Spam Doubles, Finding New Ways to Deliver Itself 486
An anonymous reader noted that the times is running a piece on the rise in spam that you might have noticed in your inbox over the last 6 months. Gates promised the end of spam by 2006, but they figure it's doubled in the last few months. And best of all, a huge percentage of spam is now images that circumvent traditional text analysis.
ban images? (Score:2)
If Spammers knew that all of their lovely penny stock
Tom
Re: (Score:2, Insightful)
Now, dropping emails that contain images as inline attachments might be a good idea. As would droping any and all emails with a Content-Type of text/html.
Re:ban images? (Score:5, Informative)
Re: (Score:3, Insightful)
Honestly, I'm glad spam has doubled in the last six months. I say pile it on... but not because I'm some sort of masochist. It became clear to me a long time ago that the current technology for sending email just don't cut it anymore, and we need to move to something new. Anything new i
Re:ban images? (Score:5, Insightful)
Yeah, cuz it's not enough that I can no longer relay e-mail directly from my machine. It's not enough that I now have to have reverse DNS otherwise my e-mail gets rejected. It's not enough that e-mails that aren't SPAM get dropped/flagged. It's not enough that many e-mail providers drop useful attachments and scan so intrusively into them that I need to encrypt them if I want the e-mail delivered.
Let's take away yet more functionality due to spam! That's a great idea. Seriously, I hate SPAM but the zeal to stop it has ruined many useful features of SMTP.
Re:ban images? (Score:4, Insightful)
If clients weren't so friendly to "auto show" images this spam would never had existed.
I too send attachments to folks but usually only source files and/or patches (e.g. really small things).
I want my email client to read/write messages, not the "web". It's bad that HTML emails exist
Tom
WE INVITE YOU TO COME SEE THE 2020 (Score:4, Insightful)
The real problem is authentication in email. While mail servers accept email with any arbitrary 'from' address, this problem will persist.
Re:WE INVITE YOU TO COME SEE THE 2020 (Score:4, Insightful)
Re:WE INVITE YOU TO COME SEE THE 2020 (Score:5, Funny)
Re:WE INVITE YOU TO COME SEE THE 2020 (Score:4, Interesting)
Of course now that the spammers know this, they're moving around the letters, putting in noise, and throwing various geometric shapes into the background to confuse the OCR.
The bad thing is, at this point the only thing they're able to use it for is trying to pump up a stock. Any links and we'd kill it dead really quick. It boggles my mind that people could possibly take a "stock tip" from a picture of jumbled up, scrambled words with all sorts of triangles and circles in the background.
Re:WE INVITE YOU TO COME SEE THE 2020 (Score:5, Interesting)
This never works, simply because the scammer has such an enormous volume of the stock pre-purchased that they can easily undercut your selling price on the market while still making a profit, and hence their stocks will always be dumped before yours are. Of course, in theory, if you have an even larger volume, and can undercut them, you could profit. That would, however, technically mean you are now the pump and dump scammer, even if they do all the work for you.
Re: (Score:3, Interesting)
No joke. HTML in email is a lesson in frustration when trying to design an E-Newsletter or some such marketing thing. Though, once you get your feet dirty, you start to know what you can and cannot do easily.
However, I do appreciate HTML emails and they have good uses. It's cost-effective and a great way to deliver attractive marketing messages to customers. Of course, that's when I (or one of my compani
Re: (Score:2)
Think about it for a minute. (Score:2)
Unless your ISP is blocking outgoing connections to port 25, sure you can. It's up to the recipient whether they want to accept that connection or not.
Again, that's a choice made by the recipient.
Again, that's a choice made by the recipient.
Wrong. (Score:5, Insightful)
And we have lost a tremendous amount of functionality due to SPAM. There was a time not so long ago when I could send to a family member: email with an attached photo, email with an attached document, email sent from my own PC and handled with my own SMTP daemon, email that was only two or three lines long, etc.
Now all of these are likely to be rejected. Even plain text email sent with a large subscription SMTP server is now getting blocked by some friends and family members' service providers simply because the domain of the address (my personal web domain) is not whitelisted and this hits the SPAM score where it hurts. A phone call is great... unless you were hoping to do one of the many useful things you used to be able to accomplish by sending attachments (i.e. send an article you're working on to a friend to have them read it and mark it up with revisions before sending it back).
