Spamming Becoming Financially Infeasible 212
itwbennett writes "Making money in spam isn't as easy as it used to be. 'It's not something financially feasible for anyone to even consider,' said Robert Soloway, who in his heyday made $20,000/day as a spammer. 'Spam — the Internet's original sin — dropped for the first time ever at the end of 2010,' writes IDG News Service's Robert McMillan. 'In September, Cisco System's IronPort group was tracking 300 billion spam messages per day. By April, the volume had shrunk to 34 billion per day, a remarkable decline.' Soloway says spam filters have become too good."
I don’t buy it (Score:5, Insightful)
It may have hit a slump, but it’ll be back.
People en-masse haven’t gotten any smarter. There are still enough people who will fall for scams and do business with the kind of people who advertise via spam. Some good tech is currently making an effective barrier between the idiots and the spammers, but the idiots are still there, so the profitability is still there. Give the bad guys a little time. They’ll come up with new ways of getting around our current filters.
Of course the other theory is that spam has become “less interesting” in light of other new and exciting ways of screwing with people. Once those dry up though, I think the guys with the suits will fall back on classic reliable spam to make their money.
Re: (Score:2)
You're right, spam will come back once other avenues of attack are no longer of viable. There are still several ways I can think of that spam can easily get past the filters (I was inspired by the company I work for - they miss some spam that is very questionably border line legit). As long as the spammers don't know think of those things we're good! Spam filters have come a long way!
Re: (Score:3)
People with unreliable ISP-provided email (Score:2)
Hell, if you simply block unauthenticated SMTP access to all broadband IPs, you can cut out the majority of SPAM.
Say somebody is behind an ISP that fails to provide its own reliable SMTP server to its home subscribers. He can't run his own mail server because it'd be confused with a spam zombie. Nor can he switch to a different ISP without either moving or lowering his monthly transfer cap by a factor of ten. Which mail server do you recommend for this person?
Re: (Score:2)
Re: (Score:2)
Well, there are a few options.
The one I go with is that my ISP's SMTP servers are sufficient, so my postfix is configured to route all outbound mail to there. However, I've given some consideration to other options. My top one at the moment is to open up an ssh tunnel to a web host provider, and pump my email through their SMTP server. Why not directly? Because my ISP has outbound SMTP blocked, and I suspect that even if that weren't the case, the confusion with a spam zombie would still arise as your e
Do ISPs actually block 587 out? (Score:2)
My top one at the moment is to open up an ssh tunnel to a web host provider, and pump my email through their SMTP server. Why not directly? Because my ISP has outbound SMTP blocked
I know several ISPs block outbound TCP connections on port 25 (SMTP server-to-server communication) outbound, but I've never heard of a notable case of an ISP blocking connections on 587 (SMTP authenticated message submission).
Re: (Score:2)
It's my case, I'm blocked by Spamhaus' PBL [spamhaus.org].
Re: (Score:2)
Re: (Score:2)
Say somebody is behind an ISP that fails to provide its own reliable SMTP server to its home subscribers. He can't run his own mail server because it'd be confused with a spam zombie. Nor can he switch to a different ISP without either moving or lowering his monthly transfer cap by a factor of ten. Which mail server do you recommend for this person?
Such an ISP may not provide a static IP address and if they do may not allow the name associated with it via rDNS to be set, so some mail hosts will reject mail from sources hooked up to that ISP anyway (because the PTR record makes the address look dynamic as the name will likely be something like 123.123.123.123.someisp.tld where 123.123.123.123 is the same as the address, or there may be no name set at all). While such a rule is usually not given a high weighting in rule+weight based spam scanning, it is
Re: (Score:2)
Of course the other theory is that spam has become “less interesting” in light of other new and exciting ways of screwing with people. Once those dry up though, I think the guys with the suits will fall back on classic reliable spam to make their money.
Like most get-rich-quick industries, this just means its become more profitable to get out of the game and sell people kits to spam their way to fabulous over-night wealth. Not that its anything new in itself; that scam [google.com] has been going on almost as long as spam itself.
