A Welcome Shift: Spam Now Constitutes Less Than Half of All Email

An anonymous reader writes: According to Symantec's latest Intelligence Report, spam has fallen to less than 50% of all email in June – a number we haven't seen in over a decade. Of all emails received by Symantec clients in June, junk emails only accounts for 49.7% down from 52.1% in April which shows a huge drop. Year over year, spam has decreased as well due to internet providers doing a better job at filtering and shutting down spam bots.

Still too much

[Z00L00K]

It's still too much, it has to be stopped, and the penalties for junk mail and online fraud are way too mild.

Re:

[TheRealQuestor]

Agreed but to be honest I get maybe 1 or 2 junk mails in my Outlook inbox every couple of months or so. I have pretty much forgotten the days where I'd get 100's a day. I've forgotten that it was even an issue to be honest. I just don't see them anymore as I send all my email through my primary email to my gmail and finally to my outlook and they just aren't there anymore. Primary filters, gmail filters, and outlook just doesn't see them, I'm pretty much shocked when one does get through lol.

Re:

[SgtAaron]

Agreed but to be honest I get maybe 1 or 2 junk mails in my Outlook inbox every couple of months or so.

Sysadmins who happen to administer email servers have not forgotten. It's still an issue, big time.

Re:Still too much

[Ark42]

Hotmail/MSN/Outlook mail is well known for just not delivering lots of legitimate mail now. You may not see spam there, but you may not get mail from a friend who doesn't use common webmail like gmail or Yahoo. The mail does not even go to your junk/spam folders, and it does not get bounced to the sender. They just silently accept and delete incoming mail, without any notification.

I'd, personally, rather see spam getting through than email become a useless technology that fades away because people can't rely on it anymore.

Re:

[JustAnotherOldGuy]

^^^^ This times 1000.

Email has become fairly unreliable because many of the larger providers simply drop any suspect email, and they do it silently. No bounceback, no indication that it was rejected, nothing. They just drop it without any indication whatsoever. You send an email and it never arrives, never comes back as undeliverable, it just disappears.

In the last few years I've seen this happening more and more and more, to the point that I sometimes have to call the recipient to see if they got wha

Re:

[Tablizer]

The real fix is to charge for email. To send an email, have a 2 cent charge. 1 cent goes to the ISP, and the other to a governing and enforcement body -- the ePost Office.

Spammers right now send for almost free. If they had to pay two cents for each recipient, it would put most out of business.

And they'd have to leave a money trail, making it easier to find and bust them.

Re:Still too much

[dknj]

Your post advocates a

( ) technical ( ) legislative (X) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(X) It will stop spam for two weeks and then we'll be stuck with it
(X) Users of email will not put up with it
(X) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(X) Requires immediate total cooperation from everybody at once
(X) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
(X) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
( ) Jurisdictional problems
(X) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(X) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
(X) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
(X) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!

Re:

[Tablizer]

I don't suggest doing away with the current system; just adding a new service. Maybe it can be pioneered by universities, and then when others see how it greatly reduces junk, they too will join.

Re:

[ArmoredDragon]

I think it would be considerably easier if SMTP was updated to require not only a reverse DNS arpa pointer record of the sending server, but the reverse DNS record must also have a matching MX record. Almost all legitimate mail servers already do this, and the ones that don't easily can.

Right now, most SMTP implementations don't require DNS at all, and unless spammers can hack every DNS server that most POP servers use, then their botnets aren't going to be able to send spam.

Re:

[FaxeTheCat]

There is already the SPF policy framework. No need to invent something new. http://www.openspf.org/ [openspf.org]

Re:

[msauve]

"I think it would be considerably easier if SMTP was updated to require not only a reverse DNS arpa pointer record of the sending server, but the reverse DNS record must also have a matching MX record. "

So, break virtually all MUAs (which send using SMTP), and force everyone to use webmail? Good luck with that.

Re:

[webnut77]

So, break virtually all MUAs (which send using SMTP), and force everyone to use webmail? Good luck with that.

/etc/postfix/main.cf

# Restricts what recipient addresses we accept in the RCPT TO commands
#
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
.
.

Now what were you saying?

Re:

[msauve]

I was saying the the OP was an unworkable solution. You seem to be arguing something completely different.

Re:

[ArmoredDragon]

Ok so since IPv6 breaks a lot of shit, let's not transition to it either.

