Spam Volume Jumps 35% In November 371
gregleimbeck writes "Spam volume soared another 35% in November, an e-mail security vendor said Thursday, and the month saw spam tactics that reduced the efficiency of traditional anti-spam filters.
'There's been a huge increase in spam volume,' says David Mayer, a product manager at IronPort Systems, 'from 31 billion spams a day on average in October 2005 to 63 billion in October 2006. But in November, we saw two surges that averaged 85 billion messages a day, one from Nov. 13 to 22, the other from Nov. 26 to 28.'"
I'd say more than 35% (Score:5, Insightful)
Are we finally going to reach a point where only trusted addresses can email us? Seems the arms race is being severely lost. I've got a pretty good spamassassin config and I can't keep up anymore, I find myself having to manually delete literally hundreds of messages a day now.
Re:I'd say more than 35% (Score:5, Informative)
Re:I'd say more than 35% (Score:5, Informative)
I got around 100 per day back a few years ago. When i started forwarding to gmail, I average a spam folder of 4000 (it deletes spam after 30 days).
In the past two months, its gone from between 5000 and 6000 to over 15,000. I would agree, hella higher than 35% though. At my place of employment, we have a million mailboxes. We started running into a lot more problems with spam than usual about 6 weeks ago as well.
Re: (Score:2)
Re:I'd say more than 35% (Score:5, Insightful)
Everyone has equal potential to be scum. It's just easier to make people hate successful scum.
Anyone can use gmail's anti-spam too! (Score:5, Interesting)
Simply forward all of your mail on to gmail, and then either collect it from gmail using POP3, or set gmail to forward it back to a "clean" account on your server that you can pick mail up on. You can set gmail to delete the mail after it forwards it, so you essentially get one of the best anti-spam filters out there, for free.
Of course, what is annoying me is all of the penny stock image spam that gets through most spam filters. It's getting to the point where I really am considering stripping image attachments from messages. See this post [slashdot.org] further down for a bit more on my thoughts on image spam.
Re: (Score:3, Insightful)
Re: (Score:3, Interesting)
I see perhaps a dozen or so spams/day despite my email address being plastered all over the Intarweb for the last 6 years. (I've made no effort to hide it)
This combination stops a ridiculous percentage of all inbound email.
Why do we fight this at the end? (Score:5, Insightful)
I don't see why we are always fighting this problem at the reception end, rather than the source. Spam filters can work quite well, but why are they mostly applied right at the very endpoint of the chain?
I'd be very happy for some basic filtering to take place on my outgoing mail at the ISP level. If it meant the odd automatic email with a captcha saying "are you sure you intended to send this mail?" before a spammy-looking email went out, thats fine with me, and wouldn't that approach cut down on all those twits whose PC's are part of a botnet without them realising it?
Bah, why is firefox suddenly getting me to spell check in American?
I use a different approach. (Score:3, Interesting)
#2. Block email during SMTP transmission - this is where the whitelists and blacklists come in. Everything else gets greylisted. I also use fake addresses to create my own blacklists.
If something is rejected, my phone number is included on the rejection notice. A person will see it and can call.
#3
Re: (Score:3, Insightful)
Re:I use a different approach. (Score:5, Interesting)
If someone is sending spam, they're not going to wait that long before starting a new connection (it would slow them down something fierce, to maybe only sending 1 or 2 emails a minute).
This catches about 75% or more of the spam coming in - anything left is mopped-up by either spam assassin at the mail server level, or POPFile before my email client.
Sort of a 3-tiered approach. Very little (maybe 1 or 2) spams per-week get through.
N.
#1.1 Block REMOTE images!!! PERIOD (Score:3, Insightful)
images, if you completely block those they cannot use the servers statistics/unique session id to figure out
which mails worked or didnt.
2. Use those remote image location to flood their session stats and pollute their databases and tell their ISPs to drop them too.
Re:I'd say more than 35% (Score:4, Insightful)
Even that can be spoofed. And people will complain that they can't engage the customers and that's hurting the economy.
There was a guy who proposed something called RSS-mail a few years back. It was the same guy who came up with SPF I think.
