Spam Back Up To 94% of All Email

Thelasko writes "A NYTimes blog reports that the volume of spam has returned to its previous levels, as seen before the McColo was shut down. Here is the report on Google's enterprise blog. Adam Swidler, of Postini Services, says: 'It's unlikely we are going to see another event like McColo where taking out an ISP has that kind of dramatic impact on global spam volumes,' because the spammers' control systems are evolving. This is sad news for us all."

Well, we will just have to

[microbee]

send more _useful_ emails to offset that.

Re:Well, we will just have to

[ShadowRangerRIT]

Well, I have this brand new product that increases the size of a body part which 95% of men would prefer larger. Perhaps I should inform people of it?

Re:Well, we will just have to

[ShadowRangerRIT]

It's up to you to guess if the product is to be used by men or women.

Re:

[Killer Orca]

Well, I have this brand new product that increases the size of a body part which 95% of men would prefer larger. Perhaps I should inform people of it?

95%? What are the other 5% already swinging meat-picks?

Re:

[johannesg]

Your solution advocates a

[x] stupid

solution to the problem of spam (might as well get it in now...)

Re:Well, we will just have to

[Em Emalb]

send more _useful_ emails to offset that.

(With apologies to whomever it was I ripped this off of)

Your post advocates a

( ) technical ( ) legislative (X) market-based (X) vigilante ( ) form-based

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(X) It will stop spam for two weeks and then we'll be stuck with it
(X) Users of email will not put up with it
(X) Microsoft will not put up with it
(X) The police will not put up with it
( ) Requires too much cooperation from spammers
(X) Requires immediate total cooperation from everybody at once
(X) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
(X) The meme is tired and worn out and I'm just as likely to get a -1 troll as a +5 funny.

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
(X) Joe jobs and/or identity theft
(X) Technically illiterate politicians
(X) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
(X) Outlook

and the following philosophical objections may also apply:

(X) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
(X) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
(X) Sending email should be free
(X) Why should we have to trust you and your servers?
( ) Incompatibility with open source or open source licenses
(X) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(X) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(X) Sorry dude, but I don't think it would work.
(X) This is a stupid idea, and you're a stupid person for suggesting it.
(X) Nice try, assh0le! I'm going to find out where you live and burn your house down!

Re:Well, we will just have to

[fredklein]

I've said it before- Email Certification.

Want to run a Certified Email server? Go to your ISP (or other such companies that may arise to offer the service). They check you out (Are you who you say you are? Do you have valid contact information? Etc...), then have you produce a Public/Private key pair. You give them the 'Public' key, and keep the 'Private' one to configure your email server with. Your email server must add an additional header with your Certifier's Certification Server (usually their email server), and a header that is encrypted with your Private key.

An email client that is Certification-compatible will, when it receives an email, look to see if it has those two headers. If not, it will handle it according to the user's wishes. This means NON-Certified email might be deleted, or sent to a different folder, or whatever. Whitelists/blacklists are still possible.

If the email has the headers, the email client will connect to the Certification Server listed in the one header, and download the 'Public' key to attempt to decrypt the other header. If the decrypted header is valid, the client treats the email the way it is configured to, usually by placing it in the Inbox. Again, whitelists and blacklists can still be used.

Here's the most important part: If the user receives Spam that is Certified, they can easily report it to the Certifier (email clients would have a 'Report Certified Spam' button that automatically shoots an email off to the Certifier, for instance). The Certifier can then contact the owner of the Certified Server and notify them of the spam. This gives the server owner a chance to stop the spam, in case the server was hacked or the spam was accidental. If the Server owner does not stop the spam, the Certifier simply pulls the Certification, by removing the 'Public' key on their server. From that moment forward, ALL email the Email server in question sends will be NON-certified (and quite frankly, probably deleted by the recipients).

If the Certifier refuses to do anything about the Spamming Server (because they are 'in on it', friendly to spammers, or just incompetent), then ALL Certifications from that Certifier can be marked as 'bad', either on a client-by-client basis, or thru the use of a Certifier black-list.

-There is no 'Central Authority'- your ISP Certifies you for a modest fee.
-You can still send non-certified email, so hobby mailing lists and the like are not affected- the people who receive the mailing list might just need to whitelist it.
-Legit email will (eventually, almost always) be Certified, so Certified emails can be sent straight to the Inbox. Non-certified email will (eventually, almost always) be spam, so it can be trashed.
-Any spam that is sent from a Certified server will quickly be reported by pissed-off recipients, and quick action will be needed to avoid that Certifier (and ALL the servers it has certified) from being put on a blacklist.
-Spam will dwindle as Spammers either move to 'spam-friendly' Certifiers (which are blacklisted so the spam never gets thru anyway), or will spend huge amounts of money switching ISPs every 2-3 days to get re-certified over and over. Of course, ISPs could take a clue from the Las Vegas Casinos, and keep a 'black book' of known spammers, and check new clients against them before Certifying them.
-This system does not need to be adopted all at once. Certified and non-certified emails can be handled both by email clients that are Certification aware and not.

