Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Spam

Crazy Stats on Spam 316

gtaylor writes "An article in the Korea Times says that market research firm Emforce has established that South Korean internet users average about 1600 pieces of spam annually, summing to around 39 billion pieces of spam per year. According to the same story, Americans receive about 2500 pieces of spam per year." I figured that I get somewhere around 30-40,000 pieces of spam annually. Lucky me... I get *this* statistic to be on the other side of the bell curve :)
This discussion has been archived. No new comments can be posted.

Crazy Stats on Spam

Comments Filter:
  • Interesting survey (Score:3, Interesting)

    by .sig ( 180877 ) on Wednesday December 19, 2001 @01:47PM (#2727367)
    What I think would be an interesting addition to this would be to look at how much spam finds it's way onto newsgroups and weblogs such as this. My guess would be several orders of magnitude more, quite a waste of time and energy.

    If they were typing randomly odds are one of them should have produced the next Hamlet by now.

    • Exactly. The scary thought here is how much waste goes into all the pieces that never reach an inbox somewhere. I wonder what the hit:miss ratio is, generally.

      - DDT
    • Sorry CmdrTaco, It's not a Bell Curve. Since the curve is bounded below by 0, it's likely to be a Poisson Distribution or something similar to that.

      I'm not exactly correcting any Irony here, but I've not yet met a Slashdot Statistics Nazi.

    • by flacco ( 324089 ) on Wednesday December 19, 2001 @02:06PM (#2727532)
      If they were typing randomly odds are one of them should have produced the next Hamlet by now.

      And they would have titled it: "Spamlet".

    • Here is another stat that would be intersting to find out what percentage of all internet trafic is devoted to Spam.

      Would the net speed up 5% if all spam was made illigal?
    • Naw (Score:2, Funny)

      by waldoj ( 8229 )
      What I think would be an interesting addition to this would be to look at how much spam finds it's way onto newsgroups and weblogs such as this. My guess would be several orders of magnitude more, quite a waste of time and energy.

      Oh, no, very little.

      And you'll get absolutely none if you act now and buy my new SlashdotSpamBeGone, for just $9.95.

      -Waldo Jaquith
    • I don't know about the number of spams posted to newsgroups daily, but the number of spams cancelled is on average 25000 to 50000 daily.

      However, I don't think anyone bothers to cancel spam in alt.binaries groups.
  • hmm... (Score:5, Funny)

    by arson1 ( 527855 ) on Wednesday December 19, 2001 @01:48PM (#2727379) Homepage
    But the email said it was an exclusive deal just for me!
  • To get the word out on how big of a problem spam is, the paper mass mailed the article to all users with a .edu, .com, or .org e-mail address.
    • I know this is supposed to be funny, but this actually happens. Sometimes it seems like I actually et more emails about spam than I do spam itself. It's an endless cycle it seems, the only solution is violence.

  • My SPAM i am (Score:2, Interesting)

    by crumbz ( 41803 )
    I get between 20-30 messages daily, sometimes spiking up to 40+. I have had the same email address for 9 1/2 years but the problem only really began about 2 years ago. Then the network effect [URL?] must have taken effect and it skyrocketed. I subscibe to the usual privacy measures and don't give it out in newsgroups, return emails etc. but it is out there and they won't leave me alone. Waa!
    • I've had my current primary eddress for about the same lenght of time (9 Years). I too get about the same ammount of junk per day.

      I made the bad mistake back in about '95 of tacking an address onto web pages I was designing for clients.

      I know that is why I get most of my spam. (That and my Internic registrations.)

      I was lucky enough to have set up edresses for most of my early jobs. (ie, I set up a site for XYZ company and use the address of meXYZ@mydomain.com as the site's webmaster.)
      Now I just filter on those old addresses.
      Straight to the trash.

      This of course doesn't help on the times I forgot to use a psuedo-eddress. Those I have to move to the trash myself.

      Over the last few months, I haven't dumped the trash file, and seem to have accumulated about 1,800 messages in there. (All spam. Don't throw anything else away. I catalog all my old mail going back to about 93.)

      I keep thinking that I am going to run analysis on the mail some day soon. You know: See how much of it comes from hotmail (not as much as I thought), how much from yahoo, how much from .ru, what percentage has forged headers, etc. Thought it would be an interesting profile of spammers. Haven't found the time yet.

      Anyone else look at this kind of information?

      Oh, and in addition to the domains I own, I have eddresses in about 13 other places, including some of the free services like hotmail, altavista and yahoo. None of them get that much spam.

      The only other "problem" account I have is my old (*WAY* old. UserID under 2500 -- One of the first people to sign up with the service.) AOL account. [Hey, no flames here!] I guess that is to be expected with an account that old.

      What are other's results with the different services?
  • There can't be more than one spammer per spam, right? Track them down and jail them. Give them lots of reading material to keep them happy.
    • There can't be more than .5 spammers per person; by (most commonly accepted) definitions, spam has to be sent to multiple people.

      I suspect that the actual number is several magnitudes of order lower; in fact, I'd guess that under 2,000 people are directly responsible for 75% of all spam (pure conjecture).

    • Yeah, make them read their own spam mail once for each person they sent it to. Or let's say twice. There has to be some punishment involved. ;-)
      • by Tackhead ( 54550 ) on Wednesday December 19, 2001 @02:45PM (#2727791)
        > Yeah, make them read their own spam mail once for each person they sent it to. Or let's say twice. There has to be some punishment involved. ;-)

        1) Jail spammer in special spammer's prison.
        2) Give spammer an email address.
        3) Publish spammer's address on USENET, preferably in an MLM or pr0n newsgroup.
        4) Mail spammer, three times a day, an email message telling him his meal is ready, which he can print out to requisition his meal.
        5) Deny spammer the use of filtering tools. If the spammer starves to death because he can't find his meal tickets among the spam, that's his problem.

