Forgot your password?
typodupeerror
Spam

Forty Percent of All Email is Spam 625

Posted by michael
from the enlarge-your-make-money-fast-in-nigeria dept.
PCOL writes "There's an interesting article on spam in today's Washington Post which includes an inside look at AOL's spam control center in Northern Virginia. The story reports that roughly 40 percent of all e-mail traffic in the US is now spam, up from 8 percent in late 2001 and nearly doubling in the past six months; that AOL's spam filters now block 1 billion messages a day; and that spam will cost U.S. organizations more than $10 billion this year from lost productivity and the equipment, software and manpower needed to combat the problem."
This discussion has been archived. No new comments can be posted.

Forty Percent of All Email is Spam

Comments Filter:
  • by Anonymous Coward
    Compared to Slashdot posts!
  • sure, sure. (Score:4, Funny)

    by irc.goatse.cx troll (593289) on Thursday March 13, 2003 @11:10AM (#5502873) Journal
    And 90% of all statistics are made up on the spot.
  • by techstar25 (556988) <techstar25&cfl,rr,com> on Thursday March 13, 2003 @11:11AM (#5502877) Homepage Journal
    Ironic. Forty percent of spam is pork.
  • 40% ...? (Score:4, Funny)

    by DaneelGiskard (222145) on Thursday March 13, 2003 @11:11AM (#5502885) Homepage
    So who gets the 60% of the regular email I'm supposed to get?
    • Re:40% ...? (Score:5, Funny)

      by scott1853 (194884) on Thursday March 13, 2003 @11:16AM (#5502950)
      It's deleted by the spam filters.
  • now i get spam (Score:3, Interesting)

    by stonebeat.org (562495) on Thursday March 13, 2003 @11:11AM (#5502891) Homepage
    about spam stopping software.
    • Re:now i get spam (Score:5, Insightful)

      by You're All Wrong (573825) on Thursday March 13, 2003 @12:40PM (#5503761)
      Nice innit?

      However did you notice in the article it said:
      "nearly doubling in the past six months, according to Brightmail Inc., a major vendor of anti-spam software."

      So I'm not 100% sure the stats can be believed - it's in their interest to tell you it's all doom and gloom. It's even in their interest to have you spammed, but that of course would be conspiracy theory central...

      YAW.
  • Only 40%? (Score:2, Funny)

    by mgs1000 (583340)
    I seem to get a lot more spam than "legitimate" email. I guess I must have fewer friends. :(
    • by scott1853 (194884) on Thursday March 13, 2003 @11:19AM (#5502972)
      Maybe you have lots of friends and they're all filling out those "notify my friends" forms?
    • Only for AOL? (Score:5, Insightful)

      by www.sorehands.com (142825) on Thursday March 13, 2003 @12:14PM (#5503532) Homepage
      The article stated the figure came from Brightmail not AOL.

      If it was AOL or Verizon, then I would think that the numbers would be skewed as they have sued spammers and those spammers have agreed not to send spam on those networks.

      Grasshopper, remember the two rules of spammers.

      1. Spammers lie.

      2. If a spammer says anything, see rule 1.

    • by UberQwerty (86791) on Thursday March 13, 2003 @12:55PM (#5503936) Homepage Journal
      I have a real, useable e-mail account that never recieves any spam at all, and I never delete/filter legitimate mail! How is this possible?

      I have two e-mail addresses. One gets nothing but spam, and the other gets no spam at all.

      I have a free account at hotmail.com and a private one on a server that isn't owned by a big business. When I'm giving my address to someone I know personally, I give the private one. When I have to give an e-mail address to sign up for some service or to get some account, or basically whenever I'm giving my e-mail address but I don't know who is getting it, I give my hotmail account.

      Result:
      -My hotmail account occasionally gets confirmation e-mails when I've just created one of those free accounts for some website, but I always know when they're coming. Otherwise, it just collects spam, which I periodically delete (and block the addresses it came from).
      -My personal account never gets spam.

      (I have a university account that forwards to my private account, so occasionally it gets what could be called "spam" that's aimed at univ. students, but if I stop the forwarding it stops the spam, so I don't really have a problem.)

      • by gdr (107158) on Thursday March 13, 2003 @02:39PM (#5504969)
        This works until one of your friends enters your email address into a form on the web (say to send you a electronic birthday card) and it gets added to a spammers list.

        It's also possible that a spammer could harvest email addresses using a Outlook virus that infected one of your friends or anyone who has been sent an email that has your email address in the header (or body for that matter).

        I don't know if these sort of viruses are common but if they're not now they could be in the future.

        Having multiple email addresses is a good idea but, unfortunately, not a perfect solution. Once your "safe" email address is in the hands of a spammer they can pass it on to other spammers and it can become unusable quite quickly.