So I suppose your answer is that we should all get an @gmail.com account, have to use it via the Web interface to send plain-text only email with zero attachments that's at least five but no more than twenty sentences long and doesn't use the words "sex," "free," or "mortgage."
Fine, but don't pretend that email hasn't lost a significant amount of functionality due to SPAM or that these restrictions are being imposed democratically by the consensus of common users. Functionality has indeed been lost and the decisions are made by admins at major email providers trying to save costs and manage the tremendous problem that SPAM has become.
The proper solution isn't to filter more. The proper solution is the death penalty for SPAMmers. I'm quite serious. We execute far too many blue collar criminals in this world and not nearly enough white collar ones. SPAMmers should be first among these.
Re:Wrong. (Score:4, Funny)
() technical (x) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
(x) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's life or business
Specifically, your plan fails to account for
(x) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(x) Asshats
(x) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
(x) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
(x) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(x) Extreme stupidity on the part of people who do business with Microsoft
( ) Extreme stupidity on the part of people who do business with Yahoo
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(x) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid guy for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Re:Wrong. (Score:5, Funny)
Email certification.
If you want to be able to send Certified Email (CE), you apply for Certification from the company that gives you internet connectivity. They check you out, and 'Certify' you as being a legitimate emailer (ie: not a spammer). Then, you generate a private/public key pair and give them the public one. In the headers of all your email, is their certification, and an encrypted header line that's createdusing your private key.
When email arrives at the recipients server (or this could be done at the client level, as well), the server sees the certification, and connects to the certifying server to get your public key. It attempts to decrypt the header line. If it does it marks the email as 'certified', if it cannot, it marks the email as 'uncertified', and the email client can be programmed to filter messages based on that.
Due to the public/private key cryptography, there can be no certified email spoofing. (Assuming the private keys are secure, the keys are of decent length, etc.) All emails are traceable back to the originating server. CORRECTION- all CERTIFIED emails are traceable. Anonymous email is still possible. People can still set up email servers for mailing lists without "having" to get them certified. And people can still receive non-certified mail.
If an email server sends out spam, the complaints go to it's certifier. They can drop the certification, deleting the public key from their server. When this happens, ALL the email from the spamming server is now 'uncertified', and gets handled accordingly by email clients. If nothing is done, complaints go to THEIR upstream, etc. Individuals and groups can keep their own blacklists, if they wish, and anyone can choose to filter emails according to those lists.
Now, I've looked over that 'form email' that people like to post to shoot down anti-spam ideas. And nothing applies to this idea. (If something seems to apply, it's because I either left out details, or explained something wrong.) This idea does NOT need to be universally adopted, nor does it need to be adopted by everyone all at once. It's primarily a way of reliably tracing (certified) emails back to their originating server. The anti-spam part comes later: if you receive certified spam, complain and get the server un-certified. If you receive un-certified spam... well, just have your email client dump all uncertified emails in the trash. (Not nessisarilly, you could just use it's un-certifedness as a factor in filtering your email.)
This idea does not require anything be changed with SMTP. It simply requires a second connection be made to the certifying server. Now, before you bitch about the extra bandwidth, I'd like to remind you that, once this idea catches on, spam will be greatly reduced. This reduction will MORE than make up for the slight increase in bandwidth created in querying the certifying servers. Also, the certifying servers can set time limits on when the certifications expire, and need to be re-downloaded (kind of like DHCP leases). A 'new' company that just applied for certification might have it's certificate set to expire almost instantly. This way, every email they send requires a download of the certificate. This allows the certificate to be pulled rapidly if they start spamming. After a month or two, it could be set to expire weekly or monthly.
To sum up: Email Certification is reliable way of tracing the certified emails back to their originating server. This allows spammers to be identified unequivocally, and have their certification pulled. Email servers are NOT required to be certified, and anonymous email is still possible. Email recipients can, if they choose, set up their client to send uncertified emails to the trash, or to handle them however they wish. White lists and black lists are still possible. 'Hobby mailing lists' are still possible, certified or not. The extra bandwidth is minimal, and easily overshadowed by the reduction in spam being sen
Re:Wrong. (Score:5, Interesting)
(x) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Incidentally I've found a post [slashdot.org] detailing the origins of the form if anyone's interested.