        I mean, why should he need a filter for his mail? Every spammer I've talked to - from trailer-trash to DMA executive - says it's easy to Just Hit Delete, right? It only takes a few seconds a day!

        And I'm sure there are so many interesting offers in his mailbox, if he's not interested, he can always Just Hit Delete, right?

        Ah, what I wouldn't give to be a warden in such a prison.

  • South Korean internet users [receive] average about 1600 pieces of spam annually, summing to around 39 billion pieces of spam per year. According to the same story, Americans receive about 2500 pieces of spam per year.

    The average computer user never uses a fake e-mail address (or at least a scrambled one) when they're asked for their email address during registration or similar processes. Furthermore, they forget to point out that they don't want to receive e-mails by the company responsible for the registration (I'm not even talking about companies who sell their customer db's to other companies).

    Finally, millions of people have a hotmail account. And there, they forget to point out that they don't want to be listed in the so-called White Pages, a main source for spammers.
  • by garcia ( 6573 )
    why am I so lucky that I recieve almost no spam? In the past year I have recieved less than 25 pieces of e-mail spam.

    I know that I don't advertise my email address on the web all that much and I don't use a free-web based service but that doesn't seem like great protection against spamming.

    I am just lucky I guess.

    since I really would like some free porn, email me at: garcia@localhost
    • Re:why? (Score:3, Insightful)

      by daeley ( 126313 )
      You should spam a bunch of people with the above message, add "Would you like to know my secret?", and see how much dough you can rake in. Now *that* would be a study. :)
  • It's pretty annoying how pretty much nothing can be done about spam (I know there are the usual methods, register the domain in one of the spam registries, install a filter, etc, etc).

    One would think that spam should be tracable back to the source. Email server keeping track of the IP and time, server giving out the IP keeping track of who used the IP at the time. Then it would be likely that people could complain and get the IP to block said person.

    Of course, there are many complications for this.

    Die spam die!! Until then, I guess I just have to get used to using the delete key.
    • Re:*sigh* (Score:3, Informative)

      by Tackhead ( 54550 )
      > One would think that spam should be tracable back to the source. Email server keeping track of the IP and time, server giving out the IP keeping track of who used the IP at the time. Then it would be likely that people could complain and get the IP to block said person.

      In many cases, it's easy to trace the spam back to the ISP from which it was sent, or to the ISP that's hosting the spamvertized website.

      The problem comes when the spammer's ISP is unresponsive, either because they don't give a fsck about the problem, or because they're being paid well enough by the spammer.

      SPEWS [spews.org] presents an interesting solution to the problem. In a nutshell, networks that harbor spammers get listed, and you can configure your mail server to use that list to refuse traffic from spam-harboring network providers.

      The more people that use services such as SPEWS, the more likely it is that large, unresponsive ISPs (you know who you are) who also happen to have legitimate customers will receive mail from those customers saying "Hey! Clean up your act so people stop rejecting all mail from your customers! You've got real customers to service, not just spammers, you know!" and will be forced by market necessity to take their network abuse problem seriously.

      If you're a user of one of these networks, and don't like the fact that some of your mail now bounces, look at it this way. You're living in a crackhouse, and your landlord is doing nothing to solve the problem. We're tired of dealing with your neighbors' rusty needles and used condoms. If your landlord won't clean up the building because he'd rather have a crack dealer's protection money than your rent, maybe it's time you moved somewhere civilized.

  • by Quasar1999 ( 520073 ) on Wednesday December 19, 2001 @01:53PM (#2727417) Journal
    What is spam? Unsolicited emails for unknown people? Unsolicited emails from companies you once did business with? Unsolicited email from companies you still do business with? Unsolicited email from relatives? How do you measure spam if you can't even define it?
    • In my book it's all spam. I consider the 'Monthly Newsletter' from my ISP as spam. Unless a specific person wants to communicate with me, it's spam. By my definition, any company that sends me an email is spamming me.

      My favorite is how they all have 'Send me more information' checkbox already selected for you when you install a win program. Thanks, good thing they check that for me, what would I do if I couldn't get any of those great offers ..... bleh ...

      Lower spam ratio is the best reason to buy a domain ...
      • Lower spam ratio is the best reason to buy a domain ...


        Not just that, but you can tell who it is coming from, and warn others about it as well. For example, I have my own domain (several actually) and if I have to enter my email address online when I am buying something I always use company@[mydomain]. That way, if they sell my address, I know exactly who sold it, and can raise hell with them about it. Also, I can just put a deny in my mail server for that address and not worry about losing real mail.

        Of course, this means you either control your own mail server, or have a pretty good relationship with your ISP for them to set this up. It's worth it though.

      • My favorite is how they all have 'Send me more information' checkbox already selected for you...

        They aren't ALL slimebags; just most of them. In fact, those few who don't default the SPAM checkbox to ON get *LOTS* of respect from me, and because of their (relative) honesty, I often opt-in(!) because they've earned an ounce of my trust.

        Two examples that jump out at me would be Winamp, with it's "don't bug me ever again" button, and 800.com, where they're very upfront about it being your choice to opt-in to recieve 800.com and/or 3rd party "special offers".

        Too bad more companies don't follow this opt-in example. Apparently fucking people over (exageration? nah) is more profitable short-term.

        --

        • Add to the the list of companies you respect - Microsoft.