  • Accuracy (Score:3, Insightful)

    by NitroPye (594566) <coleman@n[ ]oy.com ['itr' in gap]> on Thursday March 13, 2003 @11:12AM (#5502902)
    I wondder how accurate the AOL spam filter is. If some people are accidentaly getting their emails blocked or others not getting emails delivered. Does anyone know on which principal the AOL filter works. Is it just a bunch of email addresses known to be spammers or is it some kind of guessing filter that has certain words and phrases coined as spam.
    • Re:Accuracy (Score:5, Insightful)

      by bheerssen (534014) <bheerssen@gmail.com> on Thursday March 13, 2003 @11:18AM (#5502967)
      A follow up question: how much spam gets past their filters and do they use a standard deviation accordingly to arrive at those numbers? It is conceivable that the actual figure is higher.
    • Re:Accuracy (Score:3, Interesting)

      by Analog (564)
      I wondder how accurate the AOL spam filter is.

      Not terribly. Several years ago, after I first got broadband, I set up my own mail server because my ISP's was constantly going down. I've run it since then with no trouble.

      Several weeks ago, I started getting bounces on mail I sent to AOL addresses. Turns out AOL uses lists of IP addresses that are known to belong to ISPs but not be their mail servers and refuses connections from them.

      Their attitude is that I have no business running my own mail server, t

      • Re:Accuracy (Score:3, Informative)

        by wawannem (591061)
        You know... You could fix this kind of situation yourself. If you set up a real DNS zone, AOL would have no way of knowing you aren't running a legitimate mailserver. Shell out a few bucks to get a name, then spend a day or two figuring out BIND (or worse WinNT DNS), then viola! You will be doing it correctly!! And who would have thought, when you do it right, ISPs will honor it!
      • Re:Accuracy (Score:5, Insightful)

        by corbettw (214229) <corbettw.yahoo@com> on Thursday March 13, 2003 @01:52PM (#5504525) Journal
        Umm, what AOL is doing is right and proper. Is your host the MX record for a domain? No? Then noone should be accepting mail from it. Can your host be authenticated with reverse IP look-ups, crosschecked with MX? No? Then, again, noone should be getting your mail. (All except your own ISP, that is.)

        This might be inconvient for you, but this system exists as a deterent to spammers. Don't like it? Get your own IP addresses for home use or host your own domain somewhere (that's what I do).
  • Optimistic (Score:5, Insightful)

    by Rosonowski (250492) <rosonowskiNO@SPAMgmail.com> on Thursday March 13, 2003 @11:13AM (#5502904)
    I think this is a bit optimistic. I get 300 peices of email a day, and I'm lucky if more then 50 are legitimate mail.
  • by rcs2 (261027)
    Are there any estimates to the total revenue generated by spam for spammers? If it were less than $10 billion, we should be able to simply bribe them to stop spamming.
  • by nenolod (546272)
    I'd say more like 60% though. However, i'd also say that 40% of idiots make up statistics to prove their point, and 90% of people know that.

    Anyway, I get about 1800 messages a day, total. Messages are ran through procmail and a complex spam filtering perl script that I wrote for myself. about 600-700 messages are blocked per day, therefore being more than 40%.

    I'd also state that most SMB popups are SPAM.
  • by greenalbatros (215035) on Thursday March 13, 2003 @11:14AM (#5502919)
    Did you know 40% of all email is spam?!! to find out mo...

  • Continued statistics like that, with economical impacts in the billions might attract enough federal attention to get some standardized laws across the board.

    Sure, we'll still have to worry about foreign sources, but I'm sure the U.N. will be happy to help with this issue.

  • by utmslave (179598) on Thursday March 13, 2003 @11:14AM (#5502928)
    I administer a Spam filter for a state University in Tennessee. Since I began filtering, I have trapped about 42% of all email bound for faculty and staff. Some spam still gets through, but the impact on our pop and imap servers has been greatly reduced.

    550 Spammer Go Away!
  • What is spam? (Score:3, Interesting)

    by lseltzer (311306) on Thursday March 13, 2003 @11:15AM (#5502936)
    I don't want to quibble about the specific number, but how do they decide what is spam? Much of the decision is somewhat ambiguous.
  • to stop spam permanently.

    Once spam makes a substantial dent in corporate america's profits, you can bet there will be a federal law passed banning the practice. Granted, we slashdotters might not like the fact that Corporate America(tm) controls Congress, but in this case, it can actually do us some good...

    • is to punish companies that *hire* spammers.

      Let's face it; if we focus solely on the spammers themselves, we'll have little luck reducing the flow.

      But if the court system allow people to sue the companies that contracted out for spam, a few hefty verdicts might cause corporations to think otherwise.
  • Spam Control (Score:4, Interesting)

    by cheezus_es_lard (557559) <`cheez17' `at' `gmail.com'> on Thursday March 13, 2003 @11:16AM (#5502941) Homepage
    So, we all agree that Spam is a problem. We all agree that legislating Spam out of existance isn't going to work, due to the international design of the Internet. So what needs to be developed is a backwards-compatible mail transfer protocol that authenticates the user to the sending server and forwards the message to the recieving server, who contacts the sending server back and verifies the user's identity.