Re:

[Anonymous Coward]

LOL, sign me up for the expensive email that no one else is connected to.

Re:

[Opportunist]

I think I dimly remember MS trying to pull some shit like this. Imagine how much of a bomb it has to be if a juggernaut like MS can't pull it off.

Re:

[Tablizer]

Gates wanted MS to be the Post-Office

Re:

[GigaplexNZ]

Google even tried a free email replacement called Wave. That didn't catch on either.

Re:

[Opportunist]

That's not something that MS tried to established, that's something MS was (as usual) late to and tried desperately to catch up with.

Re: Still too much

[Anonymous Coward]

I think your idea would also make an opportunity for some spammers as it would guarantee delivery and give them a receipt. And for early adopters would give a spot near the top of your inbox. Then it would be like a subscription spam filter because the only people dumb enough to pay for email is spammers.

Re:

[Dan541]

If my university charted charging to send and receive email I would just stick to using my own email for free (per email).

Re:

[jaseuk]

You mean like iMessage?

Where entry fee is an Apple device?

Jason

Re:

[Actually, I do RTFA]

I've liked that form response for a while. It tragecially now looks out date. To wit:

( ) Public reluctance to accept weird new forms of money

is no longer an acceptable objection.

Re:Still too much

[Opportunist]

If you consider for a moment that quite a bit of spam comes from hacked accounts (because it's trivial to filter out spam sources that have broken MX records or are untrustworthy for other reasons), you might get an idea why it's NOT a good idea and who'd eventually foot that bill.

But hey, it may finally make people consider protecting against trojans relevant when it hits their wallet with four-five digits.

Re:

[Dan541]

The real fix is to charge for email. To send an email, have a 2 cent charge. 1 cent goes to the ISP, and the other to a governing and enforcement body -- the ePost Office.

This has to be a troll right?

Spammers simply won't pay some fancy communication tax.

Re:

[N1AK]

It would make more sense to charge people you don't 'know' to receive email their email, and even that doesn't make sense as it would push spammers towards even more focus on hacking into other people's email addresses or servers where they wouldn't be the one paying.

Email doesn't need to have a charge to dissuade spam, the amount of spam is falling and if there was a concerted effort to find and prosecute a much higher proportion of spammers it would fall much further.

Re:

[wvmarle]

You see how well that works for traditional paper junk mail, where the cost of sending out mailings, even delivered door to door, is easily an order of magnitude higher than the number you suggest.

It's totally non-existent thanks to this cost, right?

Re:

[Khashishi]

Imagine the face on the poor guy whose computer got owned when ze looks at their internet bill.

Re:

[houstonbofh]

It's still too much...

But when you consider how much e-mail traffic itself has dropped, the spam drop is even more significant. I see more spam on FaceBook now then I do in e-mail.

Re:

[JaredOfEuropa]

So FB does have a use: as a honeypot. Thanks Mark!

Spam has been moving towards web based services for a while now. Almost all message boards have antispam measures now; every now and then you may run into an orphaned board without such measures, and it'll be wall to wall spam. The ratio of spam and legitimate posts on my Wordpress site used to be over 10/1 until I added some (premium) spam control, but a few spams still make it through. I see the same on a Drupal site I administer. Those spammers ar

Re:

[Dan541]

Spam has been moving towards web based services for a while now. Almost all message boards have antispam measures now; every now and then you may run into an orphaned board without such measures, and it'll be wall to wall spam. The ratio of spam and legitimate posts on my Wordpress site used to be over 10/1 until I added some (premium) spam control, but a few spams still make it through.

It makes more sense for spammers to target blog comments for the simple fact that many people can view a single spam as opposed to just one email recipient. Add to the fact that anti-spam technology for blogs is not as advanced as it is for email and it's like spammer paradise.

Crooks are also moving into advertising networks. The a mount of malware that is distributed through advertisements is not insignificant.

Re:

[bobjr94]

If hotmail (outlook, msn mail or whatever) could just filter out the 10 viagra emails I get a day, that would be great. Even creating custom filters dont work, since change spelling and senders in each email.

Re:

[Krishnoid]

You worry too much -- this problem will eventually take care of itself. Seriously, how much larger can people's penises get, anyway?

Re:

[www.sorehands.com]

First, it is not spam if you have a relationship.