Missing option. (Score:3, Interesting)
with a while back. It's a hybrid legislation and
vigilante approach in which the law legalises one
very specific form of vigilanteism:
Here is my law:
Make it not illegal to send hot cheques or
bogus credit card numbers to spammers.
This permits a kind of reverse spam. We know that when
some item is offered for sale via spam, only a very tiny
percentage of people respond to buy the stuff. If outraged
recipients were allowed to send ba
Re: (Score:3, Interesting)
One down [wired.com], 124 to go [spamhaus.org].
Not that I'd ever advocate anyone doing anything illegal, of course. But I just can't seem to be able to shed any tears for Mr. Kashnir. I doubt many are.
Re: (Score:3, Funny)
Re: (Score:2)
HTML in e-mail was never standard functionality anyway. E-mail is a text medium, which has grown in some ways without growing the infrastructure to go with it.
What we have needed for a long time is e-mail 2.0: a proper, standardised protocol that deals with text messages including formatting, that is always encrypted, and that includes formal methods to authenticate the source (probably based on some sort of web of trust) and flag unwanted e-mail (to
Re:ban images? (Score:5, Interesting)
HTML in e-mail was never standard functionality anyway. E-mail is a text medium, which has grown in some ways without growing the infrastructure to go with it.
HTML e-mails annoy the hell out of me, mainly because for a long time I was quite content to use older e-mail clients that didn't support them. But that's not what I was lamenting.
I was lamenting how anti-spam measures have made e-mail less and less useful. It was drowned out by the righteous replies of "I'll do whatever I want with my mail server". You can do whatever you want with your own server. But I'm allowed to lament the fact that e-mail has become less and less useful.
It seems to me that there is no technological solution to this problem as long as it remains profitable to SPAM. Any technological solution is short lived (i.e: arms race) and will have at least some negative effect. Can't we take away the financial motivation to SPAM? Go after the companies whose products are being sold? The spammer may or may not be offshore or may or may not be using zombies but if that spam message is to be successful then it has to point me at a product. Go after that product!
That's probably naive of me and smarter people then I have attempted to solve this problem. Still, I miss the days when I could just put up an e-mail server and all it had to do was deliver messages to my users. It wasn't the servers job to care about what was in the message -- it was the clients.
Re:ban images? (Score:4, Interesting)
This happens today with email viruses and botnet attacks, and don't think that it wouldn't happen if you attacked products advertised in spam.
Re: (Score:2)
Unfortunately, if you go after the product the spam offers, then it turns into a vehicle to damage a third party. Now when someone doesn't like a company/product, they will pay to have a few millions spam messages sent out, and destroy their competition. Or they will threaten to do the same if said company doesn't pay a large amount of money.
I didn't pretend it would be a perfect solution. But you can't deny that no technological measure is going to solve this problem. It's an arms race -- the proverbi
Re:ban images? (Score:4, Insightful)
Re: (Score:3, Insightful)
And it still should be.
As you point out, the admins have not solved this problem. Mostly because most solutions go after a specific 'attack' and not the problem.
AS I see it, the best way to help this problem is personal whitelist autogenerated be demanding a one time responce from the sender. No response in 30 days(or whatever) it gets trashed.
Once an email address has been authorized, then it's golden. If it is authori
Re: (Score:3, Funny)
Re: (Score:3, Insightful)
Just send using your ISP (Score:3, Insightful)
Everybody delivers e-mail messages through the SMTP server of their ISP. What is wrong with that?
Network administrators get thousands of connections from infected machines. They drop those connections, except the connection from the official SMTP server of that IP-block. If someone can't put aside their blind determination to ignore the SMTP of their ISP, or lack a damn good reason to send email directly, their deserve
Re: (Score:3, Insightful)
If I really want to share pictures I'll put them on a website or Flickr or something.
At which point, we might as well go back to taking pictures on film and sending copies through the mail. [rolls eyes] Practically all the picture-sharing services are an enormous PITA, and not everyone wants to put up every picture they want to show someone on their personal site.
For corporate servers, I agree, the idea of a no-image-attachments policy makes a
Re: (Score:3, Insightful)
* The executable ban: another PITA, and one that's occasionally caused me real problems. Is it a good idea generally? Sure, but that's the problem with blanket policies that seem like "generally a good idea" -- when they fail, they fail badly.