    I'm no software designer, but surely we could find some concept for migrating off of SMTP and POP and to a better, more secure protocol.

    Other thoughts?

    -cheezus_es_lard
    • Re:Spam Control (Score:5, Interesting)

      by JimDabell (42870) on Thursday March 13, 2003 @11:26AM (#5503063) Homepage

      I'm no software designer, but surely we could find some concept for migrating off of SMTP and POP and to a better, more secure protocol.

      It's not a technical issue (ignoring open relays, which can already be fixed without changing any protocols).

      The fundamental issue is that one of the most important uses of email is to let anybody, anywhere email you, with no hassle. Of course, spammers take advantage of that.

      What's needed is accountability. Give someone internet or smtp access? Make sure you have a way of billing them for any spam they send, and put it in big letters when they sign up.

    • Re:Spam Control (Score:4, Insightful)

      by Ravensign (134410) on Thursday March 13, 2003 @11:30AM (#5503096)
      I agree with this principle.

      At what % do we look around and say, its time for a new protocol with spam avoidance built in?

      50, 60, 75?
    • We all agree that legislating Spam out of existance isn't going to work, due to the international design of the Internet.

      No, we do not all agree. The majority of spam is "in-country" spam. That is to say that the sender is in the same country as the recipient. Some scammer trying to tell you about his "fantastic" multi-level marketing scheme is probably located in your country. Make the advertiser responsible for the mail and don't worry about whether he sent it through an open relay in Korea or paid
  • by mrhandstand (233183) on Thursday March 13, 2003 @11:16AM (#5502942) Journal
    The srticle states that 40% of Internet traffic is Spam. And where does this statistic comec from? From Brightmail...a vendor of anti-spam software. Remember...liars, damn liars, and statisticians
    • by Zathrus (232140) on Thursday March 13, 2003 @11:30AM (#5503097) Homepage
      The srticle states that 40% of Internet traffic is Spam

      No, the article states that 40% of email is spam.

      Which, frankly, seems low. But perhaps they're including corporate email, which often sees a much lower spam level.

      I'm still trying to find estimates on how much of all Internet traffic is from SMTP -- I've seen estimates of anything from 5% to 30%.
    • BrightMail (Score:4, Interesting)

      by NetJunkie (56134) <jason.nash@gma[ ]com ['il.' in gap]> on Thursday March 13, 2003 @11:45AM (#5503247)
      We use BrightMail and are very happy with them. If anyone can give you fairly accurate stats, it is them due to how they work.

      They monitor a LOT of mail boxes...many customers plus many created mailboxes for spam. If a message hits a number of mailboxes in a short time span that message is forwarded to their NOC. A person looks at it and decides if it's spam. If so they tag it as spam before sending it to other customers that receive it.

      It works very well. We now block almost all of the spam we receive and have not had ONE single false positive.
  • by Nonac (132029) on Thursday March 13, 2003 @11:16AM (#5502951) Journal
    Aside from the AOL spam control center, most of the spam prevention discussed in this email is aimed at trying to stop the sender through legislation and black lists. Legislation will never work, and black lists are marginal.

    The answer to this shortcoming in the current email infrastructure is redesigning email protocols to allow spam to be stopped as it is sent.

    I don't have the answer, but something that forces the sender to verify that the recipient will accept the message before it is relayed will be a start. I also like the idea that came from Microsoft recently of forcing the sender to pay the recipient a small amount of money.

    The problem with bayesian filters is that they filter too much spam. The more people that use bayesian filters, the more messages the spammers will have to send to get through. Because it is almost free to send messages, they will continue to increase the number of messages they send until it gets to a point that email infrastructure can't handle it anymore.
  • by DLG (14172) on Thursday March 13, 2003 @11:17AM (#5502952)
    In the past 2 months, using a combination of tools including SpamAssassin, I have managed to block approximately 32000 spam mail a week. This is more than 50% of our incoming mail.

    I will note that in general this is only coming to around 20% of our users. It is approximately 100 messages per user per day. This actually seems reasonable compared to one of my email accounts that is on a webpage.

    So I would say the only reason the amount of spam is so low is that enough people in our firm don't give out their firm email addresses on the internet to strangers.

    Although they do miss out on alot of great offers for Hovercraft Toys.

  • by walt-sjc (145127) on Thursday March 13, 2003 @11:20AM (#5502979)
    Citing "Freedom of speach", the first ammendment, etc, there still seems to be an ignorant crowd that thinks that we shouldn't have any legal means to curb spam. They still think technology can solve a social problem. As ISPs put increasingly invasive filters on email servers, legit email gets lost. When 99% of all email is spam, will you STILL think it's ok? When ISP's raise your internet fees due to spam, will you still defend its legality? When you are on the road paying $.50 / minute downloading spam for half an hour, even though your local filter blocks it from your view will you still be happy?

