Spam Hits 95% of All Email

An anonymous reader writes "Commtouch released its Email Threats Trend Report based on the automated analysis of billions of email messages weekly. The report examines the appearance of new kinds of attachment spamsuch as PDF spam and Excel spam together with the decline of image spam, as well as the growing threat of innocent appearing spam containing links to malicious web sites. Image spam declined to a level of less than 5% of all spam, down from 30% in the first quarter of 2007; also, image pump-and-dump spam has all but disappeared, with pornographic images taking its place."

call me a cynic, but

[petes_PoV]

... here's a report from a company that specialises in anti-virus and other security products.

While I'm not denying spam etc. is an annoyance and does cause a lot of people some problems, do we really want to accept at face value some words from an organisation that could well have a vested interest in making the problem appear more threatening than it really is?

Personally I'd prefer to teach people how to avoid spam/virus infection - in the same way we teach people how to avoid clinical infection, than to go around wailing about how bad the problem is.

Re:white lists are the way to go

[tepples]

And really - if I want to hear from you then you'll be on that list. If you aren't on that list then I don't want you cluttering up my inbox in the first place.

Let me guess: You don't run a business.

Re:call me a cynic, but

[gammygator]

FWIW, about 90% of our e-mail has been spam... and we've seen a solid 50% increase in traffic over the past quarter. The numbers aren't that out of whack. quote: Personally I'd prefer to teach people how to avoid spam/virus infection... Good luck with that. Particularly with the avoiding spam part. If you come up with a foolproof method that actually involves using e-mail... I'm sure you'll be a lot richer than I am.

penalize the seller not the messenger

[Anonymous Coward]

If the financial incentive is removed the problem should go away. The spammer is not the root cause, the entity hiring the spammer and benefiting from the people responding to the advertisement appears to be the root cause and is easier to identify.

The entity initiating the process is identifiable ( the contact information must be accurate in order to effect the sale ) unlike the spammer that can utilize many techniques to avoid identification.

Any different?

[Gorkamecha]

Is this any different then the stats of the dead tree style of spam that appears in my mailbox every day?
And we have seen the huge (cough) progress made in removing that snail mail spam from the system.

Honestly, there seems to have been more progress in weeding out the digital spam then the paper sort.
Even vague sort of laws and protections and such.

Re:white lists are the way to go

[cliffski]

and what goes on the business card, the press release and other similar locations? or you think you can run a business that has no email address and ignores emails sent blindly to sales@ info@ and webmaster@ not to mention support@ ?

Re:white lists are the way to go

[DrgnDancer]

Must be nice not need to hear from customers. Or legit vendors. Or old friends who changed their e-mail addresses. I'm jealous.

I can't even the use apparently moderately effective "blacklist Chinese and Russian IPs" technique. We correspond all over the world.

Re:SPAM @ 95%?!

[jfengel]

They're good, but they're not that good for me. I get several spams a day in my inbox (and thousands a day filtered out).

Bizarrely, they should be easy to identify. Most of them are in Russian. Whatever bayesian network they're doing should have figured out by now that I don't read Russian.

The other one is the same template, over and over, all beginning with the same phrase. I have no idea why that one keeps getting through.

I'm sure not complaining; they're clearly filtering out a huge amount of sheer misery.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Can we go to my scheme yet?

[Belacgod]

As what happened with e-solutions, the Russian mobsters in charge of spam will simply hire better hitmen and eliminate the ones you send, until no one will take the contracts you offer anymore.

Re:Only a few more percentage points to go...

[Anonymous Coward]

dude, we have tree farms now. LEARN IT

Re:Greylisting to the rescue! (or not)

[Trifthen]

I think you miss the true point of greylisting. See, the delay is only half of the whole equation. Sure, the host may try again, but I'm also subscribed to a few relatively non-strict DNSBL lists. Now, imagine the combination:

1. Spammer sends a spam.
2. Spam gets delayed by 5 minutes.
3. Lazy Spammer neglects to resend. EOM.
4. Spammer gets put into a DNSBL sometime during the day.
5. Creative Spammer resends several hours later.
6. Rejected as bad host, due to DNSBL.

Also, postgrey, like most greylist plugins, will automatically whitelist an IP that has had several successful deliveries over the course of a few days. It regularly purges this list every 30 days, so if a spammer accidentally gets whitelisted, that doesn't last long. And like I said, DNSBL is checked *before* the greylist is invoked. So, 95+% of spam sent to me every day, never makes it past my SMTP server. And if I bothered to bolt a bayesian filter on top, I'd probably get a handful of spam per year, but I can handle deleting the half dozen that make it through every week. It may not work for everyone, but Email Purgatory seems damn good to me.

Re:Why we can't stop spam with our current techniq

[SL Baur]

We can't stop it because we aren't addressing the real problem. Spam is an economic problem. People send out spam because they make money off of it. And they will therefore continue to send out spam as long as they make money off of it.

If you want to stop spam, you have to remove the economic incentive. To do that, you need to cut off the co-conspirators

You're right, but for the wrong (IMO) reason. Spam has economic incentive because all the costs of email are borne by the recipient. Botnets have made it even cheaper. You must remove that if you want to really fix the problem.

If you do not remove the economic incentive, nothing will work because it will just be an arms race and the "good guys" will necessarily always be on the defensive side.