Spam Back Up To 94% of All Email 330
Thelasko writes "A NYTimes blog reports that the volume of spam has returned to its previous levels, as seen before the McColo was shut down. Here is the report on Google's enterprise blog. Adam Swidler, of Postini Services, says: 'It's unlikely we are going to see another event like McColo where taking out an ISP has that kind of dramatic impact on global spam volumes,' because the spammers' control systems are evolving. This is sad news for us all."
More data please (Score:5, Insightful)
The article seems to be counting whole e-mails, but what about bytes? And what percent of global IP traffic is E-mail? I'm just wanting to get a feel for how much spam is clogging the backbones and not just how much it is clogging the mailservers.
Raise your hand if you're surprised by this... (Score:4, Insightful)
Obviously, shutting down an ISP would have a negligible long-term effect on spam. Intelligent people realize that the people behind spam are themselves intelligent (at least intelligent enough to almost never get caught). Obviously they have contingency plans. If you shut down one mail relay they go to another. If you shut down one ISP they go to another. If you shut down one web hosting company they go to another.
If you shut down their favorite registrar they go find another.
Anyone who thought that shutting down one ISP would have any meaningful, long-term effect on the spam problem needs to read up on how spam works, and why it exists. In short, spam works because it is profitable. Spammers don't sent out spam just because it annoys people, they send it out because they make money off the products that they push through spam. Hence they will find new ways to push out spam, as long as they can still make money.
Re:Anyone Still Have Spam? (Score:5, Insightful)
If it's slowing down networks, then it does effect you.
Re:Anyone Still Have Spam? (Score:3, Insightful)
Maybe I am a freak, but to quote Davork, I get no spam. Gmail's filter catches pretty much everything.
Yet Google (and all other email systems) are paying for 17x as much bandwidth and infrastructure as they would otherwise need (plus filtering costs)
Re:Anyone Still Have Spam? (Score:5, Insightful)
filters will never win... (Score:5, Insightful)
Spam filtration is an arms race
That part I agree with.
However, I still say that spam filters will never solve the problem. Spammers will just keep finding new ways around them, and all the while we will continue having to pay the costs of transporting and filtering the junk email (in terms of bandwidth and cpu costs, in particular).
The only way to stop spam is to remove the reason why it exists in the first place:
If spammers can't make money off of sending out spam, they won't send it out to begin with.
Re:Mail servers (Score:3, Insightful)
Re:Anyone Still Have Spam? (Score:5, Insightful)
I've never had malaria. What's the fuss?
Re:The enigma is.. (Score:1, Insightful)
maybe random people have entered random addresses in contact forms to get their "free ringtone"?
Re:Thank you Google and Yahoo! (Score:5, Insightful)
I think that a craigs-list moderation style of X spam reports and you're cut off is the way to go. Of course, these reports should only be counted from existing VERIFIED accounts, with the reporting mechanism built into the interface.
That currently gets abused. I have heard that anybody trying to sell an animal, for example, gets flagged as abuse by PETA assholes. Could the same happen to mailing lists? If one wants to sink a mailing list, they subscribe to it with all their e-mail addresses, and tell each e-mail provider that it is spam...
Re:Anyone Still Have Spam? (Score:3, Insightful)
If the slowdown isn't noticible, it doesn't.
Re:Mail servers (Score:3, Insightful)
Re:Anyone Still Have Spam? (Score:5, Insightful)
Also, let's say that your ISP does catch all the spam. What valid emails aren't you getting because of false positives? What valid emails are you sending that the recipients aren't getting because of false positives?
Not getting spam is only half the battle. Getting all valid email is the other half. Winning the war decisively is an additional problem on top of that.
Re:Mail servers (Score:5, Insightful)
Sad thing is, our users have grown accoustom to the hard work we do to prevent spam that when they get a single spam message in their inbox, they pick up the phone and call the help desk, who then create a ticket and forward it to me so that I can "check the spam filter to make sure its working".
Seriously? Fuck you... press the delete button and get on with your life. How about I just create a catchall and forward it to your inbox - then you can see all the crap we're blocking first hand.
Re:Anyone Still Have Spam? (Score:2, Insightful)
B) Even if you don't notice the difference, chances are that filtering out all that spam and upgrading pipes are causing your ISP (or theirs) to charge a bit more. In the case of free webmail, that would translate to more ads and less time/money to add non-spam related features.
Re:Anyone Still Have Spam? (Score:4, Insightful)
Not really. Yes, e-mail systems are paying for way too much bandwidth, but how big a percentage of Google's bandwidth do you think is used handling e-mail? And if you compare e-mail bandwidth to Internet traffic overall, I'd imagine it's pretty trivial (if anyone has actual numbers, I'm curious). Those 50 1kB ads getting filtered out by my ISP are laughable compared to the traffic I generate watching 1 show on Hulu.