          Last night I upgraded to Money 2002 (Money is a fantastic product) and there were three unchecked boxes which, if checked, would have allowed me to opt-in to marketing from Microsoft and their partners.

          I did not opt-in, but was at least impressed that I was given the appearance of an option. :-)
    • My definition, adopted from long enough ago that I can't remember who said it, is:

      1. any email sent to more than 5 people who don't know the sender and didn't request the email
      2. any posting on more than 5 newsgroups

      Content is irrelevant.

      I suppose I would say that spam is getting to be an undefined term these days. It is raking in "classic spam" and also unsolicited advertising via email or posts on non-sales-related newsgroups or weblogs. Soon it will probably include any email from anyone you don't know, or who doesn't name you in the to: or cc: lines, or whatever.
    • Well if I get emails from a company that I said they can send me email, that my own fault. Maybe spam, but I can't get mad at them. But my main email is on MANY marketing list, in fact I often get offers to sell me this list of email, which guess what.. I'm on. So yea I get lotsa lotsa spam, luckly its not a huge time waister as I have filter present to take care of many and can run down a list with my eyeball deleting spam in notime. Now if I didn't check my email for months, I'm sure I would be absolutly terrified of the amount of junk I had to deal with when I got back, but as of current, its no big deal.
    • What is spam?

      Unsolicited advertisements from people you have never done business with. That covers about 95% of the mail I delete without reading. This isn't a difficult definition; no need to try so hard to make it otherwise.
    • Spam is better described as UBE : Unsolicited Bulk Email.

      Unsolicited : you have not opted in to receive that kind of information or never had a contact with the sender. The problem is when you have had a previous relationship with a company and that company sends you advertisement. My opinion is that they should be allowed to send you ONE ad and make the removal of your email in their database easy with that ad.

      Bulk : email is sent in large quantities, to many people. The question is, how did they get your email ? Selling email lists should be illegal (except opt-in lists), but if your email is public (web, news) then no one can be forbidden to send you an email !

      Note that all UBE is not commercial, it could be a virus or a bad joke.

      Considering annoying emails from friends and relatives, that is a very different problem, I think, that should not be mixed with UBE.
    • It's amazing how many people fail to understand how simple this is. HINT: Unsolicited faxes are already illegal. This is the only reason anyone has any fax paper left in the tray.

      Unlike many other regulations our country has lately considered, there is no gray area, and no real consitutional complexities.

      It is trivial to determine when a communication is unsolicited: the test is whether you had prior direct, 1st party contact with the sender, in which you requested the message. Then, to my mind:

      * If the receiver pays for the communication, communication must be solicited by the receiver!

      * If the sender pays for the communication, then let the sender go to town - it's their nickle.

      Yes, it is cheaper for me to receive email than to receive a fax or a cell phone call. But it is not free!

      Of course, I am all for compromises such as federally enforced "universal opt-out" lists, federally enforced uniform header/subject identification, or any other method by which I can effortlessly, and with a single action, no longer receive any unsolicited commercial email. But anything less than that (i.e. opt-out) is nothing at all.
  • Can anyone forsee a downturn in the rate of spam? Many things recently have been receeding on the Net. Can we expect the same thing to happen any time soon to spam?
    Does anyone have any figures for how effective spam is? Have any /.ers foolishly (or not?) replied to something decidedly not pork and not beef that arrived in their mail?

    I would like to see the back of it all, because there are only so many times that your boss will believe that the dirty emails dropping into your mailbox every hour is spam ;-)

  • If Korea's only consuming 39 billion pieces of spam a year, they must be running an enviable spam surplus. Half the spam I get bounces off a .kr server.
  • by sam_handelman ( 519767 ) <samuel.handelmanNO@SPAMgmail.com> on Wednesday December 19, 2001 @01:56PM (#2727446) Journal
    The posters mention of being on the "far side of the bell curve" raises an interesting question - how is Spam distributed? Obviously, it's not a bell curve; a significant number of people are getting as much Spam at the submitter, and a significant number of people are getting none. If 5% of "users" (do they mean user/person or user/address?) are getting as much Spam as the submitter, and everyone else is getting next to none, than Spam is not nearly as much of a problem as this article indicates.

    For example, as a person, I get a lot of spam. But almost all of it is going to my old account at the university of california (when I left I started giving the address to anybody who wanted one, for any reason.) However, the addresses I actually use get none.
    • how is Spam distributed?

      Of course there isn't one central "spammers registry" out there that all spammers draw from, but rather there are hundreds or thousands of disparate database compiled by culling newsgroups, scraping HTML, and of course by siphoning from other databases (forming an inheritance of email class instances): As such depending upon the spammers database source the likelihood of you getting fragged by them varies.

      I've used my real, unadulterated (like terrorism: Put crap in your email address to lamely obfuscate it and you've let the spammers win) email address in newsgroup posts, and because of that I get about 40 spams a day to my hotmail account. Hotmail does a good job of filtering, but on top of that because I only use that account for online registrations to trivial sites, and fluff stuff I can scan through it with little concern that something important will be lost in the mass of spam.

      • like terrorism: Put crap in your email address to lamely obfuscate it and you've let the spammers win

        Bullhockey. By your logic, beefing up airport security gives terrorists the victory.

        If I freely give them my email address to pass around like a hooker at a tailhook convention, then they've won.

        Besides, if someone doesn't have the IQ to demunge my email address, I don't care to hear from them.

    • The posters mention of being on the "far side of the bell curve" raises an interesting question - how is Spam distributed? Obviously, it's not a bell curve; a significant number of people are getting as much Spam at the submitter, and a significant number of people are getting none. If 5% of "users" (do they mean user/person or user/address?) are getting as much Spam as the submitter, and everyone else is getting next to none, than Spam is not nearly as much of a problem as this article indicates.