Re:I don’t buy it (Score:4, Insightful)
it's humorous, but it's just a market change.
social engineering, and pfishing are probably a whole lot more "financially feasible", much more results for less effort.
I mean would profits from info gleaned via a SQL injection be really considered a "hack" these days if it was a script kiddie?
Re: (Score:2)
My thoughts exactly. Why bother with the iffy strategy of getting people to buy your crap when you can steal their credit card and just steal their money directly?
Re: (Score:2)
Pretty easy to go from CC -> untrackable currencies in a variety of forms. So not really.
!legit (Score:2)
Nothing a spammer sells is legit.
Re: (Score:3)
Except it isn't zero. Time is money. If a spammer spends time setting up an email scam, and makes a pittance out of it, then it isn't worth it for them.
Of course, not all spammers are created equal. Some will get more out of an hour of work than others. But most spammers aren't very good at what they do; if they had the skills to make it they'd be doing something less degrading. It may well be the unskilled ones have a choice between sending out spam emails or working in a sweatshop, and spam is the le
Re: (Score:3)
The people using the internet might be just as dumb, but who said the majority of the spam is getting through to these people anymore?
You have to keep in mind that the bright people who've made most of today's everyday technology possible (to those who don't appreciate this point, maybe teach yourself general relativity prior the next time you poke your TomTom) are also writing spam filters on the server side too nowadays (with great financial incentive for the providers via reduced overhead), not just the
Re: (Score:2)
There are still enough people who will fall for scams and do business with the kind of people who advertise via spam.
You don't even need that, really. You just need people with something to sell. You're right, though, that'll always be the case.
Re: (Score:2)
People en-masse haven’t gotten any smarter.
No, but filters have. If people don't get the spam, they can't fall for it.
but the idiots are still there, so the profitability is still there. Give the bad guys a little time. They’ll come up with new ways of getting around our current filters.
Well, they haven't so far. Unlike other areas like viruses and trojans, spam filters have pretty consistently stayed one step ahead of spammers once people took spam filtering seriously.. I remember maybe 4 years ago there were a couple months where spammers figured out how to embed their messages in images in such a way as to pass filters, but that was fixed and since then filters have been so good that I haven't seen a single spam
Re: (Score:2)
Smarter as in intelligence, no. But people are more Internet-savvy than they used to be. And young people meet the spam barrage before they have a life savings to give to a Nigerian prince. Just like people have gotten quite used to the horseless carriages (read: cars), even though I doubt our IQ is that different from 100 years ago.
Re:I don’t buy it (Score:4, Insightful)
People en-masse haven’t gotten any smarter.
People haven't gotten any smarter, but technology has.
Outlook has junk mail filtering built-in. Gmail has spam filtering built-in. Pretty much every mail server out there has some kind of spam filtering available. Pretty much every endpoint protection package has a spam filter. There are tons of different filtering systems available for purchase.
Relatively little spam actually makes it through to the user's inbox anymore. So there's less for the stupid/gullible folks to click on.
Give the bad guys a little time. They’ll come up with new ways of getting around our current filters.
Well, of course they will... But the good guys are going to keep developing new filters, too.
Of course the other theory is that spam has become “less interesting” in light of other new and exciting ways of screwing with people. Once those dry up though, I think the guys with the suits will fall back on classic reliable spam to make their money.
Spammers go wherever the market is. Right now the market is on the social networks. More people are communicating more often on things like Facebook than through simple SMTP. So there's less profit to be had in spamming SMTP servers.
Sure, if SMTP suddenly becomes crazy-popular again you'll see the spammers head back in that direction... But all our existing filters will still be there to curtail that crap.
the profitability is still there.
I don't know about that...
Sure, it's probably pretty cheap to send out a few thousand emails... But how many of those actually make it in front of somebody's eyes? And how many of those actually get read? And how many of those are actually clicked-on?
The real money these days is in malware. Dropping bots on computers and grabbing their credentials for various websites... Or sending out some kind of fake antivirus scanner that scares people into paying $50 to clean up the fake infection... Or using those bots to hack some big, important website...
