Spam Back Up To 94% of All Email 330
Thelasko writes "A NYTimes blog reports that the volume of spam has returned to its previous levels, as seen before the McColo was shut down. Here is the report on Google's enterprise blog. Adam Swidler, of Postini Services, says: 'It's unlikely we are going to see another event like McColo where taking out an ISP has that kind of dramatic impact on global spam volumes,' because the spammers' control systems are evolving. This is sad news for us all."
The enigma is.. (Score:1, Interesting)
..to whom are they sending all the spam?
I have barely seen any in the last 3 or 4 years.
Anyone Still Have Spam? (Score:3, Interesting)
Maybe I am a freak, but to quote Davork, I get no spam. Gmail's filter catches pretty much everything. Once on a blue moon one will slip through, but I can tolerate one penis pump add every month or two. It might be true that a lot of spam is passing back and forth across the networks, but from a user point of view, it never makes it to me.
Re:The enigma is.. (Score:5, Interesting)
Every email address that is not an actual word doesn't seem to have any problem with spam for a number of years until I inadvertently have myself logged in when visiting one of those cookie catcher sites... generally with lots of chinese letters and related to a recently released mainstream movie... stopped doing that when I realized if I started being patient I could just get it at redbox.
Mail servers (Score:5, Interesting)
I'm personally glad I don't have to run my own mail server anymore. Having to fight the constant battle against spam can seem like an uphill battle. I'm happy enough with Google Apps, very little spam gets through the filters and it's very rare to get a false positive.
Despite the fact that my mail email address is not published online anywhere and I'm very careful who I give it to (I use different addresses for completing forms online) the amount of spam that Google filters out is still amazing.
There must be a lot of stupid people out there that respond to this stuff, it wouldn't exist if it wasn't profitable.
There is a worse spam mail problem (Score:4, Interesting)
When can we filter out all the paper junk mails stuffed in my real mailbox?
Re:The enigma is.. (Score:5, Interesting)
Thank you Google and Yahoo! (Score:4, Interesting)
Google and Yahoo have inadvertently created a goldmine of email addresses. While I get a lot of spam from various domains, it is these two sites that I have a problem with. See, they use domain keys, which elevates the message above spam filters (or at least helps to). So spammers have cracked the google chacpta (sp?). There is no easy way to report these addresses for abuse. The providers need to somehow only allow domain keys on VERIFIED accounts, or have multi-level domain keys.
I think that a craigs-list moderation style of X spam reports and you're cut off is the way to go. Of course, these reports should only be counted from existing VERIFIED accounts, with the reporting mechanism built into the interface.
Re:Anyone Still Have Spam? (Score:3, Interesting)
Others have covered the "big picture" reasons why filtering isn't a perfect answer; but even ignoring that, and conceding that filtering improves the user experience (relative to receiving 94% spam), I would still say that filtering for spam also creates a significant problem with my user experience (relative to not having a spam problem to start with).
Why? Well, I agree that false negatives are relatively rare -- though for me that still means one every couple days, and it seems to be increasing. And rare false negatives aren't a problem.
False positives are also pretty rare, but they can be a big problem even when they are rare. I recently had a time-sensitive transaction delayed by several days because I thought I hadn't received an invoice. Eventually I found the invoice in my spam folder. I'll know in a week or so whether the transaction is still able to complete in time.
Re:Anyone Still Have Spam? (Score:3, Interesting)
Spam effects me in real life. My fax machine gets an offer nearly everyday. Considering the toner to this combo color scanner/fax/printer is rather expensive, it's downright insulting. I wish I knew how to get rid of these idiots, or at least find a cheap, real life digital service or device where I could log into and view the faxes and retain my existing fax number.
Re:Raise your hand if you're surprised by this... (Score:5, Interesting)
In short, spam works because it is profitable. Spammers don't sent out spam just because it annoys people, they send it out because they make money off the products that they push through spam.
While this is partly true, it's definitely not the only way spammers make money. Spammers also make money by 1) selling their services to businesses who want to sell products, collecting their fee in advance regardless of any products sold; 2) running penny stock pump&dump schemes; 3) Nigerian 419 scams; 4) Phishing; 5) selling mailing lists to other spammers; 6) other creative ideas I haven't thought of.
Re:Well, we will just have to (Score:5, Interesting)
I've said it before- Email Certification.
Want to run a Certified Email server? Go to your ISP (or other such companies that may arise to offer the service). They check you out (Are you who you say you are? Do you have valid contact information? Etc...), then have you produce a Public/Private key pair. You give them the 'Public' key, and keep the 'Private' one to configure your email server with. Your email server must add an additional header with your Certifier's Certification Server (usually their email server), and a header that is encrypted with your Private key.