    There are people who want to re-invent the email protocol to solve the problem. Yeah, doing something technological can help the FUTURE, but what are we going to do for the 5 years it takes to develop, implement, and deploy this new technology?

    Think about it.

    • by ErikZ (55491) on Thursday March 13, 2003 @11:24AM (#5503033)
      "Yeah, doing something technological can help the FUTURE, but what are we going to do for the 5 years it takes to develop, implement, and deploy this new technology?"

      Probably the same thing we would do if we didn't develop the tech. Just sit there and delete spam.
    • Your rant doesn't make a whole lot of sense. I don't think the problem is that people think that SPAM shouldn't be regulated, (okay maybe a tiny minority), its not regulated because there is no way to do so. I see very little SPAM that doesn't have forged headers or that didn't come through an open relay.

      We don't need new laws. The SPAM is already illegal. You can't enforce a NO SPAM list because a) spammers are difficult to track anyway and b) even if they weren't there is nothing finacially or otherwise
  • by Ed Avis (5917) <ed@membled.com> on Thursday March 13, 2003 @11:21AM (#5502988) Homepage
    The real problem with spam is the economics: it costs next to nothing to send a message, the only real cost (time) is borne by the recipient. Fix that problem and spam will go away. It doesn't need legislation, which in any case could apply in just one jurisdiction.

    A system like Hash Cash [cypherspace.org] could solve the problem. The most popular free mail clients could start including hash-cash postage with each sent message, and then in a couple of years' time start to drop incoming messages that don't have postage paid. AOL could include hash cash in their mail client easily. *Easily*. That spam-detection centre they run is not cheap. Even Microsoft would add hash cash to Outlook, Outlook Express and Hotmail, since it's another encouragement to upgrade to a new Outlook release (which of course requires a new Windows version).

    Getting the whole world to upgrade its mail clients is a hard task, but getting every government in the world to pass anti-spam laws and enforce them is much harder. Goodness knows it's bad enough trying to get _one_ legislature to take a sane view on anything technology-related.
  • isn't it ironic??? (Score:5, Insightful)

    by Botchka (589180) on Thursday March 13, 2003 @11:21AM (#5503002)
    that the biggest purveyor of filling my postal mail box with crap that I haven't signed up for or asked for (ie: cd's and cd holders that are worthless), is now fighting spam. Give me a break! How about they stop mailing those stupid #@%@$%^& cd's and filling the landfills with garbage that doesn't degrade. They are hypocrites!
    • by hkmwbz (531650)
      Except they paid to send you stuff through snail mail. Spammers basically use other people's bandwidth and disk space to send out their crap. Hypocrites? Not at all.
  • Spammunition (Score:5, Informative)

    by BlackjackGuy (631964) on Thursday March 13, 2003 @11:23AM (#5503029)
    My spam problems have almost entirely gone away since installing Spammunition [upserve.com]. It's a bayesian filter for MS Outlook. Wish I didn't have to use MS Outlook but it's a requirement at work.

    Bayesian filters are definitely the way to go. They flat-out *work*. Other programs I've used just didn't perform, like Cloudmark Spamnet.

    • by phorm (591458) on Thursday March 13, 2003 @11:52AM (#5503325) Journal
      The problem is, you are still getting spam. The filter may block you from seeing most of it, and it may stop you from getting tags with linked images, etc... but it's still coming in.
      You, and your ISP, are paying for the bandwidth it uses. And if you ever had to travel and get email by dialup/cellphone... you can expect that you'll notice spam simply by the large delays it takes you to download email.

      Client-side filters only mask the problem... it's like having an air-freshener and big fan in a public washroom.... the stink is still lingering in the background.
    • Re:Spammunition (Score:3, Insightful)

      by walt-sjc (145127)
      Is your spam problem GONE or is it simply hidden from view? You and your ISP have alreay paid the cost of that spam. The cost to you seems minimal, but to a large ISP it is HUGE. When your ISP raises it's rates due to the volume of spam that you do not see yet still receive, will you still be happy with your filter as "The Solution" to spam?

      Don't get me wrong, I have been filtering spam for years. Filters can minimize the impact of the spam problem, but they do nothing to solve it.
  • by kalislashdot (229144) on Thursday March 13, 2003 @11:24AM (#5503032) Homepage
    You know it's a funny thing because businesses like and hate spam. They like it because it brings in money and they hate it because they have to spend money on spam filters and lost work time.

    Here is a possible solution. Spammers cover their tracks. Well instead of trying to go after spammers go after the business that use them. Those businesses MUST be traceable because they include ways to buy their product. If we must make a law, which would only work in the US, it should say "You can't hire a spammer to send your mail". Then when www.pacificmeds.com sends me a spam for "save money on prescription drugs" they can be fined.