It may not be perfect, but it'd be a good start.

Re:

[slimjim8094]

Your post advocates a

(x) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the mone

Re:Well, we will just have to

[fredklein]

I HATE this stupid form letter thing. Firstly, it really shows lack of imagination on your part. Second, it's WRONG:

(x) It will stop spam for two weeks and then we'll be stuck with it

'Stuck with it'? What's that supposed to mean? Like we're 'stuck' with SMTP or HTTP?

(x) Users of email will not put up with it

What's to 'put up with'? It's virtually invisible to users, except for the filter option regarding what to do with certified email, and a Big Red Button in their email client to automatically report certified spam.

(x) Requires immediate total cooperation from everybody at once

Simply WRONG. I addressed this in my post:

An email client that is Certification-compatible will, when it receives an email, look to see if it has those two headers. If not, it will handle it according to the user's wishes. This means NON-Certified email might be deleted, or sent to a different folder, or whatever. Whitelists/blacklists are still possible. ...
You can still send non-certified email, so hobby mailing lists and the like are not affected- the people who receive the mailing list might just need to whitelist it. ...
This system does not need to be adopted all at once. Certified and non-certified emails can be handled both by email clients that are Certification aware and not.

(x) Many email users cannot afford to lose business or alienate potential employers

They wouldn't.

(x) Open relays in foreign countries

What about them? If the server is Certified, they'll get reported. If they're not, they'll probably be ignored.

(x) Asshats

?

(x) Huge existing software investment in SMTP

This is still SMTP, just with additional Headers to the email, and an additional protocol to request/retrieve the Key.

(x) Armies of worm riddled broadband-connected Windows boxes

Again, If the server they use is Certified, they'll get reported. This results in the ISP cutting off the "worm riddled" boxes, and forcing the user to clean the box before allowing internet access (or at least email access) again. OR, if the ISP ignores the problem, they get their Certificate pulled. This is a bad thing?

(x) Eternal arms race involved in all filtering approaches

The only way to 'beat' Certification is to Certify yourself (you'll get blacklisted for failign to deal with spam reports), or have a 'spam friendly' ISP Certifiy you. (and then they'll get blacklisted.) Or ISP-hop constantly.

(x) Extreme profitability of spam

It's not profitable if no one replies. No one can reply if they don't see the spam. They can't see the spam if their client trashes it. Their client trashs it if it's not certified. (probably- this is user settable for normal email clients, or server-settable for webmail.)

(x) Extreme stupidity on the part of people who do business with spammers

See above.

(x) Dishonesty on the part of spammers themselves

It doesn't matter if you can't get a ISP to certify you.

(x) Bandwidth costs that are unaffected by client filtering

Not at first. But when they get NO replies, they'll stop spamming.

(x) Outlook

Why is this a problem?

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical

None have ever been tried.

(x) Blacklists suck

Despite my saying 'no one will get the non-certified emails', this is not technically true. Certification is not a blacklist. It is a one of several criteria that can be used to filter email. For instance, a email filter like SpamAssasin looks at many factors to decide if an email is spam ot not. 'is it from a real domain?' 'Does it contain the word 'viagra''? 'is it CC'd to more than a few people?'... and a lot of other criteria. "Is it C

Re:Well, we will just have to

[fredklein]

This model works for large ISP's but creates a problem for all the smaller companies out there running their own email servers. I would object to having to relay all my email through the major providers for good reasons.

You don't have to relay any mail. Just ask you ISP for Certification. They Certify your server, and you can send all the mail you want without relaying a piece.

Personally I feel that a good way to get arid of spam is to have a central authority with a white list. You have to pay a fee to be on the list. It can't be free. Tax the spammers and you put them out of business. You spam you get delisted if proven and you don't fix it. Everything not on the whitelist gets rejected.

That might very well be what happens- Certain certifiers are known to be reliable, and they are added to a whitelist. (A certified list of Certifiers.) Any email server they certify is considered 'good'. Newcomers to the Cerification game would have to have a proven track record (say, one year with no complaints) before they are added.

Problem is with people having figured ways around captcha, public email providers like hotmail and gmail are always going to be a source of some spam.