I really don't know that there's all that much profit to be made in sending out spam these days.
legislation (Score:2)
Yeah, they'll just buy off legislators to make effective spam prevention illegal.
Re: (Score:2)
Re:I don’t buy it (Score:4, Insightful)
Re: (Score:2)
One of the benefits about FB is that everyone is on your white list. I'd still rather get email than FB email so I can keep them for future reference.
Re: (Score:3)
The money is in selling the shovels - or in this case, the tools, email lists, etc. by which the suckers attempt to 'hit it big'.
Re: (Score:2)
"if you don't think what we think and hate those brownskinned people then Yer Not A Real Amurrikkan!"
I would love to have someone say that to me in person. I wonder what their response would be when informed that brownskinned Mexicans are from America.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
And considering he said he would want any muslim person in his administration, and only muslims, to take a loyalty oath, that says all you need to know about him and the Tea Party.
For reference [theatlantic.com]
Of course he retracted his statement, two months later, but he said what he said so obviously he means it.
Re: (Score:3)
On the other hand, it is easy to argue that a person that supports the party of segregation, Jim Crow laws and the KKK is a racist.
Re: (Score:2)
The new "Spam" is adding people to every fucking mailing list they can buy, and scraping for email addresses everywhere.
Microsoft is a huge offender in this regard, and unlike most of the other legitimate spammers, they make it impossible to delist (have to sign up for a live account, adjust spam settings, and they still ignore them).
spamming out screeds about how "if you don't think what we think and hate those brownskinned people then Yer Not A Real Amurrikkan!"
A) possibly watch what lists you sign up for
and B) you just went from "insightful" to "deranged ranting". Ive never heard anyone on any side of the spectrum say anything resembling that. I've certainly heard attacks on irresponsible spending from the "tea party", but if you want to conflate th
Re: (Score:2)
If you signed up for Chrome OS, even Google did this with a set of services under the Gilt Group umbrella. It took a threat to file with my attorney general before they'd delete my information. I got all kinds of kickback on how they couldn't delete my information, but they'd disable it. Of course, they shared it with everyone in their "network" which was actually what prompted me to pursue getting it actually deleted. Took about five emails over the span of two weeks to get someone to admit that they c
Re: (Score:2)
spamming out screeds about how "if you don't think what we think and hate those brownskinned people then Yer Not A Real Amurrikkan!"
A) possibly watch what lists you sign up for
Or are signed up for.
At least one of my mail accounts got put on a number of (legitimate) political/religious mailing lists by a well meaning idiot. This particular idiot was not notified when I switched email services; for all I know my old account name might still be getting it.
It wasn't "spam" - the messages weren't commercial, what they were selling was ideology. It was, as far as the groups sending it out knew, solicited. I got one very nice email back from the admin of one such list after I request
Re: (Score:2)
Just wanted to add-- theres some kind of irony in accusing others of racism while simultaneously ridiculing them for the way they speak (presumably based on their geographic background).
Re: (Score:2)
It's a shame that people feel they need to propagate this type of ignorant rhetoric.
This has been the strategy for a while (Score:5, Interesting)
People have been working on increasing the cost and decreasing the reward from spamming for some time now. From discouraging people from buying from spam messages to grey listing, to shutting down botnets, all of that has been largely for the purposes of making it less attractive to spam.
I'm just a bit surprised that it's starting to have an effect, it's hard to compete with basically free server capacity and bandwidth.
Re: (Score:2)
Re: (Score:2)
I'm just a bit surprised that it's starting to have an effect, it's hard to compete with basically free server capacity and bandwidth.
It still takes resources to secure those resources. Botnets are not free. Lists are not free. Spammer time is not free.
I'm surprised it has taken this long. There's no reason why the average person should even be getting spam in their inbox at all. If you're still getting spam, you need a new email provider. My gmail address is published all over the goddamn place, including usenet of all places, and I haven't seen spam in months. Even if the cost of sending me spam is next to nothing, it is still wasted.