    Go after the source, not the person who fills the need. Once the need is squashed by the law spam will reduce greatly.
    • by clifyt (11768) <sonikmatter.gmail@com> on Thursday March 13, 2003 @11:43AM (#5503229) Homepage
      And then what do we do what a company hires an untraceable spammer to send out a million messages with its competitors names?

      I know as a youth, one of my hometowns stores fliered the city with a competitors name and fake coupons for a rediclous amount off to give them a bad name when their competition was at its worst.

      It finally came out the other guys had done this, but the other store decided to make a promo out of it and honor the coupons anyways...backfiring on the others.

      In a smaller town, this sort of thing can be traced back to the source rather easily. On the internet, how are you going to police the fact that PacificMed's greatest competitor (would that be AtlanticMeds) by doing the same sort of thing? Find a spammer in Asia (or one that works for your local college that will simply use Asian relays) and pay them $1000 to send out a million spams either to get them in legal action or simply to give them a black eye in the public's mind.

      clif
    • by Anonymous Coward
      My life as a spammer (in brief):

      Started working for new company under contract. Help the bossman w/ his spam. Make him do it legitimately by unconfirming all lists and sending reconfirmation notices. Result: 60% reconfirm (including people who had reported us for spamming before). Now we have nice, clean lists and the reply-to/return-path headers are actually LEGIT! Imagine that... an honest bulk mailer. Too bad our rep is already soured. We even have people who are afraid to click on the unconfirm links f
  • by SirLantos (559182) on Thursday March 13, 2003 @11:24AM (#5503037) Homepage
    {Complaint}It the past 6 months are so I have been recieving about 200% more spam. I get to work in the morning and delete 90% of my e-mail becasue its spam. Out of every 200-300 e-mails I recieve, I actual only care about 10-20 of them, the rest is spam.{/Complaint}

    The problem is that nobody can find a reasonable solution. Here are some examples of common solutions:
    1."Make spam illegal out right."
    Problem: OK, this is a bit extreme. Even if you did manage to do that, companies from outside the US or companies/people can hide where the e-mails are coming from, good luck catching them.

    2."Charge for e-mails."
    Problem: The people that want that are the post office folks. I seriously doubt anybody would sit back and allow this. Just thinking about pisses me off.

    3."Find the people that send spam and destroy them."
    Problem: OK, this is my personal favorite. But, the goverment already made that illegal. It's like the saying goes: "Some people are alive simply because it is illegal to kill them." BTW, all of you peeps out there that are going to yell at me for suggesting something like that: RELAX, IT WAS A JOKE!!! Have a sense of humor for goodness sake.

    That's just my opinion,
    SirLantos
  • by borgdows (599861) on Thursday March 13, 2003 @11:25AM (#5503051)
    after renaming "french fries" Congress has just decided to rename "spam" as "french email" !
  • Ratio is higher here (Score:3, Interesting)

    by Lumpy (12016) on Thursday March 13, 2003 @11:26AM (#5503056) Homepage
    3 legitimate Emails and 81 spams this morning. typically my spam filter catches between 60-120 a day on my work address and I have to add 3-4 more rules a week to keep it down.

    A simple solution is replacing the broken SMTP with something that requires authentication and doesnt give you the ability to modify the headers unless you run the server. If the spammers have to use real email addresses or had a real way of tracking them easily attached to every email, they would stop.

    Just like how cockroaches scatter when you turn on the lights.
  • by Anonymous Coward on Thursday March 13, 2003 @11:26AM (#5503060)
    One thing about spam that stands out, is that so much of it is of a very explicit sexual nature. It is sent indiscriminately to individuals who are unlikely to have any use for these products and services.

    My theory: most spammers are the cyber equivalent of "flashers" - sexual deviants who derive thrill from shocking unsuspecting citizens. I believe that the products offered are largely irrelevant. It is the shock value which motivates the spammer. Perhaps they could be prosecuted under similar sex crimes laws that allow us to go after the "flasher".

  • by LMCBoy (185365) on Thursday March 13, 2003 @11:30AM (#5503098) Homepage Journal
    According to POPFile [sourceforge.net] only 18% of my email messages are spam, but it's 46% when you take the file sizes into account. The total memory fraction would seem to be a more relevant measurement if you're an ISP concerned about spam's costs.

    So, when they say 40%, is that by number of messages or total size?
  • by handy_vandal (606174) on Thursday March 13, 2003 @11:30AM (#5503102) Homepage Journal
    Forty percent? That's nothing. Sturgeon's Law [jargon.net] states that ninety percent of everything is crap.
  • by Continental Drift (262986) <slashdot@@@brightestbulb...net> on Thursday March 13, 2003 @11:31AM (#5503113) Homepage
    My Eudora filters allow me to auto-reply to mail coming from someone not already in my address book. The auto-reply tells the writer to try again and put a code word in the subject line, which the filters will then bypass. This is very effective, and since I implemented it, I don't see spam. It is a bit of a pain for people writing to me the first time.