With Certification, people can report spam with the click of a button. If google/yahoo/hotmail don't figure out how to stop spamer accounts, then they risk getting their certs pulled, and no one will get their user's emails. Thus, their users will leave, and they will go out of business.
OR, they can come up with a better way to stop spammers.
Either way, we win!

Re:

[ocularDeathRay]

no such thing

Re:

[Samschnooks]

send more _useful_ emails to offset that.

Damn straight! I'm having a hard time now and I really need some business opportunities to come my way! I really need something that will allow me to get rich quick.I lost this email from this Nigerian Prince that needed help. I'll be doing someone a favor and all I have to do transfer some money and he said he'd give me a million dollars.

Then, when I make it big, I can get some penis enlarging pills! Then I won't have to buy that Ferrari or Porsche!

Re:

[geminidomino]

No it isn't. It's saying that for every 6 real email messages, there are 94 spam messages. Has nothing to do with percentage of users.

Anyone Still Have Spam?

[Shihar]

Maybe I am a freak, but to quote Davork, I get no spam. Gmail's filter catches pretty much everything. Once on a blue moon one will slip through, but I can tolerate one penis pump add every month or two. It might be true that a lot of spam is passing back and forth across the networks, but from a user point of view, it never makes it to me.

Re:Anyone Still Have Spam?

[Joe the Lesser]

If it's slowing down networks, then it does effect you.

Re:

[MrMista_B]

If the slowdown isn't noticible, it doesn't.

Re:

[izomiac]

A) How do you know it's not noticeable? It's not like you can ask spammers to stop for a moment while you test that.

B) Even if you don't notice the difference, chances are that filtering out all that spam and upgrading pipes are causing your ISP (or theirs) to charge a bit more. In the case of free webmail, that would translate to more ads and less time/money to add non-spam related features.

Re:

[Kell Bengal]

Would you notice if a slowed down network is 'business as usual'? Perhaps we will all be amazed at the speed we get when spam spontaneously evaporates due to some currently unknown magic bullet.

I sincerely hope the magic bullet targets spammer hippocamuses (hippocampii?)

Re:

[rolfwind]

Spam effects me in real life. My fax machine gets an offer nearly everyday. Considering the toner to this combo color scanner/fax/printer is rather expensive, it's downright insulting. I wish I knew how to get rid of these idiots, or at least find a cheap, real life digital service or device where I could log into and view the faxes and retain my existing fax number.

Re:

[Idiomatick]

Whats more impressive is the fact that there is someone on /. still using fax. Also, a cursory google search locates dozens of virtual fax machines e-faxes w/e.

Re:

[rolfwind]

Whats more impressive is the fact that there is someone on /. still using fax.

I don't personally, my company does.

The latest generation has an arrogance that everything already is or should be on the internet, but the vast majority of transactions, while transistioning, is done in real life still and many of our clientele is older, therefore knows the older tech fairly well. They know email, but if they have an existing piece of paper they want to send you, it's far easier for them to reach for the fax mac

Re:

[gnick]

I use fax occasionally. Mainly, it's the only way (other than snail mail) that my Flexible Health Spending submissions are accepted.

Also, we had a vendor that refused to share their API with us until we faxed them a NDA. We explained that we were just going to open the e-mail we sent them, print out the attachment we'd scanned, and then drop it in the fax but they didn't care. No fax, no business.

I'd rather not use fax, but some places are picky. So, the slowest among us set the pace if we're not willin

Re:

[icebraining]

PC + Phoneline Modem (yes, old 56K will do) + Software. I've sent and received PDF's to faxes many times.

Re:

[Greyfox]

It's been a while since I looked into it but I seem to recall that it's pretty easy to set up an asterisk or asterisk@home fax server. Then you can look at the message digitally and decide if you want to print it or not.

Outgoing ones with your old fax machine should be do-able too, you just need to make sure you're using a protocol with a high enough bit rate to handle fax communication (I don't recall which one it is but it's well documented in the sample config file.)

Re:Anyone Still Have Spam?

[rolfwind]

I know it's illegal, by the TCPA from 1991, although the amendments from 2005 turned it into a nightmare (political and prior business association exemptions). It just seems they loophole around or ignore court orders/judgements because they are out of state, out of jurisdiction:
http://www.junkfax.org/_vti_bin/shtml.exe/fax/action/stop.html [junkfax.org]

Like email spammers, they just find ways around every discovered solution. One day, a version 2.0 has to come out and they have to be addressed on a technological level, perhaps protocol. I know that someone probably wants to reply with "Your solution will not work because..." list, but all it requires is critical mass on the part of companies tired of spending money and resources on this crap. Even a legislative solution of no caller id blocking would help tremendously (if you're going to communicate with the person, what's the legitimate use of hiding the number right up to the call/fax?)