Re: (Score:2)
Re: (Score:2)
The first line of defense in Gmail is some kind of filtering of the server sending the spam. We used to run email through another server first, then route it to Gmail. When we stopped doing that and just let it go straight through to Gmail, the number of spam messages fell an order of magnitude.
Still, I don't trust the Gmail filter. I still sometimes find legit messages labeled spam. But it's so good at the server filtering that I only have to skim through a pageful of spam per day, so it's not bad.
Of course its financially feasible. (Score:3)
Re: (Score:3)
Not if the profits are negative. The thing is, spammers are already operating on a really thin profit margin; so even a small rise in the cost of spamming could have a devastating effect.
Re: (Score:2)
No kidding. Could have fooled me about the decrease in SPAM.
I run my own MTA for my vanity domain. I check spam twice, once before accept to reject outright SPAM and once after accept to take into account user preferences. My aggressive ACL checks against forged and black addresses, I have an up to date spamassassin and custom rules, and use greylisting services and such. SPAM to my mailboxes has not declined by the massive amount Cisco is reporting. It has gown decreased slightly, about 7% since Janua
Re: (Score:2)
I suggest you save yourself the hassle and just host your mail domain with Google. It is free and they have excellent filters and support IMAP. While it is neat to tinker with filters and see the tactics first hand, it s really not worth your time.
That $20 a day is a very good job in China. That's $7k a year (spam is a 24/7 business after all) compared to the $3k you'd get working in Foxconn [telegraph.co.uk], for example.
Even $20 is pretty optimistic. You're certainly not going to make that as a casual spammer.
Re: (Score:2)
"Pi ckOutYo urPr ef er enceTa bl etsEs sen ti alsWe bsto re" (Pick Out Your Preference Tablets Essentials Webstore)
Here's the thing, I don't even initially understand what they're trying to sell with that message. It takes a few seconds of thought to parse the words, but before that time my internal mental gibberish recognition filter has kicked in, and my brain is already saying "gibberish == spam, hit delete".
I suppose if someone is desperate to figure out every word that's emailed to them, they'd spend the time, but what kind of person responds?
Re: (Score:2)
Here's the thing, I don't even initially understand what they're trying to sell with that message. It takes a few seconds of thought to parse the words, but before that time my internal mental gibberish recognition filter has kicked in, and my brain is already saying "gibberish == spam, hit delete".
I suppose if someone is desperate to figure out every word that's emailed to them, they'd spend the time, but what kind of person responds?
I heard a rumour some time ago - don't know how true it is - that they aren't selling anything. The whole thing is essentially a big scam, which works like this:
Re: (Score:2)
Re: (Score:2)
Good news, but... (Score:2)
Re: (Score:2)
I'm still surprised at all the scam commercials I see on tv, and am amazed they are still around, and haven't been persecuted (i.e. MyCleanPc which has been running for over a year now at least).
Re: (Score:3)
Works surprisingly well.
Re: (Score:2)
That is totally possible. For example, I will outright reject mail that is 99.9999% guaranteed spam (10 times the "spam score" threshold) before even attempting to deliver it to my user's mailbox. It doesn't save on bandwidth or anything, but it cuts down on SPAM by close to 60%.
Most mail admins aren't going to do that by default however, because there is that one in a million chance it isn't SPAM.
The war is still ongoing, and I don't care what the "Spam King" says. Spammers from the 3rd world are perfe
Re: (Score:2)
At this point, the junk is subsidizing the bills. You don't like the bills, but you need to get them.
Unlike spam, the cost of sending a piece of mail is very high, and the Post Office is always broke. As long as they're going out, though, carrying the extra junk mail is a small marginal cost, and their willingness to carry the junk means that the price of stamps remains relatively low. (It astonishes me that you can send a letter thousands of miles in a day or two for less than half a buck.)
The "Resident
Re: (Score:2)
And have exemptions for the types of calls that make up the majority of your junk call volume anyways.
Re: (Score:2)
Re: (Score:3, Interesting)
I've heard that 'spam' subsidizes the entire USPS. Without the revenue generated by 3rd class bulk rate, first class postage would probably be about $2 USD per letter (allegedly.) Thus spam keeps your letter carriers coming around every day, except Sundays.
