough solutions. There is one in particular that hasn't come up in this discussion that is proactive, highly effective, and does not vastly oversimplify the problem.

              and can never, by themselves, eliminate spam. Ever

              Can any one solution eliminate spam on its own? Not entirely. However, filters cannot even contribute. In the end, fi

        • by Tom ( 822 )

          If no one receives your spam because their filters are effective, there will be no profitability left.

          You'd think that, but real life begs to differ.

          What really happened is that no filter is ever 100%. So we can improve our filters from 90% to 99% or maybe to 99.99%.

          But the spammer won't stop spamming. What he will do is increase his output. Instead of 10,000 mails he will send 100,000 mails, and then 10 mio.

        • It takes someone with balls to take the place of someone that went to prision/got convicted. And it sure needs to be profitable.
          Six or seven years ago, I knew people who would have sent spam for money. Nowadays, the risk is simply too much, I'm sure they wouldn't.

      • by ILongForDarkness ( 1134931 ) on Thursday April 05, 2012 @03:13PM (#39590277)

        Totally agree. I worked for an anti-spam company a couple years ago. We were seeing 90-95% spam traffic to our customers systems (mostly smaller ISPs, email hosting providers, regional governments, universities etc). Say for example one of the hosting providers has 200+ servers running MS Exchange. If 90% of the traffic is spam and it actually reaches to the mail server you got essentally 90% of your servers are tied up serving the spammers and 10% real emails.

        Appliances like Iron Port help in that they stop the spam from getting to your mail servers usually but you still have the traffic getting all the way inbound (or outbound in the case of a bot or something coming from your network). So you are screwed in terms of bandwidth (fortunately spam does tend to be relatively small messages compared to real emails which tend to have more attachments). What was cool with the tech at the company I worked for is that they throttled the traffic of unknown or suspected spammers. Slow a bots connection down, or drop it if they don't obey protocols (a lot of them will start sending the message after the HELO without waiting for a response for example) and you save a huge amount of connections/bandwidth you process to completion. We were getting 100k+ simultaneous messages on 4 core servers.

        Regardless that something can be filtered doesn't mean it doesn't cost something to do the filtering, the affect on deliverablity of the sending domain or even ISP level emails.

      • Filters have to be adjusted and trained, and they consume CPU time as well.

        In short, filtering will never, ever, solve the spam problem.

        No normal modern attempt to address spam will "solve" the spam problem in the sense of stop it completely. Recreating the concept of email from scratch and disallowing non-identified MTAs, that might do it.

        Filtering is how you handle spam today. Also, note that not every "filter" needs training — you have a limited view of filters. A full 30% of the spam that my sy

      • The article is talking about stopping spam, as in preventing it from being sent. Filters do not do that.

        Yes, they do. Very often, spam to my domain never gets to the "DATA" stage of the SMTP transaction. The few bytes seen before that (sender and recipient addresses) aren't worth worrying about...there are probably more bytes in random probe packets on a daily basis.

        The tool that does this is greylisting [wikipedia.org], despite the claims for the past 5 years that greylisting would cease being an effective tool against spam. The first e-mail from a legitimate server is delayed 5 minutes...from then on, there is no delay,

        • The article is talking about stopping spam, as in preventing it from being sent. Filters do not do that.

          Yes, they do. Very often, spam to my domain never gets to the "DATA" stage of the SMTP transaction.

          No, they do not. Your message even confirms that. The email is still sent, your mail server just doesn't accept it. The spam is still internet traffic that gets routed from the spamming system to yours. Just because it doesn't necessarily take up storage space on your system doesn't mean it doesn't traverse the internet as traffic.

          The tool that does this is greylisting, despite the claims for the past 5 years that greylisting would cease being an effective tool against spam. The first e-mail from a legitimate server is delayed 5 minutes...from then on, there is no delay, so the impact on communications is negligible.

          Greylisting is still a filtering technique. You have to train your mail server to do it, and you have to update records (or refer to remote records) for which domains to ac

          • No, they do not. Your message even confirms that. The email is still sent, your mail server just doesn't accept it.

            Read up on the SMTP protocol, and you'll see that if sending system never gets to the "DATA" command, then the e-mail hasn't been "sent". Everything that humans perceive as "e-mail" is sent as part of "DATA". This includes headers, too.

            The spam is still internet traffic that gets routed from the spamming system to yours.

            Since the actual content of the e-mail is never sent down the wire, the entire SMTP transaction is less than 10 TCP/IP packets. Once my system sends the "450" result code, it closes the TCP connection, and nothing more is sent. Now, it's possible that the spammer system k

    • by Ark42 ( 522144 )

      Filters have gotten so good, they now block most legitimate email too!

      Seriously. I'm getting sick of AOL, Earthlink, and MSN just deleting order receipt emails I send out to people when they buy my software. (Gmail and a million others don't have this problem).