Anyways the idea was that I would send you a notification that there was an email waiting for you to pick up on my server. Similar to how RSS passes data. If I was interested in reading that message I could call upon your server to deliver the email to me and then I could read it.
The key is that now the sender has to own the email. He can't just shoot off 20 million random messages. He now has to store all of them on his server for some period of time so that you can pick them up. Cheap for you, expensive for him. It also means that he has to be honest about his RSS feed otherwise you'll never be able to pick up the email and read it. This also makes it easier to track them down.
Personally, I think spammers won't go away easily. They make a lot of money off pathetic fucktards who think they can get a bigger dick with a pill. The real damage is done by the people who purchase via spam making spam a viable marketing tool.
Re: (Score:2)
Re: (Score:3, Interesting)
Re:I'd say more than 35% (Score:5, Interesting)
That's definitely one approach. Unfortunately, it means that my mail would then be at the mercy of a thousand servers' bandwidth, and that reading my mail would take a lot longer on the average as a result.
What we really need is E2EASMTP: End-to-end Authenticated SMTP. The design is basically just the existing SMTP. The only changes are as follows:
The key is that the entire abuse reporting process should be automated and that no email messages without an initial host signature should be delivered. This will make it impossible for continued operation of spam zombies in two ways:
In effect, by ensuring a trusted (albeit not necessarily encrypted) path for all email messages, you make spamming orders of magnitude harder with minimal performance impact. Best of all, I think that this could be implemented with relatively minor additions to the SMTP protocol and phased in over a period of time, ensuring a smooth transition from the spam nightmare we have now to a more modern, usable email infrastructure.
Re:I'd say more than 35% (Score:5, Interesting)
Re: (Score:3, Insightful)
Re:I'd say more than 35% (Score:4, Insightful)
Re:I'd say more than 35% (Score:4, Insightful)
All ISPs should take reasonable care not to reinstate mail sending privileges until they are sure that the user's computer is clean.
Any ISP that actually gives enough of a shit to care what is coming out of their network and manage their users like this has already managed the spam problem. How much spam do you see coming from AOL IPs? Yeah, it's because they got people like Carl Hutzler who actually took the problem seriously and they gave him real power to implement solutions.
I see armchair admins come up with these oh-so-clever solutions every day, but the reality is that solutions exist now, and what stands in the way of their implementation is nothing more than incompetence and greed. Comcast, Brazil Telecom, Orange/TPnet, all of them could stop their massive armies of zombies overnight, but it's just too expensive. Their cost-benefit analysis lets them keep polluting our mailboxes with direct-to-MX zombie connections rather than deal with the support costs of the 0.01% of users that will ACTUALLY have a problem with port-25 blocking.
We have to make it expensive for ISP's to continue letting their zombies send us spam. That is my FUSSP.
Re: (Score:3, Funny)
Your post advocates a
(x) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affe
Re: (Score:3, Insightful)
This comes up a lot, so skip this if you've read my take on the matter before.
One of my clients has a website that features an opt-in email newsletter. Each message is roughly 1MB in size (many pages, lots of images, etc.). He has about 25,000 subscribers. This means that near the first of each month, he's sending about 25GB of email out to people who want to get it. Under SMTP, this is no big deal - just give Postfix a list of recipients, and let it work out the delivery details. The mail queue grad
Re: (Score:3, Interesting)
No, its not just you.
I've always preferred to run my own spam filters, I trust myself not to filter out a genuine email by mistake more than I trust my ISP, but last week the spam level got to the point where I'd go away for a couple of hours and there would be 200 new spams in my Junk folder, so I enabled the filter in my ISP's mail settings to try to get some bandwidth back. But as this article said, the latest batch seems to be evading conventional filters, so I'm still buried and thinking along whiteli
Re: (Score:3, Interesting)
Re: (Score:2)
Yeah, wishful thinking I know... I'll go to my corner now.
Re: (Score:3, Informative)
Re: (Score:3, Funny)
Ah, but my spam volume decreased by 130%. So it all works out, you see?