      Well first off, it's not the submitter you're quoting, but CmdrTaco. The reason he gets a lot of spam is either because he (a) runs a popular site that features his email address, and/or (b) subscribes to a lot of porn* sites.

      I'll let you decide.

      * Please note that I did not use the incredibly lame, old spelling, "pr0n."
  • Razor (Score:3, Interesting)

    by Reelworld ( 120784 ) on Wednesday December 19, 2001 @01:57PM (#2727453)
    I've got so fed up of spam over the festive season that I finally got off my butt and installed Razor [sourceforge.net] as featured on /. the other day. I've always been kind of against the complete black-hole idea, so Razor was very attractive.
    So far I'm quite impressed. Easy to install (a couple of lines in procmailrc) and it's picked up about 50% of the spam I've received so far - importantly it hasn't flagged any legitimate messages as spam. Of course, I reported the other 50%, so that hopefully others won't have to endure them. The nice thing about the systems is that the more people that use it, the more effective it gets. It's not perfect, but in this mean 'ole spam-filled world, it's a good place to start.
    • Re:Razor (Score:3, Interesting)

      by Tony Hoyle ( 11698 )
      I did something similar... I installed spamassassin and because I didn't entirely trust it, configured it to redirect everything marked 'spam' to a separate email address.

      It was so successful at home (100% hitrate!) I installed it on the gateway at work. It only mis-diagnoses about one message a week (for some reason it doesn't like sports related e-magazines) but I can whitelist the domains where required. I've only had one spam in my inbox since (mutated nigerian scam) & people keep saying 'what spam problem... I haven't had a spam for weeks!'.

      The spam trap has approx. 2000 emails in it so far.. I keep them all out of morbid fascination. Perhaps one day I'll find a spammer I really hate and sent the lot to them!
  • by Xenopax ( 238094 ) <xenopax.cesmail@net> on Wednesday December 19, 2001 @01:57PM (#2727457) Journal
    You have to figure that is the average person is receiving 2500 spam emails a year, then the spammers must be getting enough feedback to make it worthwhile. If you think about it, you don't need a high rate, or even moderate rate, of responses from mass mailings since a small percentage could cover your spamming costs. What we need to do is find the small percentage that is responding to this mail and whack them over the head, otherwise it will never end.
    • How can spam possibly work for the spammer? Who is unsophisticated enough to think that any spammer can deliver what they promise? Especially when there are hundreds of messges all alike: how would a hypothetical idiot who believes in spam know which message to respond to? Am I taking crazy pills or something?
      • How can spam possibly work for the spammer?


        Easy -- they find somebody stupid enough to believe that it will work, and then sell spamming services. Even if (when) it doesn't work, the spammer still has the money. Lather, rinse, repeat.

    • I think the normal phrase is:

      "There's a sucker born every minute."
      The real point is that we don't want people to become suckers- the law is supposed to protect them to some extent.
    • by rgmoore ( 133276 ) <glandauer@charter.net> on Wednesday December 19, 2001 @02:41PM (#2727769) Homepage

      Not necessarily. Arguing that spam must work because people keep trying it is like arguing that "Make money fast" must work because people keep sending it (or variants on it). All that's required for people to keep spamming it is that they think that it works, not that it actually does work. My guess is that the only spam that actually gets a big enough response rate to justify sending it is the kind that advertizes spamming services. Unfortunately, we'll only know for sure in 10 or 20 years when everyone who's unscrupulous enough to try spamming has done so. If they all give up because it doesn't work, we'll know that it was a failure and people were just trying it because they didn't know any better. If it keeps up indefinitely, we'll know that it does work and we'll have to start revoking net access of anyone dumb enough to reply.

      • Unfortunately, we'll only know for sure in 10 or 20 years when everyone who's unscrupulous enough to try spamming has done so.

        <humor type="bitter" truth="halfway" color="off">
        Trouble is, even unscrupulous spammers have children, and will pass on their unscrupulous
        spamming ethics onto their kids. We've all seen the Public Service Announcements on Television and on billboards by the Freeway: 'Parents who use Spam have Children who use Spam'.

        The real solution to Spam? Use the same treatment as we apply to the African Cane Toads and the Silicon Valley Agressive Driver : Sterilization.

        Keep these people from breeding! Unlike African Cane Toads, few of these Spammers are able to find a mate, in part due to their unscrupulous ethics, so it should be easy to track down the remaining breeding spammers.
        </humor>
    • by gus goose ( 306978 ) on Wednesday December 19, 2001 @02:44PM (#2727784) Journal
      If a fool is born every minute, and there are (according to the CIA [cia.gov]) 21.37 births per 1000 people, and (according to the US Census [census.gov]) there are about 6.1billion people, then there are 130Mil. births per year, or about 250 births per minute. Since one of these is a fool (and I think that is very low), then about 0.4% of the population are fools. Thus, if only fools respond to spam, then you only need to send 250 spam to get one response. Assuming that fools are less computer literate (proportionally few fools have e-mail), then you would need to send more to get a response, but not by much.

      On the other hand, in the past there were fewer births per minute, and thus there were proportionally more fools. This improves the spammer's hit rate.

      So, to answer your question, you get about 1 in 250 'hits' for spam.

      gus

      • But there are 250 million people in the US, yet about 240 million are fools. So your 1 in 250 fool ratio doesn't work.
      • Actually, one in 250 would be a spammers dream. One in 100,000 is more realistic.