* The "no images" option: this is a grea
"Normalization of deviance" (Score:4, Interesting)
When and why did we accept needing elaborate programs to throw away our email before we looked at it? When and why did we accept not being able to send files in email, after spending years defining and implementing MIME?
There have been cities that got so accustomed to street crime that people starting blaming the people who got attacked instead of the criminal. When and why did we get to the point that someone could tell a normal (and savvy) user of email
>You don't have to be a complete fucking tool you're entire life you know.
?
Not that I have a solution, I'd be out getting rich if I did.
Drop messages from home ISP's w/*.gif in them. (Score:2)
If the message comes from a home ISP block, but not from that ISP's mail server(s), and contains a *.gif, then drop it.
The real home users will be using the ISP's server to send their email. There may be some exceptions to this, but it shouldn't be too difficult to deal with those on a case by case basis.
Of course, this is from a business perspective. We don't seem to receive a lot of legitimate business email *.gif's from home ISP blocks.
Re: (Score:2)
You don't use authentication? (Score:4, Insightful)
You do it differently?
Re: (Score:2)
Who is "they"? I already strip images from my home email. And html. And believe it or not, even Outlook's cheesy filtering system blocks 98% of my spam with very few false positives (and the false positives are generally my wife's goofy friends who send "fwd: fwd: fwd: fwd: fwd re:This is so cool you have to do it!!!!!!1!!!)
Re:ban images? No! (Score:2)
I don't mind the stock spams so much. Every time I see one I just think of the morons who actually read spam losing their money - it brightens up my day!
Re: (Score:2)
don't know why they don't just ban emails with stupid images anyways, or best yet just strip them out of the attachments. If I really want to share pictures I'll put them on a website or Flickr or something.
The answer is as simply as this.
With all the virus scanning and filtering it sells more servers. More servers is more money for M$.
Thus, don't fix it.
To show what I mean, in one environment I know they have sendmail running on 2 old 300MHz UNIX systems for 8 years relaying the mail for 10000 users.
Re: (Score:2)
Great idea. Which means that I have to: (1) put them on Flickr, making them available to the entire planet - whether I want to or not or (2) put them on Flickr, make an account and then make everybody else deal with accounts and passwords or (3) create a web site to put them on and still have to deal with (1) or (2).
I think I'll just use snail mail.
Re: (Score:2)
Re: (Score:2)
I suffer from this all the time, since I'm a developer of custom systems and many times I need to send back and forth executables, scripts (Javascript and such) and DLLs since the customers I work with have SMTP filtering.
Workarounds range from encrypted RAR files to using webmail services (not GMail, which also filters) or sending the attachment through YouSendIt.com.
Re: (Score:2, Informative)
Bill Gates promised ! (Score:5, Funny)
Re: (Score:3, Funny)
After all, it's the only way to be sure.
Re:Bill Gates promised ! (Score:5, Funny)
Actually, he said "two thousand six..... ty". The last syllable wasn't heard because of the applause.
Picture spam (Score:4, Interesting)
I'm very surprised these all come through the gmail spam filter. By now it should be easy to identify them.
Re:Picture spam (Score:4, Insightful)
A huge percentage of legitimate email is random sentences with buzz words and a picture.
Maybe it would be possible to OCR every image as it comes through but then you'll just have spammers sending you CAPTCHA'd messages.
Re: (Score:2, Interesting)
"Maybe it would be possible to OCR every image as it comes through"
It is [apache.org].
Re:Picture spam (Score:4, Insightful)
Re: (Score:2)
It's the bottom line, stupid! (Score:5, Insightful)
Competent sysadmins are expensive, and the idea of, say blocking outbound port 25 would never occur to them, or is brushed-off for stupid reasons.
The only way out is to exerce pressure on those network owners and the best way to do so is by simply blocking them left and right until they are left with nothing but their huge intranets.
Re: (Score:2)
The only way out is to exerce pressure on those network owners and the best way to do so is by simply blocking them left and right until they are left with nothing but their huge intranets.
It's funny that your subject is "it's the bottom line, stupid!" but the idea of going after the bottom line of the spammers products isn't mentioned. Why should we become even more restrictive with networks and e-mail? Why should my outgoing port 25 be blocked because others abuse it? Instead we should be going afte
Re: (Score:2)
another way is for the combined modem/firewall/routers to be shipped with 25 blocked except to the ISP's servers
Re: (Score:2)
My ISP is supposed to give me an unfiltered connection. And last time I checked, getting Mom & Pop ISP to unblock ports for you might be possible. Getting Verizon DSL/Roadrunner/Comcast to do it is next to impossible, short of paying two or three times as much for a 'commercial' account.