Of course, that was several years ago. I've also heard that email has decimated the first class postage business, so the proportional subsidy is now probably much higher than that.
Re: (Score:2)
Easier Ways (Score:5, Insightful)
It's not that they've gone legit. It's that there are easier ways to scam people out of their money for higher profit returns, such as spear-phishing.
SPAM filters too good? (Score:3, Informative)
Re: (Score:2)
Tell your friends to stop talking about your penis and talking in MiX3d c4SE l33t 5p34k.
Or get a new spam filter? I may have one false positive a month on my GMail account.
Re: (Score:2)
Half my email ends up in a SPAM bucket.
What kind of e-mail service do you use? Or what kind of e-mails do you get?
I'm using Gmail, and maybe 2 or 3 spam emails per month get through to the inbox (of around 1000 spam emails per month in the spam folder). On top of that maybe 1 or 2 legit e-mails are classified as spam per month. With one exception from two years ago (flight confirmation e-mails), none of these false positives are critical; they are usually just advertising from companies I bought something at some point.
Re: (Score:2)
Stop Patting Yourself On The Back (Score:2)
Spam volume naturally rises and falls. Anytime someone congratulates themselves for a reduction in spam volume, they are proven wrong shortly later when it comes back up.
Re: (Score:2)
Re: (Score:2)
But better filters have a big impact on the economics.
No, they don't. Filters don't help, for several reasons:
So in the end, filtering does not help the problem. Indeed an argument could be made that it makes it worse because we just end up thro
Re: (Score:2)
Re: (Score:2)
You have no idea what you're talking about. Very few spammers of any volume use a single relay. Any known relay of spam gets blacklisted in a matter of hours. Bulk of spam is delivered through botnets and between greylisting and SPF, most of that spam doesn't even get through to end users. Less and and spam is getting to end users. Meanwhile, botnets don't come cheap. While this kind of decrease in such a short period of time probably isn't due solely to filtering, I would expect rates to begin a decline.
On paper it might be down... (Score:2)
but in my accounts it still comes in as a flood. Some of it is clearly malware coming in - others are questionable scans plus the usual Nigerian nonsense.
Re: (Score:2)
spam filters have become too good? (Score:2)
Yeah, can't see how that happens. Of course, if I were writing the ultimate spam filter the logic would go something along the lines of this when it receives a new message:
Has the guy emailed you before? (continue test if no)
Is there a reference to a site selling watches, drugs, or online degrees? (continue test if yes)
Is the site from a known legit source, based on popularity of the 'unspam' button for this user? (move to spam folder if no)
Poof, there goes 99% of all the spam that I've ever received in my
Re: (Score:2)
Has the guy emailed you before? (continue test if no)
Greylisting. THough it is a little more complicated than this. There has to be a way to allow people to email you for the first time. So what a greylisting filter does is deny first delivery once with a temporary failure and it keeps denying until a certain time has elapsed. Then it allows the message in. The idea is that most spammers won't bother retrying the delivery, or at least not with the same "From" field and the same botnet node. It is actually pretty effective. Although the initial delay can be a
Depends on your definition (Score:4, Informative)
It depends on your definition of "spam". By my definition, I get more spam than ever. The difference is that much of it is from legit companies who comply with the CAN-SPAM law. I can opt out, but I'm getting about 100 or more of them a day, and I can't spend all day opting out of every single one of them. It may be legal, but it's still spam, as far as I'm concerned.
Re: (Score:2)
Here's my solution using yahoo, they offer 500 aliases for you. Make a new one, sign up with the alias, redirect that to your "legal spam" folder. If you ever want to get rid of a company and its business partners and whoever else got their hands on that email, delete the alias. That is a very final opt-out. I wished I had done that long ago, because it saves you tons of spam. Of course you need to have a normal email as well and if others get that it can be spammed, but that problem would be a lot smaller.