Re:Anyone Still Have Spam?

[Paul Slocum]

affect

Re:

[legirons]

Maybe I am a freak, but to quote Davork, I get no spam. Gmail's filter catches pretty much everything.

Yet Google (and all other email systems) are paying for 17x as much bandwidth and infrastructure as they would otherwise need (plus filtering costs)

Re:Anyone Still Have Spam?

[gnick]

Not really. Yes, e-mail systems are paying for way too much bandwidth, but how big a percentage of Google's bandwidth do you think is used handling e-mail? And if you compare e-mail bandwidth to Internet traffic overall, I'd imagine it's pretty trivial (if anyone has actual numbers, I'm curious). Those 50 1kB ads getting filtered out by my ISP are laughable compared to the traffic I generate watching 1 show on Hulu.

It's an unnecessary expense and it's aggravating, but no way is Google paying for 17x as much bandwidth as they need because of e-mail spam.

Re:Anyone Still Have Spam?

[Cube Steak]

That you aren't actually receiving the spam doesn't mean it's not still being sent to your address. The fact that your ISP or Google or anyone else is having to spend a huge amount of resources to combat all this spam is the problem.

Re:Anyone Still Have Spam?

[nine-times]

Also, let's say that your ISP does catch all the spam. What valid emails aren't you getting because of false positives? What valid emails are you sending that the recipients aren't getting because of false positives?

Not getting spam is only half the battle. Getting all valid email is the other half. Winning the war decisively is an additional problem on top of that.

Re:Anyone Still Have Spam?

[nine-times]

I can understand that to some degree, because in reality it is a balancing act, and some people may prefer a different balance. But if I have to go searching through my junk mail all the time to pick out the false positives, then I'm not sure how much better off I am than just sorting through a spam-filled inbox.

The main benefit to avoiding false negatives that I can think of is the notification of new email. I have a smart phone that buzzes every time an email goes into my inbox. If I weren't filtering spam, it would buzz constantly. So in that sense, it's better to deal with false negatives, since I can always sort through my junk when I get back to my computer. But otherwise, I don't really see much benefit.

Re:

[cswiger]

I don't have a gmail account, but the people I know who do seem to agree with you; also, to their credit, Google is quite proactive about dealing with spamming involving gmail accounts as a destination.

Anyway, if you ever administer mail systems for various companies (lets say you are a sysadmin consultant: filesharing, email, and web access are the big three of network oriented stuff -- order may vary), you'll have to deal with spam to some extent, just to have samples of spam to train stuff with, and any

Re:Anyone Still Have Spam?

[chromatic]

I get no spam.

I've never had malaria. What's the fuss?

Re:

[Randle_Revar]

You might get it from Bill Gates' mosquitoes

Re:

[oldhack]

I get no spam.

I've never had malaria. What's the fuss?

Hello, Einstein. Malaria is a pesky disease, spam is a yummy meat-like substance. See the difference?

Does your ISP let through spam?

[Macka]

I'm with you in that I hardly ever see a single spam email these days. There was a time when the Junk folder in my Mail app held a pretty consistent ~3000 spam emails. Today it just has 2 !

It's tempting to wonder why the spammers even bother anymore, except we know that they only do it because enough people respond to generate plenty of profit for them all.

So the only conclusion we can draw from this is that not all Mail services are created equal. Google is the king in my book, but there must be othe

Re:

[GMFTatsujin]

Who are the .0001% of the people who respond, therefore making spam economically viable?

*They're* the ones who need to be named and shamed.

Re:

[mea37]

Others have covered the "big picture" reasons why filtering isn't a perfect answer; but even ignoring that, and conceding that filtering improves the user experience (relative to receiving 94% spam), I would still say that filtering for spam also creates a significant problem with my user experience (relative to not having a spam problem to start with).

Why? Well, I agree that false negatives are relatively rare -- though for me that still means one every couple days, and it seems to be increasing. And rar

Re:

[nurb432]

Because of spam they have to filter ( $ ) because of the spam they have to filter it wastes bandwidth ( $ ) and storage and server resources to push it around.

Ya, it effects you, just not directly.

Re:

[Haoie]

Lucky you.

I seem to get spam in, hmm, waves. Every once in a while a large number slip through, then for a while, nothing. Odd?

Re:

[Idiomatick]

There will be 100 responses to your post saying but Google gets spam and has to filter it. I say, SO WHAT? Companies that can filter incoming spam will also kill in its tracks outgoing spam. Once this becomes the industry standard then spam will die. Sure you could find some ISP on africa that doesn't give a shit but so what? If your spam reaches nobody or atleast reaches no one in north america there is no longer a point to spamming. Maybe 1/10000 spam mails get through (based on my gmail experience) and t

Re:

[Pontiac]

Yeah.. Nice to see you are happy while we are back here on the server side trying to deal with the crushing load of spam..