Re:It's the bottom line, stupid! (Score:5, Insightful)
Re:It's the bottom line, stupid! (Score:5, Interesting)
So if you, as a spam recipient, play along with their stock game, you can make money, while helping drive up the price for the spammers to make their profit.
As for buying spammed products, I've long held the opinion that no one need to buy any products for the spam to keep flowing. Much like the pump and dump schemes, I get the feeling that a lot of spam originates from people paying for 'internet marketing' services touted in various 'get rich on the internet' programs. So the actual money-making product is the 'service' that's being sold to those down the chain.
Re:It's the bottom line, stupid! (Score:5, Insightful)
Timing VERY Crucial In Pump n Dump (Score:5, Informative)
You should revisit your data, and reread the article. The "problem" is that the scammers buy the stock pre-scam, and dump immediately at the first sign of a price blip. When I plug whichever penny stock into Yahoo, the price spike has always been a day or two in the past by the time my server receives (nevermind by the time I read) the spam touting it, and hasn't lasted more than a few hours.
So if you, as a spam recipient, play along with their stock game, you can make money, while helping drive up the price for the spammers to make their profit.
No you can't, unless you are "lucky" enough to be among the first recipients of the spam, and act upon it immediately. Depending on the number of shares outstanding, it may well be your buy of maybe $500 to $1000 that triggers the scammer's sell order. Face it, this is a total non-starter. Research already suggests that the scammers are only netting about 5%, which means they're doing about as well as a successful day trader, with only a little less effort. Since you will be in a reactive mode, you will be putting in more effort with significantly greater risk.
Re:It's the bottom line, stupid! (Score:5, Insightful)
And the blame for that can be squarely placed with Microsoft.
Re:It's the bottom line, stupid! (Score:5, Insightful)
The blame is mostly on MS. Partly in a different way than people think. MS advertises easy to use windows/computers, while that category is fiction. A computer is a complex tool. You can use it easily like you can use a chainsaw easily. The chainsaw eliminating a couple of your fingers is enough deterrent that most people learn to use it properly before that happens.
A computer is a chainsaw that cuts into someone's finger 2000km away in another country if not used correctly. The user stupidity only causes such big problems because the expectations are out of touch with reality. Computers are not easy to use and can't be made easy to use. Anyone who tells you so lies and sabotages the stability of the Internet.
What I'm talking about here is the "user stupidity" part of the problems. The Windows security side of the issue is another part of the problems. The "user stupidity" part is grave, because even if someone switches to Linux or BSD or something else than Windows, it is still easy to take over any system with a stupid user's cooperation. The answer is education and readjusting the common thinking about what computers are.
Re: (Score:3, Insightful)
In any case, we've been blaming the "stupid users" for years now, and it hasn't helped. They're still clicking on those easy-to-click executable attachments...
anti-spam tactics now anti-filter (Score:3, Insightful)
Went back down for me (Score:2)
Lucky you :-) (Score:2)
Alas, I am in the opposite position. I organise the e-mail for a local non-profit, and recently introduced an automated spam filter on all our incoming addresses. A month ago we were trapping under 100 spams a day across those addresses. Now it's well over 200, and rising fast. :-(
My hotmail account is fine (Score:2)
-Rick
Re: (Score:2)
Now it has dropped to an average of 1 per month.
Image spam? (Score:2)
Yep, I've seen plenty of that.
I can't help feeling that this is mostly a solved problem, though. OCR is pretty good these days, and the bad guys have been using text-recognition techniques to foil the more cleverly disguised text in captchas [wikipedia.org] on web sites for a while now. The text in these e-mail images should be relatively easy (algorithmically speaking) to identify.
Of course, given the volume of spam
Re:Image spam? (Score:5, Interesting)
It's nothing for the spammers to analyze a captcha, even if they want to. But for every obfuscated image they send to you, you've got much fewer resources to try and analyze it. Even if you build a monster mail transport (muchos dinaros) they'll just bot a few more idiot machines and overwhelm you.