It's an unnecessary expense and it's aggravating, but no way is Google paying for 17x as much bandwidth as they need because of e-mail spam.
Not *ALL* of us... (Score:3, Insightful)
"This is sad news for us all." -- Adam Swidler, of Postini Services
Isn't Postini Services a service that makes money by being an "outsourced" spam filter?
Not a sad day for them...
I get less than 2% - don't even need filters (Score:3, Insightful)
I run my own domain and have about 130 email addresses. Usually I just create a new one for new uses (different hobbies, different interests). Every website that asks for an address gets a disposable one, rather than a "proper" address. The consequence of these small and quick precautions means that last week I saw 8 SPAM emails, from a total of all the personal email, forums and *wanted* stuff of over 600 emails. Occasionally I find a trusted address gets an unexpected and unwelcome flurry of emails - it then gets deleted and a new one set up. Friends and family addresses are sacrosanct.
I simply don't understand how or why people only ever have 1 email address and give it out unconditionally to anyone who asks for it. How can people live like that?
still in middle/high school? (Score:3, Insightful)
Put the Ayn Rand fanboyism to some good use and try to earn some cash:
Ayn Rand Institute Essay Contests [aynrand.org]
Re:Well, we will just have to (Score:2, Insightful)
Until Certified servers get hacked.
Until computers using certified servers get hacked.
Until someone hacks the certificates.
Why not determine if something is spam based on not only where it came from, but also what it reads or contains?
Its been said before, but any competent computer user will only see maybe 1-2 spam mails per week. Going from over 90% to less than 5% roughly is pretty darn good.
There are other areas of the internet that actually need fixing that we should worry about.
Re:Well, we will just have to (Score:5, Insightful)
I HATE this stupid form letter thing. Firstly, it really shows lack of imagination on your part. Second, it's WRONG:
(x) It will stop spam for two weeks and then we'll be stuck with it
'Stuck with it'? What's that supposed to mean? Like we're 'stuck' with SMTP or HTTP?
(x) Users of email will not put up with it
What's to 'put up with'? It's virtually invisible to users, except for the filter option regarding what to do with certified email, and a Big Red Button in their email client to automatically report certified spam.
(x) Requires immediate total cooperation from everybody at once
Simply WRONG. I addressed this in my post:
An email client that is Certification-compatible will, when it receives an email, look to see if it has those two headers. If not, it will handle it according to the user's wishes. This means NON-Certified email might be deleted, or sent to a different folder, or whatever. Whitelists/blacklists are still possible. ... ...
You can still send non-certified email, so hobby mailing lists and the like are not affected- the people who receive the mailing list might just need to whitelist it.
This system does not need to be adopted all at once. Certified and non-certified emails can be handled both by email clients that are Certification aware and not.
(x) Many email users cannot afford to lose business or alienate potential employers
They wouldn't.
(x) Open relays in foreign countries
What about them? If the server is Certified, they'll get reported. If they're not, they'll probably be ignored.
(x) Asshats
?
(x) Huge existing software investment in SMTP
This is still SMTP, just with additional Headers to the email, and an additional protocol to request/retrieve the Key.
(x) Armies of worm riddled broadband-connected Windows boxes
Again, If the server they use is Certified, they'll get reported. This results in the ISP cutting off the "worm riddled" boxes, and forcing the user to clean the box before allowing internet access (or at least email access) again. OR, if the ISP ignores the problem, they get their Certificate pulled. This is a bad thing?
(x) Eternal arms race involved in all filtering approaches
The only way to 'beat' Certification is to Certify yourself (you'll get blacklisted for failign to deal with spam reports), or have a 'spam friendly' ISP Certifiy you. (and then they'll get blacklisted.) Or ISP-hop constantly.
(x) Extreme profitability of spam
It's not profitable if no one replies. No one can reply if they don't see the spam. They can't see the spam if their client trashes it. Their client trashs it if it's not certified. (probably- this is user settable for normal email clients, or server-settable for webmail.)
(x) Extreme stupidity on the part of people who do business with spammers
See above.
(x) Dishonesty on the part of spammers themselves
It doesn't matter if you can't get a ISP to certify you.
(x) Bandwidth costs that are unaffected by client filtering
Not at first. But when they get NO replies, they'll stop spamming.
(x) Outlook
Why is this a problem?
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
None have ever been tried.
(x) Blacklists suck
Despite my saying 'no one will get the non-certified emails', this is not technically true. Certification is not a blacklist. It is a one of several criteria that can be used to filter email. For instance, a email filter like SpamAssasin looks at many factors to decide if an email is spam ot not. 'is it from a real domain?' 'Does it contain the word 'viagra''? 'is it CC'd to more than a few people?'... and a lot of other criteria. "Is it C