One Third of Email Now Spam 431
Himanshu writes "The volume of spam received by business has doubled over the last two years and it's going to get worse.
Analysts IDC reckons that spam represented 32 per cent of all email sent on an average day in North America in 2003, doubling from 2001. That figure is less than the 50 per cent or more junk mail statistic commonly cited by email-filtering firms like MessageLabs and Brightmail but it still represents a serious problem,"
Bah. (Score:5, Insightful)
So what? (Score:2, Insightful)
News? (Score:4, Insightful)
See
Happy Spamiversary! [slashdot.org]
Celebrating Spam's Ten-Year Anniversary [slashdot.org]
U.S. is World Leader in Spam [slashdot.org]
This is by no means a good list of all the spam stories that have hit slashdot, just a list of the ones that seem to have no point, are glaringly obvoius, or are redundant.
Thank goodness for filters, BUT... (Score:5, Insightful)
So what if I don't have to see the mail? That doesn't mean my mailserver isn't using cycles to talk to some originating server, transfer, store and eventually delete that spam. The only saving grace is I don't have to pay for bandwidth on a usage basis (cable modem is still, happily, "flat rate").
But what happens if that volume gets to be high enough that it starts to affect my ability to use the bandwidth for other things?
What we have available are basically work-arounds; we need a concrete solution that addresses the basic problem.
So what is the problem? People soliciting without you opting in? Deceitful mail designed to make you open it thinking it is from a friend? The sheer volume?
The real problem is we haven't found an effective way to trace this crap back to the people supposedly "making money" with these schemes.
Solve *that* issue... put a name, address, and bank account to that spam, and we'll clean this stuff up in a hurry!
Re:I get tons. 1 in 3 ha! (Score:5, Insightful)
Note that the analysis says that 1/3 of all email sent is spam. This can easily be coincide with many users receiving lots more spam than this.
For instance, there might be many users which receive a larger slice of the other, legitimate 2/3, thus making up for those who receive less of it.
both numbers could be right (Score:1, Insightful)
But for those who use filters, it is likely to be >50%, since why would they be using filters if they didn't have a spam problem? I don't use a filter b/c I don't get spam, but others who are overwhelmed with it will be using filters.
Re:Bah. (Score:3, Insightful)
Same here -- I've had my domain name for about 4-5 years now, and while it wasn't bad for a long time because I was careful to always muddle up my address, at some point this year my address got on some big spammer's lists and that was it. My catchall default account for non-existent addresses and the "default" address gets around 300 pieces of junk mail a day, and that's constantly increasing, and SpamAssassin catches another 300-500 a day over and above that. It's awful. When I first installed SpamAssassin it did a good job of cutting down my spam to 3-4 making it to my actual Inbox a day, but now the volume has gotten so high that I'm starting to get about a dozen or two making it through, and that's just getting worse.
It isn't as simple as changing addresses... I have a business people need to contact me for, business cards, letterhead, and everything has my email address on it. On my site for every 1 real email I get there's at least a dozen spams. What is going to happen when 50 or 75% of ALL email is spam?? Filters just aren't cutting it anymore... if I am losing legitimate business mail in my filters there's no way to know it. The volume of filtered mail is too great to check one by one, and without the filters, my entire email is virtually worthless.
Re:it ain't fair (Score:2, Insightful)
Re:Not True (Score:2, Insightful)
The only way it could be merely 1/3... (Score:5, Insightful)
Corporations deal piles of mail on the inside, that never gets out to the genpop: HR crap, memos, meeting notices, etc. etc.
Customer relationships also generate piles of e-mail, but that should be visible to your average slashdotter who buys stuff.
I wonder if they're counting automated, machine-read e-mails such as SEC filings and other things that humans never read?
Those darn jokes (Score:3, Insightful)
Re:I would believe (Score:3, Insightful)
So, in short, I'd tend to believe the 32% figure. Most of my users don't have their email address published anywhere but their business card and send a lot of work related email in the course of a day.
Re:Changing "block" lists to "allow" lists (Score:3, Insightful)
Interesting idea, I suppose. A company I worked with briefly was considering something like this. Email from sources not on the "whitelist" would get a kind of bounce message that directs you to a page on the company web site. The page explains the whitelist idea and asks you to do a Yahoo-style "type in the word you see in this picture" verification of non-bot-ness. Thereafter, you're on the list as OK. They still haven't implemented it company-wide though (I sent 'em an email last week and didn't get bounced ) so it probably doesn't work as smoothly as it sounds...
Re:I would have guessed much higher (Score:3, Insightful)
Re:it ain't fair (Score:5, Insightful)
Nonsense. Even setting aside the obvious frauds contraband offers, unauthorized use of trademarks, etc. found in 99+% of spam, it is a violation of property rights. The First Amendment does not protect spamming any more than it protects grafitti vandalism.
At most, the law might reasonably tolerate spam if it evidences no attempt to evade filtering -- no forged headers, no "v1agra" munges, no misleading subject lines, no nothing. The use of such techniques creates a "bright line" between spamming and legitimate bulk e-mail, because it constitutes prima facie evidence of intent to intrude without permission (and, indeed, against an express prohibition).