    Now, a white list like this can be bypassed by a spammer claiming to be a friend of mine. It can't claim to be me, because my filters automatically delete anything sent to my address claiming to come from me. I'm wondering if anyone else who has implemented a white list for themselves has seen any problems with it.

  • more like 60-70% (Score:5, Interesting)

    by Cheeze (12756) on Thursday March 13, 2003 @11:32AM (#5503118) Homepage
    i run a small isp's mail server system (~30k accounts) and just our dnsbl blocks about 60% of all incoming e-mail. spamassassin and various other techniques pick out about 5-10% more of the overall.

    Blocking spam before it gets to our main mail server has extended the life of our mail server indefinately. The less we have to spend on hardware, the more time and energy we can spend on building quality of service for our customers. That keeps the customers happy, and keeps the business people doubly happy, since they don't lose customers and don't have to buy new hardware every year for a mail system.
  • Not true (Score:3, Funny)

    by roman_mir (125474) on Thursday March 13, 2003 @11:33AM (#5503139) Homepage Journal
    95% of all email is spam. The rest is my project manager sending out emails about TPS reports.
  • by $criptah (467422) on Thursday March 13, 2003 @11:36AM (#5503165) Homepage
    For every action there is a counter reaction, right? Fight back! You can do it passively by setting up filters (Mozilla does an excellent job in that department) or spam back the spammers. The trick is to find spam that originates from a legid address. Send an email to that address and see if it goes through. Then set up a script on every single computer on your home network (which in my case is several FreeBSD boxes) and mail random crap to spammers (a cron entry works beautifully). Believe it or not I actually got a reply from a person saying that they got the point and removed me from the list. The other guys were persistent. In order to get rid of them (they did have actual usernames in the email address) I had to go to every goddamn gay porn site and subscribe them to free porn and a newsletter. I know, some of you will say that I have a lot of free time on my hands and may be I do. But every person who gets spam does something about it, including calling a senator and pushing for laws, I think we can fight it.
  • by gse (68728) <gse@antisleep.com> on Thursday March 13, 2003 @11:36AM (#5503177) Homepage
    One billion spam email a day, just through AOL. Gosh.

    I figure I get about 425,000 a day myself at this point (er, give or take). It's at the point where it's getting painful to go through my SpamAssassin "caughtspam" folder. But there are still enough false positives (really, one is enough) that I can't send the whole thing to /dev/null.

    Meanwhile, I'm accruing a great collection of classic spam subject lines. Some examples (all real):

    • "I don't need your social security number yet"
    • "this mom loves to stick hot dogs up her cooch"
    • "Pill to Increase Your Ejaculation by 581%"
    • "i am not perfect but i suck c0ck"
    • "I got revenge by fucking! Here's proof :)"
    • "Mission: To fuck as many mothers as I can!"
    • "Fucking Machines! 13IN, .5HP, 350RPM"
    • "Your slut wife boss need some action!"
    • "#1 COLON CLEANSER! SEE PROOF"
    • "Maybe your pets dream of intercourse with you"
    Mmmm, society at its finest.
  • by jj_johny (626460) on Thursday March 13, 2003 @11:38AM (#5503192)
    AOL does no filtering on the content only on the header information. It does nothing with the content of the email messages. It forwards every mail that is accepted by its mail servers to the users. Thats why AOL only blocks about 50% of the stuff. Even if they accepted the mail, they should be deleting or giving me the option of deleting without seeing every mail that wants to increase my unit's size or my wife's boobs and the pharmacy come ons and the Norton junk. But AOL continues to act like a single lost email is the end of the world. Well give the users some tools and let them decide. No wonder they are losing subcribers, they don't know how to deal with the number one annoyance on the internet today.
  • by gergi (220700) on Thursday March 13, 2003 @11:45AM (#5503246)
    I (if you want to me, email at gergi@aol.com!) don't know why I get so much spam (gergi@aol.com if you know of a good solution to get rid of it!) I'm very friendly and social (gergi@aol.com to reach me) and I don't know why people would spam me at gergi@aol.com!

    Later,
    gergi@aol.com
  • Sliding scale (Score:5, Informative)

    by phorm (591458) on Thursday March 13, 2003 @11:48AM (#5503290) Journal
    I think this could almost be measured on a sliding scale based on lifetime of an account. Once a user opens a new account - unless the email address is easily guessable or his email provided sells it off - spam volume per real email will be low.
    Then, you get a few friends your email. General email volume increases. You sign up for some server or other and forget to use a protect email... spam starts to drip in.
    A little while later, the drip becomes a trickle as your email gets sold again, and again, and spreads like splitting amoebas.
    Then... a few friends send you e-cards around Christmas, or invite you to some joke sites etc. Not your really gonna get it (I strongly b*tch-out any who e-card me at my work address).