How is it getting easier to filter? It is not easy, you as an end user just does not see it because providers do most of the work for you.

Amount of SPAM has NOT Dropped.

[ntrcessor]

The amount of SPAM hasn't dropped, the amount being DELIVERED has. I get the reports from my SPAM Filter provider, and basically they show that the amount of SPAM hitting all the hosted domains we have is doing way UP not DOWN. Just the amount of that that is getting delivered is going down. The Symantec report is not clear as to what they are actually basing their numbers on, but it is probably just on their install base, and the amount of SPAM REACHING the install base is lower as more providers have thin

Re:

[davester666]

Finally, just over 50% of all email is now valuable marketing information, because you have a business relationship with the sender!

Now only if we could do that with real mail!

[Irate Engineer]

Is there such a thing as a spam filter for regular (paper) junk mail?

It's like some perverse life cycle - my paper recycling gets picked up, made into paper, which is then made into junk mail, which is then delivered, and unceremoniously dumped into my paper recycling without being read.

Re:

[Opportunist]

That's why we installed a paper bin right next to our mail boxes along with a note for the average spam delivery goon that he can save himself and us a lot of work by simply dumping his junk right there because it's where it's going to end up anyway.

Believe it or not, it does actually work with a few of them.

Re:Now only if we could do that with real mail!

[Anonymous Coward]

Eg. in the Netherlands you can find stickers on mailboxes saying "NO to unaddressed advert print -- NO to local circulars". The latter are "local news" rags dropped in every mailbox, paid for by advertising. Typically the local municipality publishes notices in them, so it's not unusual to see "NO -- YES" stickers. There also do exist YES -- NO and YES -- YES variants of the stickers but those are understandably rare. These are not backed by any law, but since people tend to get irate if the stickers aren't respected, they usually are. Someone came up with them and the design stuck.

One example [staticflickr.com] and another example (including NO -- YES variant). [metronieuws.tcdn.nl]

An image search for "nee nee sticker" gets lots of examples, including the inevitable jokes. In eg. Germany you can see different designs, search for "bitte keine werbung".

Re:

[Registered Coward v2]

Is there such a thing as a spam filter for regular (paper) junk mail?

It's like some perverse life cycle - my paper recycling gets picked up, made into paper, which is then made into junk mail, which is then delivered, and unceremoniously dumped into my paper recycling without being read.

Yes, it's called United States Postal Service Form 1500; which let you decide what mail is offensive and should be stopped.

Re:

[Irate Engineer]

USPS Form 1500 [usps.com] only pertains to sexually oriented advertisements. Unless one wants to claim an obscure fetish about credit card offers I don't see how this form would help.

Re:

[Registered Coward v2]

USPS Form 1500 [usps.com] only pertains to sexually oriented advertisements. Unless one wants to claim an obscure fetish about credit card offers I don't see how this form would help.

IIRC it doesn't require any explaination of why it is objectionable. Always use the rules in your favor.

Re:

[Solandri]

Unlike email, which spammers send essentially for free, paper junk mail is paid for and in fact provides about 1/3rd of the funding for the US Postal Service.

Actually, when you put it like that, marketing (spam + selling marketing info) pays for 100% of most people's email. If you have a free email account with Google, Yahoo, Microsoft, etc., it's not really free. It's being paid for by selling your info to marketers. Just like spam/junk mail.

Re:

[Tablizer]

This sounds like Bill Gates a few years ago when he claimed spam wasn't a problem.

"640 spams a day oughta be enough for anybody."

Re:

[Opportunist]

You probably don't get many invoices.

Celebrate!

[Tablizer]

That news makes me so happy, I'm gonna send a check to that Nigerian Prince needing help getting his money out of a foreign bank.

Nobody emails them

[darkain]

Maybe nobody emails them specifically? I still get ~7,000 junk emails per month (caught by spam filters), compared to maybe 200-500 legit messages.

49% wooo hooo

[Tablizer]

One half? High standards! That's like saying a car "only bursts into flames on Tuesdays now". It's a fucked up system; it just went from being mega-fucked down to hyper-fucked. I guess if you are used to being mega-fucked, then hyper-fucked seems better.

SPF, DKIM, and DMARC

[Demonoid-Penguin]

The Symantec report quotes numbers - not reasons. The referenced "story" just quotes a summary of figures from the Report.

The biggest changes to email in the last year have not been arrests or deaths of spammers - but the implementation of SPF, DKIM and DMARC by email providers.