In fact, that's apparently a new tactic some of the more scummy spammers have been taking. If your filtering/tarpitting is TOO good, they'll just unleash the whole botnet onto you and crash your mail servers until such time as you see that it's better to take their crap than try to fight them. I've seen admins complaining about it on NANAE.
It seems outrageous to say this in relation to something as "unimportant" as email... but I really, truly wish we'd start seeing some fatalities amongst the spammer set.
Spam 2.0 (Score:5, Funny)
No, no, no... please, please don't!
Yay, T-Bird (Score:2)
Yet another reason I love Thunderbird - if the Bayesian spam filter misses it, I still don't see the ad.
I do still have to waste
Another problem (Score:5, Interesting)
While email spamming is still the main problem, it would be nice to see the mainstream media realise that there is a growing danger in people exploiting community websites nowdays, because all it takes is for one of these operations to install enough spyware/get traffic from sites/top search engines for banking/insurance etc websites, then they will start taking consumer's data faster than spam would - all without the majority of customers realising, because they think the main threat is in their inbox.
640k (Score:2)
Different ways of thinking about the problem (Score:2, Funny)
Do any large email services compare all email over the entire system to check for spam? If gmail receives 4,000,000 messages from the same IP in 5 minutes, each with the same image attached; you can be sure it's spam. That's still defeatable, though.
The only way I can think of to totally stop the problem is to make it unprofitable. Maybe Bill Gates could stop the problem by producing a high-profile ad campaign telling people to stop buying things from Spam.
Not only the rise of spam. (Score:2)
We seem to have at least a couple a week.
A solid solution (Score:5, Funny)
I pity the fool who litters Mr T's inbox with ads for home equity loans.
Re: (Score:2)
Using Clamav against the images (Score:5, Insightful)
Fuzzy OCR (Score:5, Informative)
http://fuzzyocr.own-hero.net/wiki/Downloads [own-hero.net]
Re: (Score:3, Interesting)
Re: (Score:3, Insightful)
One viable alternative (Score:3, Informative)
Fortunately you can whitelist known good servers and even use an AWL.
According to some university administrators I've talked to where it is deployed, 93.6% of all mail is blocked this way. The network is around 20k computers strong. No big mail losses reported.
Re:One viable alternative (Score:5, Informative)
Naturally, the work-around for spammers is to resend their spams, but they would have to do it from the same IP and with the same envelope from and to address. This means that their army of zombie'd PCs would have to work twice as hard if everyone greylisting was common practice, and likely a require a non-trivial change to the software on these zombies. We'll have to see how it pans out, but after watching my greylist logs and inspecting the spams which do get through, it seems that perhaps a few spammers have already caught on to this, but not all. Most of the spams which do get through our greylisting are subsequently caught by Spamassassin and RBLs, and come from open-relays (those still exist!)
Re: (Score:3, Interesting)
I wrote my own greylister (<plug>Spey [sf.net]</plug>) and it works really well. (I will also point out that people who complain about it making email too slow have a major education problem --- email doesn't guarantee anything about delivery times. If they rely on the email being delivered within a certain amount of time, then they'll be screwed when that doesn't happen for completely legitimate reasons. But anyway.)
So far I've only had one false positive: Yahoo Groups. They have this brain-damaged sy
Outlook 2003 blocks all of the image-spam I get (Score:5, Informative)
So is the problem really an increase in spam or incompetent admins who don't know how to setup their filters to block them? Yes, the size & volume of E-mails may have increased, but if you can filter them they will be deleted before they take up space.
Re:Outlook 2003 blocks all of the image-spam I get (Score:4, Informative)
The "spam problem" *IS* largely solved. (Score:4, Insightful)
I know people like to rant about the "spam problem" a lot, but for all practical purposes, the problem has been largely solved for several years now.
If you run reasonable spam filters, including many open source ones, you will not end up with much spam in your inbox. Yeah, there will be lots of spam still being sent, but the real, significant, cost of spam is really mostly people's time, not machines. Any ISP, company or person who gets "too much spam" is simply being penny wise and pound foolish. The same goes for systems that get too may "false positives", that is, legitimate emails being rejected. Almost all of that is due to trying to run "cheap" spam filters, or buying snake-oil systems. Upgrade your mail servers or switch to someone who runs reasonable spam filters.
The "spam problem" of today is really the "you can't do anything about spam" problem. Too many people are convinced that you can't stop spam, so you shouldn't try harder. The problem is low expectations. The problem is people cutting corners.