    To top it off, a LUG or whatever you are posting to puts their history on a public website... you start getting picked up by spam-spiders.

    So over time, one will go from maybe 0-5% spam, to 50+% spam. As more people get you in their address books, the more likely it is that somebody will let your email slip to a spam-source. And spam-sources sell your email to other spam-sources... it spreads like wildfire.

    The best way to protect yourself is to use a difficult-to-guess, 9+ character email, for which you never sign up for anything with, and only give to people you trust not to e-card you or have "sniffers" installed on their system which gives away the address book. Using bounce addresses might help also, as you could then switch bounces but still pull from the main email, and then filter the ones that get messy or drop them.
  • Terrorism! (Score:5, Funny)

    by fredrikj (629833) on Thursday March 13, 2003 @11:50AM (#5503309) Homepage
    $10 billion, that's a lot of money, and therefore an argument that George W. Bush might listen to. So, how about lobbying the US government into declaring spam "terrorist activity"? Just imagine the concept of special troops hunting down spammers, then locking them up without without a trial and throwing away the keys. Unless you bombed them off the face of the earth directly... In either case, we could even laugh our asses off while watching it live on TV!
  • by ipmcc (466386) on Thursday March 13, 2003 @11:51AM (#5503318) Homepage Journal
    If ISPs could find some way to limit each accounts number of outgoing messages, or charge per outgoing message over, say, 500 messages a day, this would probably be much less of a problem.

    At the core of this problem is the Accountability Void, and the temptation that carries with it. When you look at the lengths that (some) ISPs and watchdogs go to block (much to libertarian chagrin) kiddie porn and other potentially offensive material, its clear that solving the spam problem is NOT about technical feasibility. If there was impetus there would be a solution. The problem is that the ISP can say "we dont send it, we dont receive it, its not our problem," the spammer can say "I send it, but I use fake accounts that get closed in 6 hours, so I don't have to take responsibility for it" and, for the most part, the receiver says "I received this, but theres really not much I can do about it." I describe this phenomenon as an "Accountability Void." No one is responsible for spam.

    Until there is an accountability structure in place, either legislative, technical, or economic, spam will go on. One of these days, AOL or some other "big enough" player is going to do something that will "change everything" like demand digital signatures, or some other method that fills the accountability void and spam will cease to be a problem.
  • by magarity (164372) on Thursday March 13, 2003 @12:06PM (#5503455)
    Spam is not just a problem of numbers of emails, but also how big the darn things are. My filter's stats so far for this month reveal that while spam is barely over half of the quantity of mail I get but is over FOUR TIMES the size of real email:

    Total Volume Sent on as Clean Mail: 211 (342.3KB ) 44.8%
    Total Spam Messages: 260 (1.4MB ) 55.2%

    This is the most important evil of the spam flood; not only do I not want it but it's huge!
  • by Burdell (228580) on Thursday March 13, 2003 @12:19PM (#5503577)
    I just installed an upgraded spam filter server at the ISP I work for, and we are now filtering out almost 70% of inbound mail as spam (with basically zero false positive complaints). We combine Brightmail [brightmail.com] with the three main MAPS [mail-abuse.org] lists (RBL, DUL, and RSS), as well as the basic DNS based checks (for valid domains, etc.) built into the mail server, with Brightmail catching the most by far.

    You can see our mail stats here [hiwaay.net].

  • by Fritz Benwalla (539483) <randomregs&gmail,com> on Thursday March 13, 2003 @12:21PM (#5503605)

    About 18 percent of the traffic carried by the US Postal Service is bulk mailing, but USPS studies say that postal employees spend 25 percent of their time sorting it. All a waste? Keep in mind that the DMA asserts the $50 billion was raised as a result of bulk mailings by charities.

    I'd be interested in knowing what the total load on our economy is from the two forms, inluding manpower, network load, inconvenience etc. My suspicion is that the hyperventilation over spams growth is driving up the percieved cost, especially when you consider the cheapness of bandwidth, and that spam control is an automation battle leaving the real expensive resource, humans, to design the filters and clean up what they miss.

    "The spammers are evil folks," Evil? Like Hitler evil?

    Opportunists, yes. Using mildly unethical means to further themselves in business venture, often. But I wonder how many people who are apoplectic about the "evilness" of spammers cheat on their wives, cheat on their taxes, park in handicapped zones, etc. . .All no more evil than faking a return address, and certainly no less.