At my last job we were running 8 anti spam appliances to handle the inbound load.. We averaged 30-40 million inbound messages a week.. passed about 600,000 as legitimate mail for 30,000 mailboxes.. It's insane that we could only keep 2 days logs on the appliance due to turnover.

To put it another way.. for every 67 messages in only 1 was not spam.

Re:

[Tony Hoyle]

That depends. Did you give them permission? If it's unsolicited it's spam. I always check the 'do not email me' boxes when I order and if they email me regardless they get reported as spam.

More data please

[mdmkolbe]

The article seems to be counting whole e-mails, but what about bytes? And what percent of global IP traffic is E-mail? I'm just wanting to get a feel for how much spam is clogging the backbones and not just how much it is clogging the mailservers.

Re:

[nurb432]

While i cant give you exact, my personal mostly obscure domain sees over 100 mb a month in email traffic. So a low estimate is 95 mb a month, for me. 3000 a day of garbage is not uncommon ( mostly the 'return receipts' of spoofed addresses )

At the office we were up to 10000 messages a SECOND of incoming spam at one point last year, on a rather public domain.

Mail servers

[linuxci]

I'm personally glad I don't have to run my own mail server anymore. Having to fight the constant battle against spam can seem like an uphill battle. I'm happy enough with Google Apps, very little spam gets through the filters and it's very rare to get a false positive.

Despite the fact that my mail email address is not published online anywhere and I'm very careful who I give it to (I use different addresses for completing forms online) the amount of spam that Google filters out is still amazing.

There must be a lot of stupid people out there that respond to this stuff, it wouldn't exist if it wasn't profitable.

Re:

[Razalhague]

You don't need a lot of people. Spamming is cheap. You only need one reply from a shitload of spams and it'll still be profitable.

Re:

[JCSoRocks]

Where were you for the story about the woman that sent thousands and thousands of dollars to those people running the Nigerian spam scam? One really stupid person with a lot of money makes spam worthwhile. It's practically free for them to send that garbage out and it only takes a handful of responses to make a living off of it.

Re:

[Samschnooks]

I also think it's the folks who sell the spamming software and whatnot. They sell this "Get Rich Quick with Mass Email Marketing" to folks who plunk down their life savings and they start doing the actual spam. I compare it to selling pans and picks to mine gold to someone in NY City.

Re:Mail servers

[binaryspiral]

Sad thing is, our users have grown accoustom to the hard work we do to prevent spam that when they get a single spam message in their inbox, they pick up the phone and call the help desk, who then create a ticket and forward it to me so that I can "check the spam filter to make sure its working".

Seriously? Fuck you... press the delete button and get on with your life. How about I just create a catchall and forward it to your inbox - then you can see all the crap we're blocking first hand.

Re:

[Tony Hoyle]

Same here.. I gave up hosting my own email & went to google apps because of the amount of bandwidth spam was using. I've managed to halve my monthly download limit (and saved a bundle of cash) since doing that.

does not need to be

[Lord Ender]

Where I work, we use the IronPort spam filter, and I almost never (once per month?) see spam.

Of course, I don't know if any legit mail is getting filtered, and our spam filter may become worthless if it becomes mainstream (spammers will refine their code against it). Spam filtration is an arms race, but you can buy yourself a seat on the lead arm if you have the money :-)

filters will never win...

[damn_registrars]

Spam filtration is an arms race

That part I agree with.

However, I still say that spam filters will never solve the problem. Spammers will just keep finding new ways around them, and all the while we will continue having to pay the costs of transporting and filtering the junk email (in terms of bandwidth and cpu costs, in particular).

The only way to stop spam is to remove the reason why it exists in the first place:

• Profit

If spammers can't make money off of sending out spam, they won't send it out to begin with.

Re:

[davecb]

In theory, companies who call people on the do-not-call registry are subject to fines and lawsuits, as are the call centers they hire to do the work.

In practice, there are leaks: one company in the U.S. got away with calling Canadians for a while before they were stopped.

If we had the will to apply the same rules to email as to voice, and the same willingness to work with foreign police forces, we could take the profit margin away from the spammers.

--dave

Re:

[damn_registrars]

willingness to work with foreign police forces

Is where that plan falls apart. Considering how many countries are involved in one average spam email -

• the country where the mail relay is
• the country where the spamvertised business claims to be
• the country where the spamvertised business is hosted
• the country where the spamvertised business actually operates
• the country where the spam is received

That could potentially be five different countries. And of course spoofing most or all of that is often pretty trivial.