        A pathetically low percentage of spam winds up in actual peoples mailboxes, most of it is undeliverable (mailboxes that I discontinued in 1995 are still on the spammers "Verified! All Fresh! 10 Million addresses" CD-ROMs).

        Then, of course, even if a sufficiently gullible person is reached by the spam, that person has to feel a need for the product or service. TV Shopping Channels are surprisingly effective, but not effective enough to turn every person watching it into a buyer. Spam is no different in that respect.

    • sold on sales (Score:3, Interesting)

      by Erris ( 531066 )
      What we need to do is find the small percentage that is responding to this mail and whack them over the head, otherwise it will never end.

      Whack my grandmother at your peril, it's never going to end.

      The ultimate fools are those who buy your logic and pour money into advertising. This works just as well for the suckers who buy "harvester" software as it does for folks who buy billboards. All it buys the purchaser is customer anoyance. The more advertised something is, the less likely I am to buy it. Unfortunatly there's a sucker born every minute who thinks "brand recongition" can be earned in some way other than solid performance, positive reviews and customer satisfaction.

      Never trust someone who connives.

      • Unfortunatly there's a sucker born every minute who thinks "brand recongition" can be earned in some way other than solid performance, positive reviews and customer satisfaction.

        What fantasy world do you live in? Those are the *hard* ways to earn brand recognition! Much easier (and arguably more effective) is paying a popular celebrity to publicly endorse your otherwise crummy product. I suppose that this falls under "positive reviews," but those can be bought. Is any athletic shoe really worth $150+ based on solid performance or customer satisfaction?

  • by toupsie ( 88295 ) on Wednesday December 19, 2001 @01:58PM (#2727463) Homepage
    I used to run only sendmail for my SMTP needs but I found it a pain to administer when it came to SPAM. In the last year, I have moved all the e-mail servers I manage over to Postfix [postfix.org]. Since I have done the switch, I am killing SPAM very effectively -- some still slip through but not many.

    By checking my logs for the last 24 hours, I have killed over 800 SPAMs for my 100+ users. If this is a 'typical day' in the life of my e-mail server (though I am seeing more around Christmas than ever), I am killing ~3,000 SPAMs per year per user. Not only does blocking SPAM give me a deep sense of personal satisfaction it gives me more time during my work day to do more important duties (like reading Slashdot) because I don't have users calling me to complain about the sex ads, mortgage offers and fly by night investment opportunities in their e-mail box.

    I would love to see the US Congress require all e-mail marketeers to be opt-in instead of opt-out (with the Death Penalty for violators). However, I don't know if this would be effective as most of the SPAM coming in is from foreign servers (mainly Asian nations).

  • Bell Curve (Score:2, Informative)

    by PoiBoy ( 525770 )
    Mod me offtopic, but I must...

    I figured that I get somewhere around 30-40,000 pieces of spam annually. Lucky me... I get *this* statistic to be on the other side of the bell curve :)

    The normal distribution, aka the "bell curve", has absolutely nothing to do with the distribution of the number of pieces of spam received annually. If anything, I would guess that the distribution has a long right tail: most people receive somewhere around the median amount of spam, but a relatively few users (such as slashdot readers) receive a much larger amount.

    In general, numbers of anything do not just happen to be normally distributed. Central limit theory discusses the asymptotic normal distribution of sample means under suitable conditions, but generally very little can be said about the underlying population's distribution. Please refrain from talking about something having a particular distribution unless you know (or can test statistically) that it does. It's usually a sign of ignorance.


    • The distribution curve of spam would be interesting to know, I agree. I also suspect that it has a long right tail. Many people get very little spam because their email addresses are kept close to them or haven't been around long enough to have been shared out to everyone in the world. Between my school and work addresses, I get maybe one spam a week. Others are somewhat cautious and their rate of spam starts low, but over time increases as the couple of untrustworthies they've delt with give out their addy's. Finally, there are the poor souls who have either had email addresses forever and not taken many preventive measures or are just saps.


      What I want to know though, is how these distributions change with time. I've observed, and I think this is generally the case, that over time the rate of spam at a given address increases. As more people have email addresses longer, we could expect the median spam rates to rise. Over time, we might see the distribution become closer to normal or even become bi-modal betweeen people who protect their addresses well and those that don't. This could be a really interesting thing to watch and study. Though, I think I'd rather play video games :)

  • by MindStalker ( 22827 ) <mindstalker@gmai ... com minus distro> on Wednesday December 19, 2001 @01:58PM (#2727470) Journal
    Wow, I've been reading so much spam latly, that I honestly read the headline as, "Crazy Sluts on Spam" at first!
  • by mrroot ( 543673 ) on Wednesday December 19, 2001 @02:01PM (#2727491)
    ...is about the penis enlargement spam.

    I mean, how did they know to send it to me?
  • by Gaccm ( 80209 )
    I can see why for somehoe with an email address shown on slashdot might get tons of spam, but the far majority of regular users could easily not get spam anymore. Here are the steps i did to not get spam EVER.

    1. don't use your isp's email address. I don't know why, but those always get lots of spam. I think its because the isp gives you webspace, in a folder named from your username. So a spambot just needs to go to aol.com/users/ read all the folder names and tack on @aol.com.

    2. have 2 email addresses, one which is for actual usage, such as communicating with friends. The other is just for all the things where you have to give a valid email address to sign up.

    Thats all i did, and it works great for me. I guess a possible third step is that, if you get any spam, to ALWAYS hunt it down. look in the headers of the email, find where it came from (for example, aol.com) and forward the spam to abuse@aol.com, if that doesn't exist, forward it to webmaster@aol.com, root@aol.com, admin@aol.com, administrator@aol.com and any other names you can think of.
    • by linuxlover ( 40375 ) on Wednesday December 19, 2001 @02:49PM (#2727837) Homepage
      I have the same setup.