Especially in my experience, has greatly increased the amount of email rejected for delivery (so sorry, the claimed source is clearly spoofed, now filed in the big round grey folder). The "direct"/email marketing forums are full of "entrepreneurs" complaining about it (boo-fucking-hoo).

Primarily it stops forged From headers with providers that reject failures or missing authentication (e.g. Yahoo), Secondly it (DMARC) increases spam reports by providers that use the data, resulting in faster and more accurate spam filters from the suppliers.

Next year will be hell on spammers as many email providers follow Yahoo's lead and change their DMARC policy to "p=reject". Maybe then we'll see mailing list providers stop whining about the policy and work-around it (instead of continuing [ietf.org] to do things the way they've always done things in a changing world), and they'll see a reduction in the amount of spam they are resending. Anecdotal evidence is that they've all seen an increase in spam as spammers target mail providers that don't enforce SPF, DKIM and DMARC.

Sure the full implementation will piss off some that aren't actually spammers (*cough*MailChimp*cough) but it'll also make phishing a lot harder. Eventually it may even shut up those who don't understand it [zdnet.com], well, maybe. It isn't perfect, though it's not a bad as clueless Seltzer claims. In a perfect world people would deploy DNSSEC on their email servers so better sender authentication methods could be used - and all email senders and recipients would use and understand PGP (fat chance of that happening).

Re:

[umafuckit]

It also doesn't provide a graph of spam rate over time. Just three pie charts showing changes over the last three months.

Re:

[Zocalo]

Or the kinds of accounts that are seeing the falls in spam. If those users responsible for the bulk have the spam passing through the monitoring systems have either abandonned email for social media alternatives like Facebook and Twitter, or just become more aware that providing their email address to every site that asks for it isn't a good idea, then you probably would see a huge reduction in spam *overall*. For the rest of us that have been more careful all along, then the change is probably far less s

Re:

[Demonoid-Penguin]

It also doesn't provide a graph of spam rate over time. Just three pie charts showing changes over the last three months.

Agreed, remarkably short of information. Usually their reports are accompanied by press releases, and marketing. I wonder what's different this time.

Note that while Symantec uses figures from their email scanning products - it doesn't correspond with figures from larger monitors e.g.
Senderbase - which shows a slight increase of 234.53 billion av.pd (85.93% of global traffic) for the last 12 months, against 222.88 billion av. pd (86.00% of global traffic) for the last 6 months, and 187.14 billion av. pd (86

Lawsuits

[www.sorehands.com]

Lawsuits against companies for illegal spam also reduces spam.

in 2003, I filed a spam lawsuit against a drug spammer in Florida. Shortly after I settled, the amount of spam I received went down by about 50%.

I filed several spam lawsuits between 2013 and 2014. The e-mail load on my mail server went down by 75%.

Between May 27 2013 and Sat Jul 18 2015 (782 days) my server processed 4,801,196 e-mails (6,1397/day).

In 2012, my server typically processed between 20k-22k e-mails per day.

Between Aug 11 2008 and Nov 29 2008 (110 days) my served processed 1,419,128 e-mails. (12,901/day) But In 2011 I more than doubled the number of e-mail users.

When you sue the advertisers, they may terminate some of the spammer and the advertisers get some of the money from the spam networks that they use. At the very least, spam lawsuits get you on the spammer's suppression lists.

Re:

[Demonoid-Penguin]

Lawsuits against companies for illegal spam also reduces spam.

Agreed. Occasionally ACMA reluctantly sends a warning letter to spammer here - that's the "authority" charged with prosecuting spammers. Once or twice they've reluctantly taken legal action (they're corrupt and lazy). Sending unsolicited commercial email is an offence [acma.gov.au] in Australia - none of that "opt-out" bullshit. I've filed thousands of complaints with them - and provided comprehensive documentation on the parties involved and the number of spams they've sent, as well as organise many others to do the sam

Spam stems from lack of negative feedback

[Morgaine]

Control Theory is applied mainly to electronic systems, but it's equally applicable to all systems everywhere, with no exception. That includes networking, and it even governs human systems.

It's a truism in Control Theory that a system without negative feedback is a system that is out of control. All non-trivial systems without negative feedback head towards an uncontrolled state on the slightest perturbation of initial conditions.

