Spam is Back With A Vengence 510
Ant writes "The Red Tape Chronicles reports that just last December (2006), the FTC published an optimistic state-of-spam report. It cites research indicating spam had leveled off or even dropped during the previous year. It now appears spammers had simply gone back to the drawing board. There's more spam now than ever before.
In fact, there's twice as much spam now as opposed to this time last year. And the messages themselves are causing more trouble. About half of all spam sent now is "image spam," containing server-clogging pictures that are up to 10 times the size of traditional text spam. And most image spam is stock-related, pump-and-dump scams which can harm investors who don't even use e-mail. About one-third of all spam is stock spam now."
Use FuzzyOCR and be mostly done with image spam (Score:5, Informative)
Comment removed (Score:4, Informative)
Re:Spam spam spam spam. Lovely spam! Wonderful spa (Score:5, Informative)
By definition, shouldn't any post about spam be marked redundant?
Anyway, I run a mailserver. What I see is surges of email for whatever happens to be the current scam. Last year it was mostly mortgage offers (Get a cheap, misspelled mortqaq3 today!!!) Spamassassin + RBLs eliminate about 70% of the flood. Image-only email is flagged by spamassassin. Now random text is added to get past the Bayesian filters. The arms race continues.
BTW, if you are the type to send copies of spam to abuse addresses, I advise you to remove identifying info and post it through an anonymous account to avoid retaliation. ISPs tend to forward it to the spammer.
Spam filters can still cope (Score:5, Informative)
http://it.slashdot.org/article.pl?sid=06/12/21/23
But it is wrong to say that this new spam requires radical new filtering techniques. That's what the spam solution vendors (whose press releases drive these
See, for example, the recent TREC tests: http://plg.uwaterloo.ca/~gvcormac/trecspamtrack06 [uwaterloo.ca]
These results show that filters achieve about the same results on 2006 spam as on 2004 spam, and those results are pretty good. Ongoing tests show that the effectiveness of filters is unchanged for 2007. In general, the volume of spam has increased, and spammers have tried various methods of defeating spam filters. But their efforts have not been particularly successful against statistical filters.
Re:SpamAssassin still works (Score:5, Informative)
In /. before (Score:2, Informative)
Re:Stock scam spams - 3n14rge yur SC0X ... (Score:3, Informative)
Not just Email Spam here (Score:2, Informative)
The email server I use tags and filters spam, but the WordPress Blogs are filling up with Spam, plus it is clogging up MySql databases for comment spam that it uses all the processing power up - so the other services on the box as well as the webserver crawl to a slow. Even with other programs such as Akismet marking the comment psots as spam, the problem lies in the database being tied up.
Re:block .gif images? (Score:1, Informative)
Solution to stock spam? (Score:3, Informative)
Re:SpamAssassin still works (Score:1, Informative)
See http://undeadly.org/cgi?action=article&sid=200611
Filtering is wrong (Score:5, Informative)
The bandwidth already been spent once the spam reaches your filter.
A much better approach (IMHO) is to use greylisting along with a few fast spamtrap driven RBLS, this way the mail doesn't even get transmitted to my server and I save both CPU, bandwidth and time.
Since I switched I have gotten a max of 2 spams pr. day, some days the count is even zero.
There are two reasons this approach is so great:
1) The greylisting on its own will weed out all the non-compliant MTAs, most spammers use zombies that don't care if their payload gets delivered, so they never retry.
2) The real MTAs that spam might get to me before hitting a spamtrap, but the greylisting tells them to come back a bit later, by that time they have hit one or more spamtraps and get blocked by an RBL.
I have yet to think of a way for spammers to defeat this scheme and the cost to legitimate mail is a 10 minute delay the first time someone sends me mail.
Re:The solution (Score:3, Informative)
Fairly simply. Though today it should be able to tell the difference between legitimate bulk email* and spam
Such as mail-type discussion groups, business relations like people who want to receive tiger direct's adds, etc...
When you're having to post random segments of encyclopedias and put your actual message into an image to get through the filters, it's a clue that you're not wanted.
Those types I'd like to see shot. Heck, I'd shoot them myself.
Oh, and I don't believe that spammers are truly a dime a dozen. I think that if we removed the 10 worst spammers we'd drop spam in the USA by 50% or more.
Re:Spam spam spam spam. Lovely spam! Wonderful spa (Score:3, Informative)
The only exception I know of is spamcop as they're (I think) trustworthy.