Re:

[Phroggy]

Spam filtration is an arms race

That part I agree with.

However, I still say that spam filters will never solve the problem. Spammers will just keep finding new ways around them, and all the while we will continue having to pay the costs of transporting and filtering the junk email (in terms of bandwidth and cpu costs, in particular).

The only way to stop spam is to remove the reason why it exists in the first place:

• Profit

If spammers can't make money off of sending out spam, they won't send it out to begin with.

You're correct, of course, but removing the profit is not a simple proposition.

Technical solutions for making spam more expensive to send haven't worked, and they never will. Congress managed to define spam well enough that all current spam is clearly illegal while legitimate e-mail is OK (if you jump through the required hoops), but there's no enforcement at all, and of course US law doesn't apply overseas.

It's not just a matter of convincing people not to buy products that are advertised in spam; the vas

Re:

[jaxtherat]

The only way to kill the profit for spammers is to kill all the idiots out there.

And that would be logistically difficult.

Re:

[binaryspiral]

IIRC Iron Port uses multiple vendors for their spam and virus identification/scoring process.

It's an interesting appliance that I really wanted to get - but the cost was killer.

Arms race is right - who goes broke first, loses.

There is a worse spam mail problem

[microbee]

When can we filter out all the paper junk mails stuffed in my real mailbox?

Re:There is a worse spam mail problem

[Dan667]

You can go to your post office and request a form to have spam snail mail stopped. There was a story several years ago about a postal working got fired for telling people about the form. I would have given him a raise.

Re:

[Dan667]

stupid english. Should be postal worker who got ...

Re:

[Dan667]

You don't google much do you. Try it and sign up for things like the Direct Marketing Association opt out, etc. Then try to be happy, it is not all bad out there.

Re:

[Phroggy]

When can we filter out all the paper junk mails stuffed in my real mailbox?

When you're ready to shut down the US Postal Service, which would cease to be a financially viable enterprise if junk mail were eliminated.

Raise your hand if you're surprised by this...

[damn_registrars]

...so I can come and smack you upside the head.

Obviously, shutting down an ISP would have a negligible long-term effect on spam. Intelligent people realize that the people behind spam are themselves intelligent (at least intelligent enough to almost never get caught). Obviously they have contingency plans. If you shut down one mail relay they go to another. If you shut down one ISP they go to another. If you shut down one web hosting company they go to another.

If you shut down their favorite registrar they go find another.

Anyone who thought that shutting down one ISP would have any meaningful, long-term effect on the spam problem needs to read up on how spam works, and why it exists. In short, spam works because it is profitable. Spammers don't sent out spam just because it annoys people, they send it out because they make money off the products that they push through spam. Hence they will find new ways to push out spam, as long as they can still make money.

Re:Raise your hand if you're surprised by this...

[Phroggy]

In short, spam works because it is profitable. Spammers don't sent out spam just because it annoys people, they send it out because they make money off the products that they push through spam.

While this is partly true, it's definitely not the only way spammers make money. Spammers also make money by 1) selling their services to businesses who want to sell products, collecting their fee in advance regardless of any products sold; 2) running penny stock pump&dump schemes; 3) Nigerian 419 scams; 4) Phishing; 5) selling mailing lists to other spammers; 6) other creative ideas I haven't thought of.

Re:

[damn_registrars]

McColo was like the big queen alien, in that it was a central control center and reproductive source for new waves of spam

I disagree with your analysis. McColo controlled some spam, but by no stretch of the imagination was it a significant portion of all spam. Indeed, the decentralization of spam is part of what makes it so strong; you can't just kill one operation and watch the rest die.

but it was well worth doing, regardless

Maybe. You can't study criminal activity in a vacuum. We know that spam loads are back to around where they were before it was taken down. The question we cannot answer is where would it be if we had left it alone? Would we be facing m

hey nntp, smtp here

[circletimessquare]

could you scoot over in that coffin there? thanks

time to shuffle off this mortal cat cable

Re:

[MichaelSmith]

As long as we have communication we will have spam. Seriously, if facebook was our only way to send messages then spammers would use facebook.

wrong

[circletimessquare]

the point with nntp and smtp in the same thought is that both protocols were designed in a kindler gentler time, in which spam, literally, did not exist yet

absolutely will spammers always do their thing. any system designed by a man, can be broken by a man. but there is a difference between breaking into fort knox, and strolling into the local 7-11. smtp was not designed without any security, really, whatsoever. any protocol designed with security in mind, meanwhile, will still get spam, but no where near t

his point:

[circletimessquare]

nothing will stop spam

my point:

i agree. but it means something if the protocol makes spamming harder. there will be a lot less

Re:

[MichaelSmith]

if the protocol makes spamming harder. there will be a lot less

Web forum security is entirely broken for bots now. Spam is under control on /. because we have many eyes to attack the problem. With point to point communication you don't have this advantage.

got it

[circletimessquare]

its better to leave the door wide open and stand there with a gun, than it is to just a put a damn lock on the door and go about your business

you are telling me what we have now is superior... because we have "many eyes" (meaning: we have to work our asses off to maintain a baseline of civility)

hey: howabout the protocol provide some barrier of entry, so you don't have to work so hard? how's that wacky idea strike you?