      To report spam, the _easiest_ way is through spamcop.net [spamcop.net]. You signup (free) and they will send you an email address to forward your emails. So all you do is forward the email as an attachment which preserves all the headers. Spamcop will do the tedious work of hunging down the headers adn open relays abused and send a report to those automatically.

      I have been using it for a week now, and absolutely love it. Give it a try. You'll be glad you did.

      LinuxLover

  • I was used to getting +-10 spams per day, all from pr0n (where did they get my e-mail address? I once posted a naked pic of a regional pr0n newsgroup [chile.binarios.para-mayores.mujeres, to be precise]).



    In the last three months, I've begun to get LOCAL spam, from stupid & amp; clueless companies that think that mailing spam equals "to be on the Internet" (equals making huge profits [yeah, I know better]). Now I'm getting around THIRTY daily spams, besides the pr0n I already get.

    (10+30)*365 = 14600 spams per year.

    Sigh...

  • by DaveWood ( 101146 ) on Wednesday December 19, 2001 @02:14PM (#2727575) Homepage
    It somtimes amazes me that politicians would pass up such an excellent opportunity to please the electorate at so little political cost to themselves - why not just ban spam? All of the ingredients are there:

    1) Issue affects better educated citizens who are more likely to vote
    2) No one likes spam. No one at all. Except for the spammers, that is
    3) It's a magnet for all kinds of illegal activity
    4) Unsolicited faxes are already prohibited - the technical and legal parallels are clear as day

    And yet every time spam bills appear, they disappear, or are neutered, with lightning speed. Then I remember. This is America.

    With the exception of what I have heard politicians refer to as "hot button" issues (abortion, gun control, school prayer), the sad reality is that almost nothing gets through congress unless someone is paying for it.

    Congressionals and members of the executive are so deluged with paying customers that they seldom have time to worry about the real world. The rest of the time, rivals routinely block each others' attempts to pass any legislation as a matter of principle or habit or a continuous cycle of revenge, usually across party lines.
    • by legLess ( 127550 ) on Wednesday December 19, 2001 @02:52PM (#2727867) Journal
      Actually, the Direct Marketing Association loves spam [mail-abuse.org]. They see that dead-tree mail is going the way of the dodo, and more communication every day is electronic. They see spam as a wonderful way to increase their reach and simultaneously lower their costs.

      They're thinking long-term: in 25 years, they want to be able to legally send anything to anyone, ideally with little or no cost to themselves. Science fiction is replete with examples of this thinking: intelligent door agents or house-bots who spend (too) much of their time filtering what we've come to think of as spam (i.e. unsolicited electronic communication).

      The DMA sees the Internet as a "push" medium, with themselves as the prime pusher. "We'll tell you what you need, and want," they say.

      In summary, this is sadly not as much a no-brainer for Congress as you'd think or hope. The DMA has been throwing huge money at this problem for years, and will continue to do so. Don't trust Congress to do the Right Thing.
    • It somtimes amazes me that politicians would pass up such an excellent opportunity to please the electorate at so little political cost to themselves - why not just ban spam?

      Two words: Legal Bribery. A.k.a. "lobbying."
    • The issue is, to many, a bit more complicated than that. Legislating away the powers of business can, and often does, have consequences far beyond what people initially understand. Granted, if the fly-by-night operators others have mentioned (selling investment opportunity, porn, and such - often on shaky legal ground) dissapeared, they won't be missed. But do you want to act in an irrational manner that would genuinely hurt legitamte business, in that one powerful tool of communication would be denied to them if the proposed law wasn't clear or too harsh?

      If such a law were to be proposed, it would have to respect not only the rights of the individual, but the ability for the business to conduct itself in a fair and efficient manner. Many here have brought up some excellent points, involving opt-in only, always having a valid return adress and so on. Under a fair set of guidelines "spam" can be both containable and beneficial to us. Banning it all outright seems a bit overkill when we've actually done little (federally at least) to try to solve this problem, though I agree with you the attempts haven't gotten us far.
      • If such a law were to be proposed, it would have to respect not only the rights of the individual, but the ability for the business to conduct itself in a fair and efficient manner.

        What, exactly, is "fair" about companies using my resources to tell me what they're selling?

        If I'm interested in what they're selling, I'll seek it out. They have absolutely no right to send me unwanted ads. I already pay for my DSL connection, my ISP, and the phone lines the data travel over. If these spamming assholes want to play "fair" they'll reimburse me for the use of resources I pay for. Otherwise they can go fuck themselves.

        -Legion

      • Your response is well considered and a pleasure to read, but I must disagree with you that it is a complicated issue for anyone. Unlike many other regulations our country has lately considered, there is no gray area, and no real consitutional complexities. It is utterly simple.

        It is trivial to determine when a communication is unsolicited: the test is whether you had prior direct, 1st party contact with the sender, in which you requested the message. Then, to my mind:

        * If the receiver pays for the communication, communication must be solicited by the receiver!

        * If the sender pays for the communication, then let the sender go to town - it's their nickle.

        Yes, it is cheaper for me to receive email than to receive a fax or a cell phone call. But it is not free!

        Of course, I am all for compromises such as federally enforced "universal opt-out" lists, federally enforced uniform header/subject identification, or any other method by which I can effortlessly, and with a single action, no longer receive any unsolicited commercial email. But anything less than that (i.e. opt-out) is nothing at all.
  • like, for example, a Spam Busting FAQ. Then you could link to it in the article, and users wouldn't feel compelled to post comments about Postfix, Spamcop, Razor, etc.
  • I'm at about 20,000. 50 a day adds up quick... Most of it is duplicates too. Fortunately, about 90% are courtieous enough to put "unsubscribe" in the body so they get easily filtered.