Email is one such system. It was designed without negative feedback back in the early days of the academic Internet before malicious actors appeared on the scene. Because there is no "cost" associated with sending an email, the system went out of control --- the primary effect of that is spam. (This "cost" has nothing to do with money.)

In Control Theory terms, "cost" is any control metric that tracks an undesired effect and reduces that effect when applied to its cause. One of the most universal undesired effects is resource consumption, and that's directly applicable to the email problem because many kinds of resources are used up by spam when it arrives at MTAs and at end-user mailboxes --- examples are CPU time, storage space, network bandwidth, end-user time, and many other things. They're all resources, and spam is the direct result of the spammer feeling no "cost" when he consumes other people's resources. There is no negative feedback being applied to his posting of spam.

"Cost" in the control theoretical sense could be many things when applied to email, for example a slowdown in the spammer's ability to post his next email proportional to the rate of sending and to the number of recipients. There are dozens of possible ways to make a spammer feel a "cost" as negative feedback for his actions, many of them leaving normal mail users entirely undisturbed by the negative feedback. Unfortunately email has none of these control methods available, and it probably never will because it's too late in the day.

One day however, a new asynchronous communication protocol will be designed to replace SMTP. It must be designed with a mechanism for negative feedback integral to the protocol and non-optional, or else the spam problem will appear again, sure as night follows day.

Note that we have many other systems out of control in computer networking, it's not just email. For example, there is no negative feedback applied to rampant abuse of user-side scripting by web pages. Web developers feel no cost regardless of how much end-user CPU, storage, or network bandwidth they employ, and since there is no negative feedback applied to their over-use, browsers typically have their CPUs pegged at 100% and the Web has turned to molasses. As techies we try to control the Web excesses with NoScript (for example) just as we try to control spam with SpamAssassin, but these are just fighting symptoms. You can't cure a disease by fighting symptoms.

This is a universal truth. No negative feedback spells trouble ahead.

Re:

[JaredOfEuropa]

You can charge that cost (in whatever form it comes) to spammers only; if you apply it to everyone equally, you'll run into another phenomenon called "market failure". And identifying spam and spammers is something that many researchers and developers have tried solving already. That's the real problem: it is hard to distinguish spam sources, usage patterns and content from legitimate emailers, especially bulk emailers. How do you propose to "track an undesired effect" in email?

Re:

[wvmarle]

How to measure (and slow down) sending rates of some bulk mailer, who sends e-mail to hosts all over the world?

The source doesn't have to follow the protocol - they just send out as fast as they can. The destinations (plural - probably big big numbers) have no idea what other destinations get from that source. Most of them will see just a few e-mails come in, that's their share. All the spammer has to do is not send everything for Yahoo at the same time, but intersperse it with mails to other destinations a

Re:

[t551]

I suspect that most SMTP servers already implement rate-limiting for everyone, everywhere.

The GP's objection was that you are vastly underestimating the number of nodes that a spammer can connect to. When he has a million upstream SMTP servers, it doesn't matter if he's rate-limited to one email an hour by each of them; he's still sending a million emails an hour.

Re:

[Kjella]

It's a truism in Control Theory that a system without negative feedback is a system that is out of control. All non-trivial systems without negative feedback head towards an uncontrolled state on the slightest perturbation of initial conditions. (...) In Control Theory terms, "cost" is any control metric that tracks an undesired effect and reduces that effect when applied to its cause.

Most consumption is actually demand limited, even if you make a toll road free there's a fairly finite amount of time I'd spend driving it or how much I'd eat at a free buffet. I've never had negative feedback on my email volume, yet never had my consumption spin out of control because it's inherently self-regulating how much I'd care to consume even if it is a free and unregulated resource.

Spammers operate under the edge condition where they'd like to send an infinite number of emails (more money) and they

Flawed statistics are flawed

[Opportunist]

Yay, we're down to 50%! that means spam is down, right?

Nope. Sorry. Spam is alive and well as it always was. But more and more companies are switching to mail for sending their bills. What you used to get as a dead tree edition, you now get via bits. Your ISP sends his invoice via email, so do Amazon, EBay, PayPal and pretty much any online trader.

Spam mail isn't down. Legitimate (for varying definitions of legitimate) mail is up. That's all.

Re:

[SgtAaron]

Nope. Sorry. Spam is alive and well as it always was. But more and more companies are switching to mail for sending their bills.