An email client that is Certification-compatible will, when it receives an email, look to see if it has those two headers. If not, it will handle it according to the user's wishes. This means NON-Certified email might be deleted, or sent to a different folder, or whatever. Whitelists/blacklists are still possible.
If the email has the headers, the email client will connect to the Certification Server listed in the one header, and download the 'Public' key to attempt to decrypt the other header. If the decrypted header is valid, the client treats the email the way it is configured to, usually by placing it in the Inbox. Again, whitelists and blacklists can still be used.
Here's the most important part: If the user receives Spam that is Certified, they can easily report it to the Certifier (email clients would have a 'Report Certified Spam' button that automatically shoots an email off to the Certifier, for instance). The Certifier can then contact the owner of the Certified Server and notify them of the spam. This gives the server owner a chance to stop the spam, in case the server was hacked or the spam was accidental. If the Server owner does not stop the spam, the Certifier simply pulls the Certification, by removing the 'Public' key on their server. From that moment forward, ALL email the Email server in question sends will be NON-certified (and quite frankly, probably deleted by the recipients).
If the Certifier refuses to do anything about the Spamming Server (because they are 'in on it', friendly to spammers, or just incompetent), then ALL Certifications from that Certifier can be marked as 'bad', either on a client-by-client basis, or thru the use of a Certifier black-list.
-There is no 'Central Authority'- your ISP Certifies you for a modest fee.
-You can still send non-certified email, so hobby mailing lists and the like are not affected- the people who receive the mailing list might just need to whitelist it.
-Legit email will (eventually, almost always) be Certified, so Certified emails can be sent straight to the Inbox. Non-certified email will (eventually, almost always) be spam, so it can be trashed.
-Any spam that is sent from a Certified server will quickly be reported by pissed-off recipients, and quick action will be needed to avoid that Certifier (and ALL the servers it has certified) from being put on a blacklist.
-Spam will dwindle as Spammers either move to 'spam-friendly' Certifiers (which are blacklisted so the spam never gets thru anyway), or will spend huge amounts of money switching ISPs every 2-3 days to get re-certified over and over. Of course, ISPs could take a clue from the Las Vegas Casinos, and keep a 'black book' of known spammers, and check new clients against them before Certifying them.
-This system does not need to be adopted all at once. Certified and non-certified emails can be handled both by email clients that are Certification aware and not.
It may not be perfect, but it'd be a good start.
What about fighting back? (Score:5, Interesting)
When someone as massive as google gets a confirmed spam address, simply respond back with many replies that are as good as genuine replies. Spam them with a few thousand and finding one becomes too difficult, therefore the business model falls away.
I know this is increasing spam short term, but remove the business model and it should stop long term. If other sites (yahoo etc) pick up a similar system for a coordinated effort can't spam be stopped?
Re:Hmmm (Score:2, Interesting)
on our mailservers 97-98% of the mails are blocked by greylisting, of the remaining a considerable portion is still spam or virus carrier.
yesterday we had about 103000 incoming mail of what as much as 3000 where accepted by greylisting, after that there are the antispam and antivirus...
Re:Anyone Still Have Spam? (Score:4, Interesting)
I can understand that to some degree, because in reality it is a balancing act, and some people may prefer a different balance. But if I have to go searching through my junk mail all the time to pick out the false positives, then I'm not sure how much better off I am than just sorting through a spam-filled inbox.
The main benefit to avoiding false negatives that I can think of is the notification of new email. I have a smart phone that buzzes every time an email goes into my inbox. If I weren't filtering spam, it would buzz constantly. So in that sense, it's better to deal with false negatives, since I can always sort through my junk when I get back to my computer. But otherwise, I don't really see much benefit.
Re:Well, we will just have to (Score:4, Interesting)
This model works for large ISP's but creates a problem for all the smaller companies out there running their own email servers. I would object to having to relay all my email through the major providers for good reasons.
You don't have to relay any mail. Just ask you ISP for Certification. They Certify your server, and you can send all the mail you want without relaying a piece.
Personally I feel that a good way to get arid of spam is to have a central authority with a white list. You have to pay a fee to be on the list. It can't be free. Tax the spammers and you put them out of business. You spam you get delisted if proven and you don't fix it. Everything not on the whitelist gets rejected.
That might very well be what happens- Certain certifiers are known to be reliable, and they are added to a whitelist. (A certified list of Certifiers.) Any email server they certify is considered 'good'. Newcomers to the Cerification game would have to have a proven track record (say, one year with no complaints) before they are added.
Problem is with people having figured ways around captcha, public email providers like hotmail and gmail are always going to be a source of some spam.
With Certification, people can report spam with the click of a button. If google/yahoo/hotmail don't figure out how to stop spamer accounts, then they risk getting their certs pulled, and no one will get their user's emails. Thus, their users will leave, and they will go out of business.
OR, they can come up with a better way to stop spammers.
Either way, we win!