    Travis
  • by Proaxiom ( 544639 ) on Wednesday December 19, 2001 @02:18PM (#2727604)
    I read something once about advertisers and marketers trying to build lists of people according to their known interests so advertising can be more cost-effective.

    Based on the e-mails I get, it would seem the advertising community has me pegged as a debt-ridden pervert with a small unit, sexual dysfunction, no education, and a penchant for get rich quick schemes.

    I wonder how they know that. I must be an open book.

    • The advertisers have me as all of the above. Plus, I'm a woman whose breasts are too small.

      Oh, and I have an unreliable Windows system.

      (Note that I have no Windows systems. They're all Mac and Linux.)
  • spamcop.net (Score:4, Informative)

    by Neon Spiral Injector ( 21234 ) on Wednesday December 19, 2001 @02:19PM (#2727618)
    With the last article about spam that ran on Slashdot. I saw someone mention spamcop. I knew of the service, but never really checked it out before.

    After reading most everything on their site, I figured I'd sign up for their pay filter service. Not really to stop the spam (that is just a nice added benifit), but just for ease of reporting the spammers.

    Since signing up spamcop has probally stopped around 50 spams to me a day. Still about 5 a day slip through (and perhaps 1 false positive a day). I have reported all of the spam. I think I've recieved about 8 responces total to my reports, and I keep getting spam from the same places.

    I'm pretty impressed with the service. At $0.50 a megabyte it isn't too expencive (but I shouldn't have to pay to not recieve e-mail). They are planning on going to a flat rate of $3 a month (which will be good for me as they estimate I'll be paying about $7 a month at my current rate).

    Anyway, check it out if you haven't before, www.spamcop.net [spamcop.net]. At least report some of the spam you get using their free service to help build a bigger data base of open relays and other bad Internet company.
    • Re:spamcop.net (Score:3, Informative)

      by rodbegbie ( 4449 )
      I've been using Spamcop for the last 9 months as a reporting tool, but for filtering, I'm a huge fan of SpamAssassin [taint.org]. It's a bit of a bitch to build and install (leaving a vital patch file out of the distribution tar probably isn't the smartest thing to do), but dear god, it does the job right.

      Plus, you can configure it to use Spamcop's black-list so you get the benefit of Spamcop's filters too.

      Sysadmins/users with an ounce of savvy should check this bad boy out.

      rOD.
    • I tried it. Unfortunately, my spam comes in on Lotus Notes, which also mangles the headers up so much that spamcop can't understand them :(
  • How much paper spam is distributed by the world's postal systems? I know my box is stuffed three times a week with crap I'll never buy. Is there a corelation between the cost/paperspam/volume and the cost/emailspam/volume?

    Travis
  • Spam laws (Score:5, Informative)

    by Alsee ( 515537 ) on Wednesday December 19, 2001 @02:35PM (#2727730) Homepage
    Spam sucks. Spam is a problem. Spam is a BadThing.

    But don't push for SpamLaws. It is just an invitation for them to pass other stupid net-laws. Laws are regional, the internet is not. It won't work. The treatment will be worse than the disease.

    Lawmakers do not understand the internet. Tell them to keep their hands off.

    We are better off working out our own solutions - blackhole lists, filtering software, etc.

    -
    • Re:Spam laws (Score:2, Insightful)

      by zbuffered ( 125292 )
      We may be better off working out our own solutions, but my computer-illiterate parents sure won't be. They can barely check their e-mail. Installing filtering software is definately beyond them.

      What if a law were devised that would not stop legitmate e-mail, but which would stop spam? Unlikely, you say? That's not my point. What if? Productivity would increase, ISPs would have their costs lowered, and another form of fraud could be stopped. Stopping spam should be our goal, even if the possibility exists that it could block legitimate mail. We have to try.
      • We may be better off working out our own solutions, but my computer-illiterate parents sure won't be. They can barely check their e-mail. Installing filtering software is definately beyond them.

        They will benefit from our solution. Spam filtering is generally more effective at the ISP or infrastructure level. Take a look at the Mail Abuse Prevention System [mail-abuse.org].

        User-end solutions can even work for them if it is integrated into the mail reader. "Oh, look honey! AOL 9.0 (gag, puke) has a spam blocker!"

        We need people working on the problem, but they need to be programmers and sysadmins, NOT polititians.

        What if a law were devised that would not stop legitmate e-mail, but which would stop spam? Unlikely, you say?
        ...even if the possibility exists that it could block legitimate mail. We have to try.


        What are you smoking? And can I have some? I never mentioned legitimate mail.

        -
  • ...and I have almost 2400 pieces of spam. That's since Jan. 1 of this year. This is at work alone. I probably get more than half that at my personal account. So I'm averaging over 3600 pieces of spam a year.
  • Fighting spam (Score:2, Informative)

    by jestapher ( 181119 )

    If you are in states with so-called "anti-spam" laws, you can start taking legal action against spammers. Check out:

    Sorry for the Washington-heavy links; it's my home state.