      The best part is when the customer emails to complain, I reply with their order details, then a few days later they forward the same complaint email with "2nd notice" added to the subject line. If I do reach the customer, not once has the deleted orde

      • by EXrider ( 756168 )

        Seriously. I'm getting sick of AOL, Earthlink, and MSN just deleting order receipt emails I send out to people when they buy my software. (Gmail and a million others don't have this problem). The best part is when the customer emails to complain, I reply with their order details, then a few days later they forward the same complaint email with "2nd notice" added to the subject line. If I do reach the customer, not once has the deleted order receipt email been in their spam/junk/bulk email folders. ISPs jus

    • Comment removed based on user account deletion
  • Just a personal perspective, but spam levels for me have skyrocketed in the last year on all of my accounts. And I'm careful where I use my email addresses. Fortunately filters are pretty good these days.

    • What has worked for me is a good address and a trash address. I've had two addresses on Hotmail (yes I know this is pre-gmail days) for a decade or so. One has gotten 10 emails that actually hit my inbox, and maybe 1k that hit the junk folder. The other gets about 20 spam in the inbox a day, and 10's of k in the junk folder. I only use the good email to email friends and on resumes. Any forum, social site, gaming site, porn etc gets the disposable email. I only use it as a place for the "confirm this email"

  • "It depends" (Score:5, Interesting)

    by AgentPhunk ( 571249 ) on Thursday April 05, 2012 @02:35PM (#39589711)

    We have 5000+ users going through Google's Postini service, and up until about 6 months ago spam levels were within normal tolerances. Over the past 6 weeks we are getting CRUSHED with phishing attempts that make it through their filters. The quality of the phishing emails is excellent (they're basically just re-using an actual email from Verizon Wireless, American Express, etc, and substituting their malicious links.) Google shows absolutely no interest or concern - it seems they're looking at this as a commodity service, and trying to get everyone to move over to fully-hosted email in the cloud. Well, that's not us. We're looking at alternatives, including Cisco IronPort and Proof Point. Anyone care to weigh in on pros + cons, and also on cloud vs on premises?

    • My vote is for on premises. Mostly because I used to be responsible for the email system at a former employer.

      The key benefit is the amount of logging you can set. I knew EVERY connection that was made (incoming and outgoing).

      If someone complained about email I could tell EXACTLY what was attempted / completed and when and what the error/completion message was.

      So I was able to set up a lot of spam trap addresses and use those to improve the filtering in real time (bayesian analysis rocks).

    • by guruevi ( 827432 )

      Postfix, SpamAssassin, Amavis and ClamAV using some DNSBL. You can do greylisting too if you want although it usually delays legitimate e-mails by minutes to hours.

      Which is also what Barracuda and SonicWALL uses in their appliances. IronPort I've heard was really bad at blocking spam and I've had bad experiences with any solution that requires the user to use a web interface to check their (blocked) messages.

  • The obvious explanation is that old people in Korea finally stopped using email.

  • by Anonymous Coward

    I never clean the spam folder, it automatically erases spam older than 30 days, so I always have a month's worth of spam.

    A couple years ago the number of spam mails was usually around 1000, right now it's just 210, so yes, I've noticed a considerable decrease in the spam.

    • This is actually a pretty good way to measure incoming spam.

      I used to receive about 100 spam emails per day (I have a wildcarded address, so *@domain.com went to MY email). Nowadays, I get about 15 to 20.

  • I went through and unsubscribed from all my newsletters, plus clicking on the little "unsubscribe me" on various advertising, but it made little difference. I still get about 25 emails a day that I do not want.

    • by Delarth799 ( 1839672 ) on Thursday April 05, 2012 @02:46PM (#39589883)
      What I have found is that after clicking the "unsubscribe me" button on letters I end up getting even more spam from other places. I think they use that as a way to confirm its a real email address to spam you with other junk.
      • by ArcherB ( 796902 ) on Thursday April 05, 2012 @02:56PM (#39590021) Journal

        What I have found is that after clicking the "unsubscribe me" button on letters I end up getting even more spam from other places. I think they use that as a way to confirm its a real email address to spam you with other junk.

        Well, the unsubscribe button works quite well if the email is something you actually subscribed to or it's a company that you purchased something from in the past. For example, Zag sends me about two or three emails a week. I have no problem using the "unsubscribe" button because I actually bought something from them. ProFlowers.com is a notorious spammer if you've ever purchased anything from them. I hit unsubscribe on their emails because I bought something from them. They know my email address is legit. The unsubscribe works in these cases.

        However, when someone sends me a viagra or other obvious spam, I simply ignore and delete. Since these people do not know who I am and I did not give them my email address, clicking the unsubscribe button will simply confirm your email address. They are simply throwing stuff against a wall to see what sticks. Don't be that sticky thing.