Re: (Score:2)
This works for companies you are doing business with, and yes, I do this myself. However, if Google or Facebook are selling your email address, there isn't much you can do about it.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I imagine that it is coming from my email provider and/or Facebook. For example: I responded to a friend's post about their broken air conditioner and suddenly I started getting spam from companies offering air conditioner repair. I responded to a golf tourney invitation via email, and within hours I started getting solicitations to subscribe to Golf World magazine. It might be coincidence, but the fact that these are legitimate companies who are sending me the email (JC Penney, Radio Shack, Conde Nast,
1 Weird Tip (Score:2)
Why bother spamming when the cost of advertising threw normal services have gotten so cheap. Back in the spamming hay day the cost for a banner add was thousands of dollars Now it cost as little as a few bucks. Sure we have Add block tools but most of us don't use them. So the previous spammers are going the more legit route and making their adds to look like articles on CNN.
Re: (Score:2)
Re: (Score:2)
The best solution to SPAM has to also be the best solution to music/movie piracy. Adjust incentives until it is eliminated.
Re: (Score:2)
Big corps have stopped tolerating spam (Score:4, Interesting)
Aren't most of the spam kings either dead, retired, or in jail at this point? I hear it's lonely in Boca Raton these days.
And wasn't there a wave of murders in the former Soviet Union when Microsoft and Time-Warner/AOL decided they were no longer going to ignore spammers? Bunch of free-lance software developers with connections to organized crime found dead, as I recall; the rumor was that the spam kings were eliminating people who knew too much.
Well, regardless of the truth or falsehood of any of these tales and rumors, if corporate pressure has made spamming unprofitable, I'm certainly not complaining. It's about time the f***ing invisible hand did something besides j***ng off US Congressmen.
Meta spammer (Score:2)
The botnets are mining bitcoins instead (Score:2)
I thought the reduction in spam was just because some of the spammers are using their botnets to mine bitcoins instead.
Re: (Score:2)
So Bitcoin is in fact usefull for something?!
This is terrible news! (Score:2)
If this keeps up this could be the end of western society as we know it. I really hope the powers that be can come up with a reasonable bailout strategy for the spammers. They are to big to allow to fail.
Literally like blowing my nose. (Score:2)
Dealing with spam is like dealing with snot. Nothing you can do to stop it, but it's easy to dispose of.
Spammers have moved (Score:2)
Apparently the article's author has not used Twitter, Facebook or hosted a WordPress blog. The spammers have just changed from email to focusing on social media, forums and blogs.
Nightly Infommercial Rerouted (Score:2)
Something DID happen.. at least to my mail server. (Score:2)
end of November/early December, I noticed a significant decrease in the number of emails that were blasted to invalid email addresses.
Still getting spam, of course.. and more of it is professional stuff hawking products from American companies like Gevalia, Shari's Berries, etc...
spammers have switched to text messages (Score:2)
It's much harder to filter phone spam, and in America, you often get charged for the pleasure of receiving phone spam.
Don't be fooled... (Score:2)
Yesterdays spam is todays botnets.
Just because your Inbox might be a little cleaner or safer doesn't mean the 'net is...attacks are merely changing vehicles, that's all...
Gullibility will always be profitable.
Re: (Score:3)
The term "spam" as used to represent junk e-mail wasn't originally an acronym. They took the term 'spam' from the classic Monty Python sketch about spam, because it represented something unwanted. "I don't like spam!"
Believe me, advertising people will jump on any chance they see to sell some more ads, and there's a sucker born every minute who will pay for those ads to be distributed.
Re: (Score:2)
The term "spam" as used to represent junk e-mail wasn't originally an acronym.
You mean it doesn't stand for Stuff Posing As Meat?
Re: (Score:2)
Spammers should be serving life sentences, shackled to the production lines and making the real thing...
Re: (Score:3)
Re: (Score:2)
Or at least, praying they didn't work anywhere near as well as was advertised
Re: (Score:2)
because /. has become a place for M$ astroturfing fanbois. Dudes, trash Hotmail
I'd hardly consider myself a Microsoft fanboi, but Hotmail does a decent job of placing junk email in the Junk folder.