  • by nyquist_theorem ( 262542 ) <mbelleghem@NOSPAM.gmail.com> on Wednesday December 19, 2001 @03:00PM (#2727923) Homepage
    Unsolicited mass emails are never going to go away 100%. It frustrates me that so much time and energy and print/webspace is given to studies and articles that don't include what I would think to be the most important indicator of spam's level of infiltration - Signal to Noise Ratio. Sure, the "average" user gets xxx Spam per day/year/minute, but on what amount of traffic? If the "average" user gets 1600 spam out of 1700 emails, that's obviously very bad, but 1600 on 170,000 emails a year is a lot better. The poster's comment about being on the wrong side of the bell curve doesn't neccesarily mean he's getting more spam than most people as a ratio of spam-to-legit-emails. I would be most interested in studies that analyze the SNR, for in doing so I think we'll see (even more clearly!!) that there is indeed a spam problem that must be dealt with through enforceable legislation and/or international agreements.

    As a side note, I have taken to giving out different email addresses for every place I'm asked for one, and using a "catch-all" from my domain, for example my email address here is slashdot@theoretica.net, but it might be goatpornmailinglist@theoretica.net or vic20overclockerslist@theoretica.net for other places. That way not only can I see what spammers got my email address from where, but I can also block a given address once its been overcome with spam - you know those places where you are asked for an email address and you just *know* you are going to get spammed senseless for providing it, but you must to get a login or pwd or whatever?

    I also have OE move everything that's been BCC'd to me into a spam folder, mark it as read, and review it once a week.
  • They must have averaged in people with no e-mail address.
  • by smartin ( 942 ) on Wednesday December 19, 2001 @03:20PM (#2728069)
    Maybe the current govt crack down is targeted at the wrong set of Internet wrong doers.
  • by clarkie.mg ( 216696 ) <mgofwd+Slashdot@ ... minus herbivore> on Wednesday December 19, 2001 @03:57PM (#2728359) Homepage Journal
    1. Do not post your email on a website or in newsgroups.

    2. Use a separate email address for subscribing to web sites. If that email gets spammed, change your email on web sites you want to continue to use, delete your second email and create a new one.

    3. Use 2 emails, one for your job and one for your private use. That way, you won't get porn or stupid jokes at your job and your company won't monitor your private emails.

    4. Never reply to a spam. If you have to unsubscribe, do it on the web.

    5. If you want to put your email on the web or in newsgroups or on any system that can be digitally scanned for emails, disguise your email so that only a human can read it. Example myname@isp.com becomes myname(AT)isp(DOT)com.

    6. Use a tool for filtering your incoming email.

    7. Never forward an email chain letter. They are all scams. If you absolutely want to forward one, check the information before.

    8. If you have subscribed to mailing-lists, check or ask if it is indexed on the web and if your email is diclosed there. Ask for removal or dedicate another email to that list that you will delete/change when it gets spammed.

    9. If you have time, read the headers of spam emaiks and complain to the ISP that the spammer used.

    10. There are many tools and advice on the web:
      abuse.net [abuse.net]
      cauce [cauce.org]

    Updates to this list are in my journal [slashdot.org].

  • I can just see the next generation of Denial of Service attacks on the big webmail houses. The new IIS worms will start "joining up" to hotmail, msn, yahoo, etc. Then, they'll wander around any place where they can just so happen to "drop" the email address for the sniffing spambots!

  • by Thagg ( 9904 ) <thadbeier@gmail.com> on Wednesday December 19, 2001 @05:45PM (#2729047) Journal
    I reconfigured our mail server a month or so ago, and, well, misconfigured it, so that it was an open mail relay on our DSL line. It took the bad guys about 2 weeks to notice; at which point we all of a sudden started getting hit with tens of thousands, then hundreds of thousands of relays through our server per day.

    I'm only a part-time sysadmin, so I didn't realize what was wrong for a couple of days, just noticed that the mail server was slow...during that time perhaps half-a-million messages were forwarded by my machine. Unforgivable, I know. I didn't realize the threat; and most of it happened over a weekend.

    On Monday, I spent a few hours finding out what was going on, and madly tried to cancel the messages by hand from the mail queue, before I did the right thing and installed the latest version of sendmail -- which by default doesn't relay.

    For the next several weeks, I've been petitioning the various spam reporting lists to take us off of their blacklists. I have to say that everybody was reasonable in this respect. It took some time to hunt them all down, but I think I have them all. If you are doing this yourself, http://relays.osirusoft.com has a great resource for checking what lists [osirusoft.com] your server is blacklisted with.

    The only good thing to come out of this is that during the cleanup phase, spammers continued to try to relay spam through my site, and I was able to get several of those accounts cancelled by calling up the various email abuse departments at their ISPs. (My favorite was worldcom, I called them and they answered "Abuse!" I told them that I really wanted an argument...) The biggest disappointment was @home, who required a 1-week waiting period before shutting down a really high-volume spamming operation.

    I was surprised how quickly my open relay was discovered, and then how quickly that information was distributed among quite a few (at least 40) spammers. Perhaps they watch incoming spam to see where it is relayed from; and harvest those to run their own spam.

    Anyway -- my apologies to the community. It won't happen again.

    thad
    • perhaps half-a-million messages were forwarded by my machine.

      Interesting. Could you tell how many protest from the spammed were addressed to you? Were they polite?
      I ask because sometimes I think I am the only one who complains (politely) to the open relay. I received a nice apology once.
  • Korean domains are far and away the number one source of spam in my mailbox. Does anyone know EFFECTIVE contract addresses for:

    Kornet.net?

    Thrunet.net?

    Dreamx.net?

    Hananet.net?

    I've SpamCoped everyone of these, complained to every address I could think of (abuse@, root@, help@, etc.), all to no avail. If I have to carbon copy 5000 e-mail addresses at kornet.net on each spam complaint to get them to stop spamming, I'm willing to do it...

The explanation requiring the fewest assumptions is the most likely to be correct. -- William of Occam

Working...