I think you meant email for sending bills. Yes that's a good thing. I still stuff envelopes for those who refuse to get invoices via email.

And no, the spam problem is still alive and well. I responded to a user earlier who said he only gets 1 or 2 spams a month in his inbox, so no spam problem. He neglected completely all the behind-the-scenes work that goes into that excellent result. But there is still a ton of cpu time all over the planet dedicated to filtering that shit out!

I'm tired of spammers, s

Re:

[gavron]

^^^That.

And appliances are now sending out email, including Nest thermostats, Ubiquiti cameras, CyberPower UPSs, etc.

So the overall number of spam messages hasn't decreased at all. Spammers are still in an arms-war with sysadmins to get around e.g. SpamAssassin. However, there are now more messages so the percentage has lowered.

Frankly, having read Symantec's "report" I find it devoid of data or numbers, just ending-statistics without a measure or quantification. However the "news" keeps quoting them and

Re:

[Opportunist]

Personal communication is dwarfed compared to the amount of invoices and announcements sent out by companies. It's pretty much the same as it is with old fashioned mail, the amount of letters sent by individuals dwindled down when other forms of communication came into use but the amount of commercial mail covered for this billionfold.

It's similar today with email. What used to be sent via postal services is more and more shifted towards electronic communication. Yes, people already shift away from it for t

Re:

[Mandrel]

Spam mail isn't down. Legitimate (for varying definitions of legitimate) mail is up.

The opposite could also be true: As the young move from email to social apps, spammers have quickly followed. Just like how spam disappeared from USENET faster than legitimate posts as USENET began to die. I'd like to see evidence that pointed to the correct reason.

I get about 15000 spam emails a month.

Re:

[laffer1]

The other difference is that Yahoo and Google have locked down email so that legitimate email isn't getting delivered. Now other providers are following the same rules. When you block a lot of email, it never gets delivered.

There are certain people I just can't mail anymore.

Re:Flawed statistics are flawed

[Demonoid-Penguin]

The other difference is that Yahoo and Google [sic and every other BP email provider] have locked down email so that legitimate email isn't getting delivered. Now other providers are following the same rules. When you block a lot of email, it never gets delivered.

There are certain people I just can't mail anymore.

Then implement SPF, DKIM and DMARC - it's not hard compared to correctly configuring a mail server. As a bonus halfwits with a spare 10 minutes won't be able to spoof your email address.

But until you do something other than complain you remain part of the problem instead of part of the solution.

Re:

[wvmarle]

They probably check what's passing through the upstream filters, and is handled by a spamfilter.

My spam filter catches some 45-50 spams a day. It misses those with attachments (irritating - get 5-10 of those daily) and a few others that are hard to classify as spam (rather legit business related but not my business), but overall doing a decent job. I'm getting a similar number of legit mails a day, a large number of those being stuff like meetup and facebook status messages. So that'd be indeed about half/h

LinkedIn...

[jb_nizet]

Do they count LinkedIn email as spam? Because that would probably make the number climb to 75%.

> Unsubscribe from LinkedIn
> Delete email account
> Sell house, live in woods
> Find bottle in river
> Has note inside
> It's from LinkedIn
Source: https://twitter.com/darylginn/... [twitter.com]

XP

[tomhath]

There are still a couple of hundred million XP machines running. As that number declines so does the amount of spam, but there's a long way to go.

Re:

[Demonoid-Penguin]

The majority of spam I receive is coming from Linux servers.

But keep Slashturbating like it's 1999, while never updating your fucking CMS or properly fucking configuring sendmail, you cunts.

All sorts of OS get botted, both physical and virtual. And those bot farms do all sorts of things from bitcoin farming to spamming. But to return to the subject from the fanboi tangent - if the internet fairy waved his magic wand and made bot farms disappear you wouldn't see much difference in the amount of spam being delivered, and shortly thereafter levels would return to "normal".

As long as it pays to send spam it will continue to exist. If people stopped buying shit from spam, and people stopped paying

Re:XP

[Demonoid-Penguin]

There are still a couple of hundred million XP machines running. As that number declines so does the amount of spam, but there's a long way to go.