For email senders having problems getting caught in spam filters, some of this is due to people running bogus spam filters and that is the receiver's problem more than yours. Most of the rest is due to either you not running a standard-compliant mail server on a static IP address that can have a reputation built up for you being a good server, or because you really do send out spam, either due to "bad" customers or backscatter (bogus bounces, challenge/repsonse systems, autoresponders, etc.). Don't be cheap and think you can get away with not running spam filters on your outbound email and catching your "bad" customers. Don't be cheap and spew backscatter. Don't be cheap and say you can't afford to do port 25 blocking of dynamic IP addresses, or not allow customers to configure their reverse DNS.
The vast majority of knowledgable people in the area of spam do not munge their email addresses. The vast majority do not suffer either lots of spam in their inbox nor lots of false positives.
Pump and dump solutions (Score:2)
The SEC could mostly take pump and dump schemes for penny "pink sheet" stocks off the table by using rules to lengthen the settlement process for sales of those shares or to suspend entirely the trading of stocks in companies that are not fully reporting entities. With fully reporting companies that have leg
Simple SPAM solution (Score:2)
A huge percentage of spam is..? (Score:2)
Now look at that statement and think a little. How would we filter this? Gee.. a tough one... hmm...
Let me think about it...
(41 years 6 months 10 days later)
We'll filter e-mails with images! Who needs friggin images in e-mails anyway. They are used for few purposes:
1. newsletters (aka "nice spam"), but newsletters can learn to be leaner.
2. pointless (and huge) "image signatures" showing off your latest company
bounce spam (Score:2)
which is then have to bounced to somebody else. I guess SPF might help that.
The Solution (Score:2)
Just do what I did (only better, I hope...) (Score:3, Funny)
(2) Run *NIX on (at least) one machine in your LAN. (3) Run Sendmail on that machine (or postfix, or whatever MTA you like).
(4) Listen to your wife and kids complain that their family/friends aren't getting e-mails from them.
(5) Correct the configuration on your MTA (oops - mea culpa).
(6) Listen to your wife and kids complain that they're not getting e-mails from their family/friends.
(7) Correct the configuration of your MTA (again).
(8) Listen to your wife and kids complain that they're still getting spammed into oblivion.
(9) Configure mail filters to hold the spam.
(10) Listen to your wife and kids complain that they're missing valid e-mails.
(11) (Repeat steps (8)-(10) recursively until (8) and (10) no longer happen.)
(12) ???
(13) Profit!^H^H^H^H^H^H^HRelax!
Graylisting + Honeypot DB = goodbye spam (Score:3, Interesting)
No filters (text or otherwise), no false positives, hundreds of spam messages arrive at my server every day, and approximately 1 a day gets through. I can live with that. Sometimes, a legitimate email will get delayed by several hours. Since I often don't check my email for hours at a time, I can live with that too.
I'm sure there must be some problem that keeps this solution from being widely deployed. But if you're geeky enough to run your own mail server, give it a try. It sure beats fussing with all those filters and crap.
Has there been an increase in spam? Huh. I didn't notice.
Re: (Score:2)
Re: (Score:3, Interesting)
I beg to differ. My limited distribution email scheme has been completely foiled by email list selling (by companies I deal with, including pseudo-government departments) and by worms which have harvested emails in the past. Heck, it only takes a single one of my "trusted" contacts (close friends, family) to decide to forward a message to a group with the list recipients viewable and then any of those people who get a virus will let t
Re: (Score:2)
Re: (Score:2)
Hell, at this point, I'd be willing to offer the spammers money to NOT include me in their spam... it's probably cheaper than dealing with the time and effort and cash of all the anti-spam appliances, etc., I'm doing right now.
I could care less if it was extortion... it would probably be more effective for me in the long run.
Re: (Score:2)
p.s. AFAIK, Bill is misquoted here. He claimed 640KB would be enough at that time and made no claims about future memory requirements.
Re: (Score:2)
Yes, someone has an idea for a mail system [im2000.org] where the sender stores the message on HIS mail server, and basically sends a link to the mail to the recipient. The recipient's mail client fetches the mail when the user wants to read it.
The sender is thus responsible for the resources for storing email. Sending millions of emails would overload the spammers mail server. spam-bot home computer