Re:

[SteveFoerster]

I work for a university, and for many of my students, Facebook is the only way to send messages, unless you count text messaging.

Re:

[Phroggy]

could you scoot over in that coffin there? thanks

time to shuffle off this mortal cat cable

It's not time yet. Businesses still rely on SMTP, although many individuals have abandoned it for social networking sites like MySpace and Facebook, and as the next generation takes over the business world, I think we can expect to see companies stop using e-mail for communication. Give it another decade, though.

Thank you Google and Yahoo!

[scorp1us]

Google and Yahoo have inadvertently created a goldmine of email addresses. While I get a lot of spam from various domains, it is these two sites that I have a problem with. See, they use domain keys, which elevates the message above spam filters (or at least helps to). So spammers have cracked the google chacpta (sp?). There is no easy way to report these addresses for abuse. The providers need to somehow only allow domain keys on VERIFIED accounts, or have multi-level domain keys.

I think that a craigs-list moderation style of X spam reports and you're cut off is the way to go. Of course, these reports should only be counted from existing VERIFIED accounts, with the reporting mechanism built into the interface.

Re:Thank you Google and Yahoo!

[piojo]

I think that a craigs-list moderation style of X spam reports and you're cut off is the way to go. Of course, these reports should only be counted from existing VERIFIED accounts, with the reporting mechanism built into the interface.

That currently gets abused. I have heard that anybody trying to sell an animal, for example, gets flagged as abuse by PETA assholes. Could the same happen to mailing lists? If one wants to sink a mailing list, they subscribe to it with all their e-mail addresses, and tell each e-mail provider that it is spam...

Re:

[Anonymous Coward]

Selling animals on Craigslist is against their terms of service.

I dont get much SPAM

[jonwil]

Lately I have found I dont get much SPAM passing through my filters even though I have specifically turned OFF the SPAM filters my ISP provides (to avoid the chance of any false positives)

A modest proposal

[hwyhobo]

How many still buy the romantic idea that all life is precious? If you're over 30, you've probably cured yourself already of that illusion. If we (a number of nations) just started acting rationally and removed major sources of the disease (let's say execute just 50 top megaspammers), and demonstrate willingness to continue the treatment, I will bet you the amount of spam worldwide would plummet.

Spam is no surprise to anyone anymore. We have to start taking responsibility for our lack of determination to so

Not *ALL* of us...

[geminidomino]

"This is sad news for us all." -- Adam Swidler, of Postini Services

Isn't Postini Services a service that makes money by being an "outsourced" spam filter?

Not a sad day for them...

I get less than 2% - don't even need filters

[petes_PoV]

A combination of being careful who I give an email address to and the widespread use of disposable addresses means I hardly ever get to see any SPAM, at all.

I run my own domain and have about 130 email addresses. Usually I just create a new one for new uses (different hobbies, different interests). Every website that asks for an address gets a disposable one, rather than a "proper" address. The consequence of these small and quick precautions means that last week I saw 8 SPAM emails, from a total of all the personal email, forums and *wanted* stuff of over 600 emails. Occasionally I find a trusted address gets an unexpected and unwelcome flurry of emails - it then gets deleted and a new one set up. Friends and family addresses are sacrosanct.

I simply don't understand how or why people only ever have 1 email address and give it out unconditionally to anyone who asks for it. How can people live like that?

What about fighting back?

[Crookdotter]

What about short term pain for long term gain?

When someone as massive as google gets a confirmed spam address, simply respond back with many replies that are as good as genuine replies. Spam them with a few thousand and finding one becomes too difficult, therefore the business model falls away.

I know this is increasing spam short term, but remove the business model and it should stop long term. If other sites (yahoo etc) pick up a similar system for a coordinated effort can't spam be stopped?

Re:The enigma is..

[eleuthero]

As near as I can figure, every email address with my actual name in it has gotten about 500 spam / month after just a few weeks of existence--usually it goes to the spam folder and is not really noticed. Since they took down the spam server, I have noticed an increase in spam in my inbox... spam I notice has become a problem.