Authentication (Score:3, Interesting)
The secret is that I reject all but a few hundred of those 11000 spams in SMTP envelope. Correspondent
Re: (Score:2)
I notice you didn't consider updates to various MTAs in various distros as a possible vector. There may well be flaws in Vista (which isn't completely new code, btw), but to say that there's (potentially) a huge exploit, which is widely distributed (to so many spammers) but yet has gone completely unnoticed seems exceptionally unlikely.
Or you were just trolling.
Re: (Score:2)
Re: (Score:3, Funny)
Anti-MS zealot: "The increase in spam is caused by Vista".
MS Fanboy: "Don't be silly - it was obviously the 2.6.18 kernel release that did it".
IT Professional: STFU, both of you.
Pump & dump for PHYA (Score:5, Informative)
Re:Pump & dump for PHYA (Score:5, Informative)
Re:Pump & dump for PHYA (Score:3)
Re:MOD DOWN (Score:4, Informative)
Re:Pump & dump for PHYA (Score:5, Informative)
Basically, the way this scam works is that the scammers buy a bunch of worthless stock (as in a few cents/share), then email fake stockbroker advice websites and fake advice emails to people, trying to get them to buy the stock. When the stock is worth a decent amount of money, the scammers sell and leave everyone else that bought into their so-called, "advice," with worthless stock.
Re:Pump & dump for PHYA (Score:2)
Re:Pump & dump for PHYA (Score:3, Informative)
Also, in a bit of irony, did anybody catch the Avoid Scams [stockmarketenews.com] link at the top of the PHYA info page that google links to?
Re:Pump & dump for PHYA (Score:2, Informative)
Re:Pump & dump for PHYA (Score:3, Interesting)
So what happens if I short the stock every time I get one of those damned emails?
Re:Pump & dump for PHYA (Score:2)
body __LR_PUMP_A
body __LR_PUMP_C
body __LR_PUMP_D
meta LR_PUMP_1 (__LR_PUMP_A && __LR_PUMP_C && __LR_PUMP_D)
score LR_PUMP_1 5.0
body LR_PAD_1
describe LR_PAD_1 Physician Adult Daycare
score LR_PAD_1 5.0
H.
Re:Pump & dump for PHYA (Score:2)
Plus, SMS Spam (Score:4, Interesting)
Re: (Score:3, Interesting)
Re:Plus, SMS Spam (Score:4, Informative)
Re: (Score:3, Informative)
Just One (Score:2)
Whatever Google Uses (Score:2)
I'm still worried why so much spam recently though. Is there anyone out there who seriously READs this garbage and actually considers sending money to these people? Seems like the problem with spam is only going to get worse and worse until the big email providers can come up with some mechanism to prevent spam that still allows independent non-business email servers to still serve their purpose. I
Re: (Score:2)
Yes. They made several billion dollars from spam related sales last year. If it can generate that much sales do you really think it will go away? Ever?
Who reads it? (Score:5, Insightful)
The great irony of the spam arms race is that the better we get at filtering the spam, the more garbage the spammers send out just to get the same return. You can't stop filtering it, because the mail you want would be buried in a torrent of spam. But filtering more just raises the bar for the next round of spam.
Eventually it may get to the point where (a) email is unusable or (b) spammers have to send such a massive volume of cr@p that it no longer becomes a cheap business, and it ceases to be worth spamming. Until then, things will keep escalating.
Re:Who reads it? (Score:5, Informative)
Having said that, the level of obfuscation they have to use even now makes their ads almost unreadable. You want me to 3nl@rg3 my what?
Re: (Score:2)
Well, it doesn't cost them more in terms of bandwidth, but I understand there's a thriving black-market business in selling access to the botnets.
Yes, obfuscation, at least, seems to be one tactic they've embraced that ought to be self-defeating.
The NEW 640k quote... (Score:5, Funny)
Re:Don't be hasty! (Score:4, Funny)
Re:Don't be hasty! (Score:5, Funny)
He's got 9 days left!
Nine days ought to be enough for anybody.
Outlook (Score:2, Informative)
Re: (Score:2)
Bogofilter gets >99% of my spam.
dspam gets >99% of my spam.
What were you saying?