        • by Kjella ( 173770 )

          Meh, unless it's a newsletter or mailing list I specifically signed up for and not a hidden away pre-checked checkbox somewhere then per my definition it is spam and the spam button it is. I don't care if you got my "consent", if you tricked me into it then this is my fuck you too.

          • by ArcherB ( 796902 )

            Meh, unless it's a newsletter or mailing list I specifically signed up for and not a hidden away pre-checked checkbox somewhere then per my definition it is spam and the spam button it is. I don't care if you got my "consent", if you tricked me into it then this is my fuck you too.

            Yes, it's still spam, but the spammer in this case is someone who knows your email address is legit. Clicking the "unsubscribe" button will not confirm your email address to them because it's already confirmed.

            Think of it this way. There are two types of sales calls. You have the cold call, which is where you call someone who you have never had any dealings with. And then you have the call from the people who you have dealt with in the past. For example, if you had your car serviced three months ago, t

  • by gman003 ( 1693318 ) on Thursday April 05, 2012 @02:40PM (#39589767)

    Yes, email spam is dropping. But is it truly because we're winning, or is it because we're not keeping up with the times?

    I read maybe 20 emails a week. None of them are spam. But I spend far, far more times on forums, or in comment sections on various blogs or news sites. Spam levels there seem to be rising. And I imagine spammers are finding ways to exploit Facebook and Twitter, as well.

    Perhaps spammers have just realized that you get better results spamming Web 2.0 than spamming Web 1.0.

    • by mlts ( 1038732 ) * on Thursday April 05, 2012 @03:11PM (#39590245)

      The spammers are moving on. In the past, there were enough people out there that would click on their links, send money, buy whatever crap is out there, or just be general marks. However, by now, anyone fleece-able is now penniless and in the streets.

      Instead, the spam I see is less of trying to sell wanker drugs, but either coming with an attachment payload for a Trojan dropper, or if there is a website included, the website is chock full of exploits. Spam is more insidious because it used to be about selling stuff. Now it is about taking over the computer or device.

      The drop in spam is because the criminals have moved from just sending E-mail out to focusing on Web browser exploits and other more lucrative gains. Getting someone to click a link which is rife with zero-days pays far better than getting someone to buy a box of blue M&Ms.

      Targeted exploits are more common now. With ID theft so common, combined with the fact that VoIP allows a scammer from anywhere to fake a local number (even 911) in order to demand, cajole, or request information or even money. It used to be only the friend of a friend's cousin's inlaw who would be stung by it. Now, someone calling, saying they are so and so (and able to try to mimic their voice, claiming to have their jaw cracked so it doesn't sound the same), saying that so and so's wife with the name isn't around and that they need cash wired pronto is becoming the norm.

      Spammers have moved away from the botnets to the phone boiler rooms, where if one has enough info and targets older Americans, the payoff can be extremely lucrative with zero chance of legal action taken.

      What we are seeing is the next evolution in crime which usually goes as follows:

      1: xxx crime gets popular
      2: Counter measures are taken.
      3: xxx crime dodges counter measures.
      4: Actual working counter measures are taken.
      5: The criminals move onto a new hustle.

      This was true back in the 1900s when safes were broken into on a weekly basis until burglar alarm systems became the norm, then burglary evolved into home invasions and knock-and-shoots. Similar with car theft. When thieves were unable to smash a steering column lock for a prize, they went to carjacking.

      What we will see instead of spammers are more social engineering attacks, where people use stolen information to target individuals via phone, E-mail, or FB in order to blackmail, extort, or scam cash.

      Of course, the next threat after that is when criminal organization "A" a continent away starts making partners with local street gangs. Then, the guys on computers in Elbonia can tell the gangbangers over in a victim's local neighborhood who to rob because their cellphones are a ways away, and the Elbonian gang has access to a method of tracking in real time (perhaps some added "functionality" in a popular app). Or, the Elbonian gang hacks a school's database, then sells that info to a local gang to figure out which kids are "latchkey", and now has a steady ransom source. In return, the local gang does some hits and social engineering for the Elbonians.

  • When I was applying to colleges back in December, I received thousands of e-mails from universities all across the globe. Unfortunately, hardly any of them got caught by Google's spam net.

  • by Arrogant-Bastard ( 141720 ) on Thursday April 05, 2012 @03:01PM (#39590087)
    Those of us who have spent the past few decades in the trenches dealing with spam know that this -- at very best -- wishful thinking. The long-term trend line is up, with the only real debate being over the shape of the curve. Momentary decreases, such as the one reported here, are either (a) an artifact of the measurement methodology -- and many methodologies are horribly flawed or (b) real, but unimportant.