    -----

  • by DaemonSD (537539) on Thursday March 13, 2003 @12:36PM (#5503726) Homepage
    A lot of people here are saying that more than 40% of their email is spam and that the figure quoted is somehow wrong. A lot of people here also fail to take into consideration that the 40% figure is very likely an approximation or an average and is not valid for every single user on the internet. Being computer literate, having a website, posting on different websites and other internet activities contribute to more spam because of email harvesting. Sure, you and I get more spam than the average Joe, my spam is more like 80% of all emails received, but do not forget about all the people that are on AOL and have only given their email to their family relatives. Granted, they will receive some spam too, but surely not as much as the rest of us.
  • Whitelists! (Score:3, Interesting)

    by Tikiman (468059) on Thursday March 13, 2003 @01:11PM (#5504119)
    I'd estimate that 99% of mail I get is from people I am expecting it from. I could easily configure my email client to put this mail in another folder. At the end of the day (or more often), I can look at all the non-whitelisted mail for stuff that wasn't spam-tagged to look for new people to whitelist - takes about a minute. While spam may be a huge infrastructure concern, I really don't see it as a huge productivity concern.
  • Remove the Filters (Score:3, Insightful)

    by jetsetscoot (578227) on Thursday March 13, 2003 @01:45PM (#5504465)
    Is 40% what the user sees or what hits the ISP?

    What if for one day - 24 hours - everyone who is running a spam filter at any level simply took the filters down. Show the users what the real flood of junk looks like. I bet the hue and cry would provoke real efforts - legal or technical - to solve the problem once and for all.

    I find myself thinking; what's all the fuss about, I only actually see a half dozen spam messages a day in my Hotmail and POP accounts. But I know that for every piece I see there are untold dozens being blocked by filters. Filters merely hide the scope of the problem from the end users, but ISP's still have to deal with the bandwidth.

    Take down the filters for a day and let everyone see the real scope of the horror that is spam

    -Jetset

    - I can't hear the forest for all the falling trees-
  • by angle_slam (623817) on Thursday March 13, 2003 @02:00PM (#5504596)
    Does anyone here use a Disposable email address service? Examples of such services include the following:General information about disposable email addresses can be found in this PC Magazine article [pcmag.com] and this about.com article [about.com].

    Briefly, I'll explain how they work in theory. After signing up with a disposable email service, they give you a disposable email address that you can, for example, enter into forms. Mail sent to that disposable email address gets automatically forwarded to your email account of choice. But here's where they supposedly come in handy. You can sign up for a different disposable email address everytime you fill in a web form. If you start getting spam, you can look at the disposable email address the spam was sent to and you can do 2 things: (1) cancel the disposable email address so you no longer get spam sent to that address; and (2) you know who gave out your disposable address and you can take whatever action you deem appropriate.

    This seems like a cool product, in theory, but I haven't seen anyone with real world experience with these services. If anyone here can describe their experiences, it would be greatly appreciated.

  • by kotku (249450) on Thursday March 13, 2003 @02:58PM (#5505179) Journal
    I just created a web site [geocities.com] whose terms of service are that if you send an email to the email address listed then you will be charged for spell checking the email at £10 a character. Anybody want to advise on what my chances of collecting are ?
  • Rackspace (Score:3, Informative)

    by Skapare (16644) on Thursday March 13, 2003 @03:05PM (#5505243) Homepage

    It just seems to odd to refresh the page to see more comments about spam, and I get a banner ad promoting one of the larger spammer hosters in the US ... Rackspace. Those who sign up for service from those scumbags are just as bad as the scumbags because that effectively helps support the spam they keep pounding my servers with. So far today, 98 attempts just from Rackspace addresses. Yesterday there was a total of 240.

    And while previewing this comment submission, yet another Rackspace banner ad. Don't these guys know I'm never, ever, going to pay them for any services?

  • by ZarkDav (1048) on Thursday March 13, 2003 @03:29PM (#5505498) Homepage
    I work for a medium-small ISP in FR. We host around 6500 domains and 150k mailboxes.

    Our abuse department is manned by one person 365 days a year, a bunch of scripts, a largish database integrated with our customers database, and lots of red tape. This person calls our customers when they are the source of spam or other non UCE conforming use of our network (including running an open-relay). He explains the situation politely and asks the customer to conform to the policy written in the contract. If the customer does not comply after the first warning, he must look for another ISP to do business with, for we send him an official letter (with official receipt acknowledgement)each time we interact with him.

    All in all, given our company size, a bit over 1% of our costs are burnt by our abuse department. Needless to say, we relay these costs to our customers, as do most of our competitors.

    This is only half of the cost of spam from our point of view. Our mail servers farm is sized in order to perform well even with 40% of the mail being spam. These are larger human and hardware costs associated with spam as well (though more diluted and thus difficult to pinpoint).

    Spam costs people and companies a lot of money, we feel the need for the Internet mail system to be reengineered in order for the cost of sending email to become high enough so that spammers don't get away with their offense.

    The Brightmail report is not a big surprise.

No amount of careful planning will ever replace dumb luck.

Working...