Bottom Line: The computer-cracking laws ought to be clarified so that the evasion or spoofing of a spam filter is treated just like the evasion or spoofing of a password prompt.
Send more legitimate email!!! (Score:2, Insightful)
Two further points.
1) Lots of comments are talking about how much spam they _receive_, this article was talking abut how much spam is _sent_. Naturally since spam is sent in huge numbers from few originators but most people don't send any spam, there's a greater ratio of spam received per user than sent.
2) Many comments say spam is easy to block, but then talk about blocking spam to only a small population or just a few accounts. The genuine email expected by one company that e.g. supplies bathroom fittings will be easier to avoid blocking than a huge diverse population e.g. a University, where people work in many different areas on lots of different projects.
When spam blocking, avoiding false positives (blocking genuine email) is key.
ERROR (Score:4, Insightful)
Re:Oh no! (Score:4, Insightful)
SPAM isn't "any unwanted email"
it's UCE.
Unwanted email is probably already outnumbering wanted email. But viruses are ALREADY illegal, so fudging them in with the spam, reduces the credibility of those who complain about spam, in lawmaker's eyes, who associate people who don't like spam with whiney people with no sense of discernment.
The article is about spam, which is probably reducing its "inbox percentage of total emails received"(for people who don't have gateway-level virus filters) and increasing it's "inbox percentage"(for people who block those at the gateway level, and never see the viruses).
Lumping our enemies together is great, as long as you like them outnumbering us, a faceless myriad of enemies. If you want to fight them, we gotta categorize them, unanonymize them, and take em out, one at a time.
--
I still remember the internet before spam
It was idyllic
Re:Oh no! (Score:3, Insightful)
What would be better about their results?
It currently costs them nearly nothing to send millions of emails to blind lists of emails and random names at random domain names.
How would spending time and effort trying to do anything sensible with that list get "better results" for a spammer?
As much as we hate it, they are behaving in the most cost-efficient way for a scumbag marketer to behave. Any extra effort expended must give better results in order to be worth it, and pissing off less people doesn't put any dollars in their pockets.
Re:Oh no! (Score:4, Insightful)
Re:Oh no! (Score:3, Insightful)
Fewer complaints, and far less likely that they would end up in court for spamming.
Seriously, if spammers had any foresight, they would at least try to target interested people. They would honor unsubscribes. They would put legitimate info in their header.
None of that would make it acceptable to me, of course, but if most spammers did that, congress wouldn't be passing laws about spam, and far fewer people would complain about it.
As they are doing it (the cheap and easy way), they are forcing people to get decent spam filters, they are convincing lawmakers that laws must be passed, and they get a lot of complaints.
I know I flunked algeebra but....... (Score:2, Insightful)
If 1/3 of all the email that is SENT is spam then how is it that over 60% of the mail received is spam as reported by BrightMail a few months ago?? Does it have babies as it goes through the routers?? If so is Spam processed out of rabbit meat?
1=2 I'm confused?
About the same in meatspace (Score:3, Insightful)
An interesting point about physical junk mail, by the way, is that it costs money to produce and it costs money to send. And yet, continue to get the same crap day after day. There are a lot of people out there who think that the key to stopping spam is going to be charging the sender for sending mail. But real world experience shows us that it just ain't so... physical mail costs a lot more to produce and send than anyone has proposed charging for e-mail, and we still get plenty of junk mail.
I think the real key is going to be something akin to the national do-not-call list. In fact, it could be an extension of it. You could register an address (street or e-mail) and say that you choose not to receive unsolicited commercial mail. That, combined with better regulations requring accurate sender information, could really help.
I solved the English spam problem. Interested?... (Score:2, Insightful)
In a nutshell, my program, CF13 uses a number of simple, non-mathematic, pattern-matching tests to make it virtually impossible to get English language spam past it. These tests do not require the overhead associated with Bayesian Filtering [paulgraham.com] and its ilk.
I think the key feature to it is to treat as spam all email from unapproved senders that contain more than 'spaces' and alphabetic charaters.
This simple but powerful feature makes it IMPOSSIBLE to conveniently spell email addresses, URLs, postal addresses, prices, and phone numbers. These items are neccessary for e-commerce to take place. Without them, e-commerce is IMPOSSIBLE or at least extremely difficult to conduct. It also treats as spam email containing 'non-ASCII' characters. I have gotten quite a few such emails at another email address I use infrequently--all spam (sales pitches in foreign languages).
As an added benefit, CF13 makes it 100% IMPOSSIBLE to accidentally run malware sent by email provided a particular registry setting has not been compromised. [trendmicro.com] It does this by treating all email and file attachments as 'text files' that can be scanned for malware and handeled safely. Thus, one's PC CANNOT be compromised by a malicious malware HTML webpage or worm/virus/trojan email file attachment.
It also detects 'mailbombing' and handles it a manner that makes it easy to clean up afterwards.
It is probably best to fight spam at the SMTP server level but I have heard it is best to fight spam at the end user level. Both approaches have their advantages and disadvantages so this issue appears to me to be a toss-up for the time being....