The number of XP boxes on the internet has little to do with spam. It did when cheap VPS, cloud and broadband was uncommon. Blame their owners for a lot of things - but blame for spam is misplaced (the main exception being Michael Lindsay [spamhaus.org]'s "customers"). It's far cheaper, and easier to either rent a host or pay a mailing service than it is to rent (or build) a bot-net of sufficient size to produce a measurable amount of the worlds spam. SPF, DKIM and DMARC has also considerably reduced the viability of bot-nets for spamming as the major email providers reject their unauthenticated headers, or quickly identify them as spam.

The majority of those services provided by a small number of companies (in order of volume):- softbank.co.jp, unicom-bj, unicom-sc, drpeng.com.cn, webexxpurts.com, gmo.jp, kddi.ne.jp, kyivstar.net, uplus.co.kr, softcom.com.

The majority of spam is commissioned by a small number of arseholes (a significant number of them are bases in North America since China cleaned up it's act). In order of volume:-

• Canadian Pharmacy - Ukraine. A long time running pharmacy spam operation. They send tens of millions of spams per day using botnet techniques. Probably based in Eastern Europe, Ukraine/Russia. Host spammed web sites on botnets and on bulletproof Chinese web hosting.
• Dante Jimenez / Aiming Invest - United States. Spamwarez, lists, "bulletproof" hosting in the finest South Florida tradition. Working with worst cybercriminal botnet spammers. Now mostly involved in massive botnet spamming with hosting on hacked servers and Eastern European hosters.
• Yair Shalev / Kobeni Solutions - United States. High volume snowshoe spammer from Florida, (former?) partner-in-spam of ROKSO spammer Darrin Wohl. Son-in-law of ROKSO listed spammer Dan Abramovich. Sued by FTC in 2014 due to fraud.
• Yambo Financials - Ukraine. Huge spamhaus tied into distribution and billing for child, animal, and incest-porn, pirated software, and pharmaceuticals. Run their own merchant services (credit-card "collection" sites) set up as a fake "bank."
• Mike Boehm and Associates - United States. Snowshoe spam organization that uses large numbers of inexpensive, automated VPS hosting IPs and domains in whatever TLD is currently cheapest to send high volumes of spam to extremely dirty, scraped lists. Operates under many business and individual names.
• Michael Persaud - United States. Long time snowshoe type spammer.
• Michael Lindsay - United States. Lindsay's iMedia Networks is a full-fledged spam-hosting operation serving bulletproof hosting at high premiums to well known ROKSO-listed spammers. His customers spam via botnet zombies with spam payloads hosted offshore, tunneled back to his servers. He and the gang have been hijacking (stealing) IP address space from companies for years to spam from. Illegal in the USA.
• Jagger Babuin / BHSI - Canada. Romanian spammer now living in Vancouver BC. Also known as the "Dr Oz" spammer.
• First Place SEO & financial fraud spam gang - United States. Seem to be either Northern New Jersey or San Diego, California based scammers. They rent endless numbers of servers and buy endless domains to then pump out "SEO", search-engine-rankings and financial fraud scam spams.
• Josh Henderson or Nicholson - bulletproofvps.com - Canada. Offshore Bulletproof Hosting is his thing.

Top 10 countries that produce and export spam, in order of significance:- United States, China, Russian Federation, Ukraine, Japan, United Kingdom, India, Germany, Brazil, Turkey

Sources [spamhaus.org]

Not a very meaningful number

[damn_registrars]

This appears to be a survey of spam that is caught by Symantec software. There is plenty of spam that is caught in hardware filters, ISP filters, and filters that are run by various free email services. The Symantec software is often filtering pretty late in the game.

Furthermore, no sane person should ever be patting themselves on the back if they are only addressing the problem with filters, as they will never resolve the spam problem completely. Spam is an economic problem, and only economic soluti

Profit

[manu0601]

It seems that spam gangs moved to more profitable activities. The raise of ransomwares and point of sale hacking may be a hint at why we get less spam.

Re:

[ladislavb]

Living in the era of the borderless world wide web, I really hate to remind some Slashdot readers that there are many many places on earth where it is NOT feiday night right now.

Re:

[Anonymous Coward]

You need to just get a lief

I'm not gay and I'm not into Vikings.

Re:

[rossdee]

"Serionsly, it's Feiday night! Why are you reading this?"

It may surprise you to learn that not everybody works 9 to 5 Monday to Friday

Re:

[SgtAaron]

LOL. I'll bite 72442. I'm drinking, too, but somehow manged to tpe ths. Cheers!