Every email address that is not an actual word doesn't seem to have any problem with spam for a number of years until I inadvertently have myself logged in when visiting one of those cookie catcher sites... generally with lots of chinese letters and related to a recently released mainstream movie... stopped doing that when I realized if I started being patient I could just get it at redbox.

Re:

[whoever57]

As near as I can figure, every email address with my actual name in it has gotten about 500 spam / month after just a few weeks of existence

I have a domain name that I registered in the "EU" TLD. I was the first registrant of this domain name, and I use it very infrequently, yet it gets emails to the most unlikely addresses -- adresses that I can say without a shadow of doubt have never been used. These addresses are not words or names, so it is not a dictionary attack -- in fact, I see emails to the same

Re:

[michaelhood]

until I inadvertently have myself logged in when visiting one of those cookie catcher sites

I do not think the web works the way you think it works.

Re:

[orclevegam]

I think where you have your e-mail address at is a big factor as well. My primary e-mail is associated with my CPAN account and a few mailing lists and it seems like that's the primary source of all my spam (somewhere between 100 and 1000 a day, it varies). Of course even e-mail accounts that are brand new get the odd spam from time to time. I recently started a new project and received an e-mail account on a network belonging to a military installation and within 2 months I've already received 4 spam e-mai

Re:The enigma is..

[urbanheretic]

Just because your ISP is filtering the email sent to your inbox, doesn't mean that it's not been sent. Spam messages are congesting the ISP -> ISP links, and that hurts the companies delivering the email services.

Re:

[Anonymous Coward]

They send it to the spam filter programs. Have you ever seen how small penises they have?

Re:

[cashman73]

I use Gmail [google.com] and barely see any spam myself. The spam filter is top notch (although occasionally it catches a few legitimate messages, too). I wish spammers would realize that 99.999997% of the messages they send aren't even seen by anyone,... but sadly, based on the law of averages, it's that 0.000003% of messages that are seen and responded to that make it worthwhile for them to send their crap.

Re:

[Randle_Revar]

>although occasionally it catches a few legitimate messages, too

really? I have seen only half a dozen to a dozen false positives in years of use, usually mailing list messages or automated account confirmations.

Re:

[Matt Perry]

I have barely seen any in the last 3 or 4 years.

I haven't seen any in the last few years. Then again, I stopped using email several years ago.

Re:

[Randle_Revar]

my gmail is down to a bit under 900 a month now. Its peak was back late last summer, with more like 1400/month.

although I did recently see a small outbreak of a few dozen spams (mostly "you won the British lottery") that actually made it to my inbox.

Re:

[mea37]

1) Those services are not suitable for some types of communication.

2) All of those media are susceptible to spam. As soon as email spam becomes less profitable (e.g. if email were to disappear off the face of the Earth), this will become evident. Even today I get SMS spam.

There is no spam free medium that works for every

[iYk6]

Every popular communications medium since history began has been infiltrated by spam. From solicitors on public walkways, to signs on utility poles, to pirates broadcasting radio from boats, to junk mail, to telemarketers, to e-mail spam. As far as I know, nobody has ever come up with a communications medium which offers all of the following:
1* reliable
2* anybody can contact
3* no spam

Every solution so far is a compromise. By having a private e-mail address (or private social networking page) you can elimina

Re:

[Chabil Ha']

In other news, 94% of Slashdot comments are spam or spam-equivalent.

Oh wait.

Re:

[DJRumpy]

I agree. I get zero spam and have been that way for years. I have a throw away account that I never use (hotmail), and my primary. I actually do give out my primary depending on what I'm signing up for but I actually do read the privacy policies and research the site.

I also have to assume that my primary e-mail accounts do their own filtering. Spam for me has been a non-issue for 3-4 years.

Re:Who is John Galt?

[fuzzyfuzzyfungus]

"There are two novels that can change a bookish fourteen-year oldâ(TM)s life: âoeThe Lord of the Ringsâ and âoeAtlas Shrugged.â One is a childish fantasy that often engenders a lifelong obsession with its unbelievable heroes, leading to an emotionally stunted, socially crippled adulthood, unable to deal with the real world. The other, of course, involves orcs."

Re:

[fuzzyfuzzyfungus]

I believe the term is "randroid".

still in middle/high school?

[story645]

Put the Ayn Rand fanboyism to some good use and try to earn some cash:
Ayn Rand Institute Essay Contests [aynrand.org]

Re:

[Slashcrap]

Put the Ayn Rand fanboyism to some good use and try to earn some cash:
Ayn Rand Institute Essay Contests

Or better still, hang yourself before you grow up to be a libertarian. Preferably with your own bootstraps.