    Low-end spammers are now fully integrated with malware authors, botnet operators, phishers, purveyors of illicit/illegal content, data brokers, and carders. High-end spammers are now quite successful at assuming the mantle of "respectable corporations" while continuing to do what they've always done. In both cases, the profits are huge, more than enough to encourage them to continue in fact of the largely-insignificant threat of prosecution. (Only the stupid ones get caught, and there is some evidence which suggests that they're being caught because their fellow spammers set them up.)

    Have their been some temporary, isolated successes in fight against spam? Sure. But the key words are "temporary" and "isolated". As others with long experience in the field have said, we're only at the beginning of the spam fight, and it's going to get MUCH worse: there are known techniques that spammers have only just begun exploiting, and when they become pervasive, they're going to break every anti-spam methodology currently deployed. (Which is kinda the reason they were developed.)

    When will this happen? Dunno. Crystal ball cloudy. But when it does, it's going to catch the ignorant newbies and incompetent amateurs at a number of commercial "anti-spam" operations completely by surprise, because they're too busy selling overpriced, worthless crap to actually do this thing we call "research", where, you know, you LEARN things about your adversary so that you can actually have a decent chance of anticipating their next move instead of getting blindsided by it. To put it another way: if you're running your own anti-spam setup using a combination of firewalls, 'nix, open-source MTA, DNSBLs, etc. then you're in a decent position to adapt quickly when the need arises. If you've made the horrible mistake of outsourcing to the chumps out there who are in it for a quick buck, then you're going to be really screwed.
    • ISPs and hosting providers are also getting better and better at avoiding to handle abuse complains. Some don't have an email address at all, and you have to use a ticket system. And if you are finally able to reach them (via Facebook(!), or their sales chat), you might get list washed or just plainly ignored. As a spam reporter you're not making them any money, just costing them.
    • by Tom ( 822 )

      if you're running your own anti-spam setup using a combination of firewalls, 'nix, open-source MTA, DNSBLs, etc. then you're in a decent position to adapt quickly when the need arises.

      The problem is that it takes time.

      I run my own mailserver, for myself and a small number of people close to me. For the past two years or so, the spam that passes all my filters (well-configured MTA with aggressive rejects for SMTP errors, greylisting, spam-assassin) has increased from almost none to now 10-20 per day. And simply keeping things updated doesn't do much anymore.

      And I really have better things to do with my time than fighting spam. :-(

  • I'm seeing a marked increase in SMS spam, which is far more annoying due to its immediateness.
  • ...has anyone else noticed a sharp increase in spam phone calls?

  • by DaMattster ( 977781 ) on Thursday April 05, 2012 @03:53PM (#39590895)
    You don't need to wait for law enforcement to stop spam in its tracks. OpenBSD's Spam Deferrel daemon [openbsd.org] does an excellent job of combating spam without the overhead involved of filtration. Through a combination of tar pitting and grey listing, I was able to take the family business' spam counts from 1,000 a day to 2 or 3 per week. OpenBSD's tar pitting sets a TCP recieve window of 1 byte per second on known IP addresses that send spam. Additionally, you can create spam trapping addresses and I've done this and placed them in the open on bulletin boards and newsgroups. In fact, I've used spam trapping addresses to harvest IPs of known spammers and add those to a blacklist. There is no performance drop on our end. The most persistent spammer hung in for nearly an hour before giving up the ghost.
  • Based on a survey of daily reports from my employer's Ironport box, we have seen a 15-20% drop in the amount of spam at the Ironport box, from ~50-70% of all emails (ranging from ~200,000-250,000 on weekdays, about half that on weekends) received to ~30-50% of all emails received each day are tagged as spam by the Ironport appliance.

    It's impossible to say with just that information whether there is less spam or if Ironport is just catching less of it. From my personal experience, spam still gets through, b

  • Uh, perhaps spam is decreasing because people who receive spam are getting a clue that they tend to lose money and get screwed when they reply to the spam? Always a possibility. All the people cannot be stupid all the time, can they?
  • We all know that spam is typically served from infected machines. With Windows 7 deployment growing, Windows machines have been harder to break into.

    So now virus writers have the Flashback virus getting into Macs so they can get spam servers.

    I guess this shows that even spammers can't get much done with a Mac.

  • Businesses--or rather small businesses that are more prone to vulnerabilities due to poor maintenance--are largely going over to cloud services which filter outbound and inbound e-mail. The cloud service anti-spam engines gain more data for heuristics which applies to all customers.

    IT administrators have probably also become more aware of restricting outbound SMTP traffic at the firewall or client level.

  • I've been keeping track of all the spam I have received in a GOOGLE Document.

    The mail is from four accounts and has been pre-filtered by the ISPs, which probably skews the data. So, for what it's worth, here it is:

    Spreadsheet Graph [google.com]

C for yourself.

Working...