SURBL (Score:3, Informative)
Re:Spam filters can still cope (Score:3, Informative)
Indeed every mail provider should have such an interface: a trivial way to report filtering mistakes. But you over-estimate the value of everybody else's spam reporting. A filter based only on your own reporting can have a vanishingly small number of false positives, and a small number of false negatives. So small that the total amount of reporting you have to do is no more than for Gmail.
But many appliance manufacturers promote the scenario in which the user is not prepared to offer any feedback to the filter. It is much harder to achieve reasonable error rates in this mode of operation.
Bottom line: Gmail's filter is pretty good, but not better than the personal spam filters I've tested. I have yet to see a "hands-free" solution that is as good as one that uses feedback. The amount of feedback required is trivial.
Re:Stock scam spams - 3n14rge yur SC0X ... (Score:2, Informative)
Greylisting is so 2005 ...... (Score:3, Informative)
Re:What I just don't get.. (Score:2, Informative)
That would be "median American", not "average American". Not that there is a big difference when min and max are so close and the size of sample set is so large but still...
Re:What I just don't get.. (Score:3, Informative)
Greed can be a powerful motivator for some people, enough to overwhelm their sense, what little they have anyway, of logic and reason which tells them that this is a scam or that an investment promise is too good to be true. Why do people play the Lottery when they know or should know that they have a better chance of being struck by lightning on their way out of the liquor store? The appeal to greed is among the oldest in the charlatan's bag of tricks, it has worked for thousands of years and it will continue to work as long as there are humans on this planet to be duped. They know that spam is spam, but they want millions of dollars too and so they continue to get burned.
Re:The solution (Score:3, Informative)
Spammer: Here's some email
Server: Thanks!
Server: Hey, this is spam! Let's send it to jfengel!
to
Spammer: Here's some email
Server: Screw you. It's spam. (or "There's no such person here. I reject it now rather than having to call you back using the forged header.")
I suspect that the SMTP protocol already supports that. But in general, SMTP is heavily oriented towards store-and-forward in an intermittently connected, unreliable network, passing mail at midnight when the rates were cheap. Maybe that's still a good mode to support, since not everybody has high-speed lines and the network is still unreliable, but TCP and the backbone have solved the problem without some of the problems that come from store-and-forward.
Re:Greylisting is intrusive; unknown fp rate (Score:3, Informative)
If you want immediate, use IM or make a phone call.
Not really (Score:3, Informative)
1) Email has never been an instant messaging system, I've tried getting people to stop asking for an IRC/ICQ/MSN/AIM/whatever chat and just use email, but nobody listens.
2) Any mail server that doesn't retry when given a temporary failure code is broken and needs to be replaced, sooner rather than later.
In any case, I do review my mail logs (well I did the first two weeks of using the new system) and I saw exactly zero false positives.
The spamtrap driven RBLS I use all list and delist servers quickly, so they also cause no false positives, but if they ever do the user who sent me the unlucky ham will get a nice bounce message, so he will be able to retry the mail or call me.
I think getting bounce is much nicer than just having your mail eaten by a filter.
Greylisting + RBL (Score:3, Informative)
Most spammers seem to hit a number of spamtraps with each zombie at some point, so using spamtrap driven RBLS in front of greylisting means that the RBLs will take care of the verified spammers.
greylisting gives the spamtraps some extra time to get hit, so rather than do actual blocking itself it augments the RBLs.
Re:Greylisting is intrusive; unknown fp rate (Score:3, Informative)
This is not in the spec.
I want that receipt for my airplane ticket right now, not in a few {minutes, hours, whatever}
Whilst this may happen there are plenty of reasons for it not happening. Including having outgoing email checked by a human being and sent as a batch job.
We have no way of knowing how many legitimate delivery failures are caused by greylisting. That's because, as the parent points out, messages are rejected a priori and there's no quarantine to check. If you reject and for whatever reason it is not retransmitted, your mail is lost.
Greylisting sends back a response which says "I can't process this now" try later. There are plenty of other reasons for an SMTP transaction to return this kind of response.
Maybe this "shouldn't" happen but it does, and it happens often enough that it is not entirely obvious that its false positive rate is less than that of a spam filter.
A "false positive" in this context is indictative of a broken MTA.
Re:Greylisting is intrusive; unknown fp rate (Score:2, Informative)
Also, e-mail is not immediate. It can be delayed any amount that the intermediaries want, for example, because the dial-up process doesn't run again until tomorrow at noon. Or maybe because your firewall and censors haven't read it and approved it yet.
If you insist on calling e-mail immediate, then you just don't understand the technology.