Re:Outlook (Score:5, Funny)
Re:Outlook (Score:5, Funny)
Re: (Score:2)
Indeed. I actually have a filter rule that says that by default, any mail sent by Outlook goes to the spam filter.
Spike (Score:2)
Not to mention this is the 4th quarter, when everyone and his cousin is trying to
sell holiday gifts. How about some data for the past 6 months?
White List. (Score:3, Insightful)
Filled corporate Internet pipe (Score:4, Insightful)
I know people talk about legal solutions not working, but I think if law enforcement made use of existing laws and went after these people it might make a difference. I'd love to see the FTC go after the pump and dump spammers and confiscate everything they own before locking them up, or the food and drug administration go after all the enhancement pill spammers. Also, perhaps a law to fine idiots who buy from these spammers.
Just change the federal law to let some of the state laws take effect, i.e. defeat the Can-spam act.
I think if law enforcement made a good effort to go after these spammers and lock them up then it might make a difference.
-Aaron
Bandwidth (Score:5, Interesting)
Re: (Score:2)
Yeah, spammers will just move to the next thing...but we have to work our way up. Email is slowly becoming useless now.
Re: (Score:2)
-Aaron
Re: (Score:3, Interesting)
Victory Conditions (Score:3, Funny)
Maybe we might just need an alternative... (Score:2)
Geographic filter is great (Score:3, Insightful)
Re: (Score:2)
Also, the following code will grab all the subnets by country, this example grabs them for China:
Scum (Score:4, Interesting)
It's not worth worrying about spam (Score:2, Interesting)
Content filters are code that effectively say "I know spam when I see it." Given that people can't say exactly what spam is, why would they trust code written by humans to do the same. Likewise, blacklists are dangerous. We have a mail list machine that hosts hundreds of thousands of subscribers. A lot of people classify any email they don't want as spam, so we occasionally
Fallacy: automation can't better human (Score:3, Interesting)
Content-based spam filters can be much more accurate than humans. In particular, they can have lower false positive rates. That is, a good spam filter is less likely to discard good email than a human is to overlook good email in a sea of spam.
I'm not exactly sure how the article s
Bayesian Filters, and work on MTAs (Score:2)
On Windows, I'm using either Mozilla Thunderbird (usuall
It's called a surge (Score:3, Funny)
--
My God! It's full of tubes!
I noticed that too, on top of the gradual one... (Score:2)
Here are my monthly stats for over the last year on my own personal domain, that has the unfortunate privilege to be in every blasted spam file ever.. These are pre-rejected spams, some still pass to the "next level"...
http://oomz.net/spam-monthly.png [oomz.net]
1 filter, 99% of spam gone. (Score:3, Interesting)
or Content-Type contains "text/html"
and not in address book.
What those don't catch, along with a couple filters for non-english, Thunderbirds filters do. Haven't had a false positive yet. It gets all that image spam, and before that, it caught all that HTML. That same logic working in Mail.app.
use Postgrey (works for me) (Score:3, Interesting)
It works wonderfully even without additional filtering (blacklists, for example.. Which we do still use, though).
Postgrey is a grey-list system por Postfix (for a description on how it works, click here [puremagic.com]), and there are probably other good greylist filters around.
We've had (like everyone else has) massive amounts of spam going through Spamassassin, our server was down its knees all the time.
Now the machine is typically 95-98 percent idle and the spams we receive (remember I've said we use blacklists aswell) is only the ones which come from our intranet (from hijacked machines we quickly disable when discovered).
That tool saved the day.
Eventually those bastards will have a way around it, but for now it works very well.
