Spam Hits 95% of All Email 270
An anonymous reader writes "Commtouch released its Email Threats Trend Report based on the automated analysis of billions of email messages weekly. The report examines the appearance of new kinds of attachment spamsuch as PDF spam and Excel spam together with the decline of image spam, as well as the growing threat of innocent appearing spam containing links to malicious web sites. Image spam declined to a level of less than 5% of all spam, down from 30% in the first quarter of 2007; also, image pump-and-dump spam has all but disappeared, with pornographic images taking its place."
Re:Summary only link (Score:3, Interesting)
doubtful (Score:2, Interesting)
Did they track private networks? Encrypted Email?
That's not an unrealistic number (Score:5, Interesting)
The highest two-week percentage of rejected incoming email that I've seen broke 97% a few months ago. It's normally between 90% and 95%.
It's loads of fun dealing with this crap.
Comment removed (Score:3, Interesting)
Re:SPAM @ 95%?! (Score:3, Interesting)
OK, another data point (Score:5, Interesting)
Re:call me a cynic, but (Score:4, Interesting)
Flirting.
Let us pick some text randomly off a googled link and exercise our imagination.
"First for Emailing - UK's only Emailing Academy
We are offering you two free e-courses value $45 each. One is our new success emailing communication programme and the other is our popular lifestyle coaching programme
SUCCESS EMAILING Communication Tips - series of 4 communication tips modules. Designed to get you connecting and interacting more easily and effectively plus monthly success emailing newsletter with tips, quotes and news..."
When there is a large industry which advertises itself in terms like that instead of the original [flirtzone.com] then perhaps there would be a point to be made that email communications are unusually inefficient. In the meantime, well, sure looks to me like anyone who has ever interacted with the opposite sex should have no problem imagining a form of communication in which 5% efficiency would be a striking -- well nigh unbelievable actually -- increase, and somehow that communication medium has not died out in several millions of years.
*looks around* Ah
So where's the invisible hand? (Score:3, Interesting)
We've seen some "free market" solutions which basically required that you pay a fee to every mail provider so they don't trash your email. And this didn't particularly help spam either.
I come to the conclusion that spam as an issue is one of two things, or both of those things:
1) Not that big of a problem (hard to believe if you are a mail provider / ISP yourself)
2) Impossible to solve by means of free market solutions, and requires cooperation and standardization of new technology.
Point 2 is hard to happen since every little startup that comes with a mini solution, trumpet it on their own and hence they are only a nuissance to deal with in the big picture (due to lack of a single standard, it's impossible to have clients which make the process of whitelisting easier and even half automatic).
Here are couple of solution which would get us half-there, but are only quarter-implemented right now:
1) Whitelist SMTP servers by talking back to the supposed mail of origin and comparing IP-s. The SMTP may return list of IP-s this host responds from. This is then cached and used for further authentication on this domain. It *may* lead to DoS if many hosts do a first-time check simultaneously, but it's unlikely (and less problematic, given we're eliminating 95% of bad emails this way).
2) Test-for-human-intelligence in your first email to a new email. Such as, I don't know, some sort of CAPTCHA you fill-in? Once this is done, communication can proceed without further tests between those two emails. The receiver still has the option to block you, lest you employ a mechanical turk.
Those solutions are boring, they're incomplete in a way, they introduce hassle, but if we *all* agree on those, they can be made less of a hassle, and still not lose their efficacy.
That would require the likes of AOL, Hotmail, Gmail and so on free mail providers to cooperate with the likes of Microsoft, Apple, Linux devs and so on, to implement this on both the clients and servers.
Right now, I could see Hotmail cooperating with Microsoft (.. wink, wink..
Why we can't stop spam with our current techniques (Score:5, Interesting)
If you want to stop spam, you have to remove the economic incentive. To do that, you need to cut off the co-conspirators that are allowing the spamvertised domains to be established and hosted. If you can either prevent them from getting a cut off the action, or punish them severely for taking their cut, then you can stop spam.
Until then, if all we do is try to filter spam out, we'll just continue to see the costs of inaction. Beyond that, we're ignoring the fact that filtering has real costs, as well. Filtering doesn't prevent the spam from traversing the internet, and furthermore it requires human time to update as the spammers change their tactics.
Email is dead, long live Email (Score:5, Interesting)
Only a few more percentage points to go... (Score:3, Interesting)
There is already a solution for 90% of the problem (Score:1, Interesting)
Unfortunately, the largest sources of the problem (comcast, rr, attbi, etc.) believe they derive income from NOT stopping viruses, worms, and spam, and they aren't held accountable for damage caused by their greed. So their misinformed and incompetent staff are not going to implement any fixes.
If you haven't implemented SPF, and aren't seriously studying DKIM, you should not be a mail service provider. A person shouldn't expect a plumber's apprentice to perform a colonoscopy properly, after all.
But armchair libertarians often forget that laissez-faire capitalism only functions properly when all customers are perfectly informed. Most people never heard of standards-based anti-spoofing technologies and do not understand how preventing spoofing impacts spam management; so they cannot make the informed choices that would allow "the invisible hand of the marketplace" to become an iron fist crushing the incompetent service providers.
Re:Greylisting to the rescue! (or not) (Score:4, Interesting)
Basically, greylisting is putting an email transaction on hold to see if the sender will retry. The idea is that if the sender is illigitimate, they won't bother resending. However, spammers have been onto this method for as long as it's existed, much moreso lately. All they have to do is take greylisted hosts and move them to the end of their script for later processing. The second time around, the spam gets through anyway. Even with its meager benefits, most organizations want email to come through as quickly as possible, and greylisting delays email by its very nature. It's also much less effective than existing technology that won't hinder most legitimate mail like DNSBL and/or SPF, spamwords+OCR (for image spam), and blocking on unknown recipients.
To summate, if greylisting makes you happy, then don't let me dissuade you from using it. it does indeed stop some spam. But please don't give the false impression that it's a magic bullet; most of the complaints we receive are from clients who've enabled greylisting and can't figure out why their mail is delayed.
[1] I am also a consultant to another firm who hosts manged email with spam filtering. Due to the complaints above, we have also disabled greylisting there. It was only effective at stopping about 5% of spam reliably, but a delay is put on all mail that isn't otherwise whitelisted. There are plenty of other methods which are both more effective and don't slow down the mailflow or tie up much resources on the MTA.