Spam is just the symptom... (Score:4, Insightful)
The real disease is: those vast botnets. Really, it's a scary thought. We are lucky that they only being used for spam and the usual phishing scams and the like - as far as we know! Imagine if the terrorists buy themselves some botnets for some nefarious purpose, or the Chinese or North Korea government corner the market on them to run millions of bots to steal corporate secrets or IDs or who knows what? What I'm saying here is that the large increase in spam should be triggering off alarm bells everywhere. The spam is not the problem - it's the botnets. Why in the world don't responsible world governments unite to put a swift end to this problem? Really - it could be dealt with swiftly and effectively in a hundred different ways that I will up to the imagination of the reader. I am just astonished this hasn't happened. I mean - couldn't our friend and champion of democracy George W. include this in his initiative against terrorism? He would probably have more luck tackling this problem then he is having in Iraq. What if he put that on his agenda - and set loose all his military might along with the help of some coalition of the willing? Perhaps he could salvage what's left of his image? Are you listening Mister Bush?
http://www.magma.ca/~gtaylor/AudioTestFileGen.htm [magma.ca]Bring It On (Score:3, Funny)
Real status from a Financial Institution (Score:4, Interesting)
The increase in November of 35% is pretty accurate - but where the real story is is when you look at the 6 month trend.
In July of 2006, my enterprise was blocking approximately 20 million spam messages per week. Last week, we blocked 86 million spam messages - over 400% increase in 6 months.
Most of the growth occured in September & October. We're projecting to hit 100 million per week by the end of January.
The only good news here is that the amount of valid email that we're letting into our enterprise is remaining flat, indicating that pretty much the entire increase is successfully blocked by our anti-spam. *whew*.
-Lokatana
Spam ? What spam ? Easy free tools eat spam ! (Score:4, Interesting)
I you still have spam, it just means that you are not using the freely available tools to eradicate it. Just do it ! I found it is suprisingly easy and we have to thank Debian for that !
Re:It's that damn picture spam (Score:4, Insightful)
Re: (Score:2)
This looks interesting but it's in a really obscure language. WTF is Lua and why didn't anyone have the foresight to make this into a simpler to use module?
If this was simply written in C you could at least use it in C or port libraries to other languages
Re: (Score:2)
Re: (Score:2)
I daresay that Fidelis Assis -- the author -- wanted to spend his time as effectively as he could building the best spam filter he was able. I can't say that he made the wrong choice as his filter is outstanding. He did take the trouble to make it an available open-source project, which allows anybody to repackage it as they see fit.
Re: (Score:3, Informative)
Re: (Score:2)
Actually, 95% is pretty aweful. If you can't get to 99% then you are selling yourself short. The tools for identification of spam are very effective these days. 95% is junk.
Re: (Score:2)
Re: (Score:2)
Re:Why does 'Picture Spam' get through ? (Score:4, Interesting)
1. It's harder to extract useful data from an image than from text or a markup language like HTML. OCR is possible, but wasn't worth the effort until the volume jumped up recently.
2. Without that meaningful data, it looks a lot like messages that people forward each other. A picture sent from a cell phone, for instance, or the latest funny animation, or pictures from last week's party, or whatever. The filter is left with header info and not much else.
Filters aren't just acting on spam vs. business mail -- they're also acting on spam vs. personal mail.
They hide from OCR, so why not detect that? (Score:3, Interesting)
So what I'm wondering, and I'd be interested if anyone on Slashdot knows about or is working on this - surely it wouldn't be too hard to detect the presence of these anti-OCR techniques? The standard way seems to be putting extra lines and edges, and a spotty backgr
Re: (Score:2)
Uh, practically everyone sends MIME mail with images when they send you an advert in your email - and I mean people you've done business with before.
I wish I knew why Thunderbird refuses to believe that bassproshops is a spammer.
Anyway the feature I want is to automatically deny anything written in a foreign language - since I don't read them anyway. As a bonus, leet speak may be misdetected as a foreign language (as
Re: (Score:2)
Re: (Score:2)
Every major email provider has pretty good spam protection. One peek in the Spam folder is enou
Re: (Score:3, Insightful)
No need. As I've been saying for several years, only servers really need to have a cert. If every server had a cert and no messages from machines without a cert were accepted, spammers would have to have a cert or would have to send through normal channels through people's ISPs.If they get a cert, you know who and where they are and you can arrest them.
If they don't get a cert and their spam bots go through people's ISPs, you can set up an automated "this is spam" reply mechanism that would stop the spa
Re: (Score:3, Insightful)
~Philly
Re: (Score:3, Insightful)
The idea is that they'l