Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New Spam Site Found Every Three Seconds

samzenpus posted more than 6 years ago | from the spam-sausage-spam-spam-spam-mail-and-spam dept.

Security 164

Stony Stevenson writes "New figures suggest that 92.3 percent of all email sent globally during the first three months of 2008 was spam. The data from Sophos also indicated that 23,300 new spam-related web pages were created every day during the period, or one about every three seconds. For the first time Turkey's contribution to the global spam problem puts it in the top three offending countries. Compromised computers in Turkey are now responsible for relaying 5.9 percent of the world's junk email, compared to 3.8 percent in the final quarter of 2007."

cancel ×

164 comments

Sorry! There are no comments related to the filter you selected.

ntpdate time.spam.net? (5, Funny)

Anonymous Coward | more than 6 years ago | (#23099278)

I love it. I can sync my computer to it.

I hate spam... (1)

KGIII (973947) | more than 6 years ago | (#23099286)

We should be able to kill 'em. I'd hate to advocate additional regulations but, well, something really should be done. Though, honestly, I've learned to delete it over the many years and now it is really just a pain in the balls more than anything.

Re:I hate spam... (5, Funny)

zappepcs (820751) | more than 6 years ago | (#23099334)

If spam gives you a pain in the balls, you are eating it wrong.

Re:I hate spam... (1)

KGIII (973947) | more than 6 years ago | (#23099398)

So that's what I'm doing wrong? Thanks. :D

OT: your sig (0)

Anonymous Coward | more than 6 years ago | (#23101246)

Thank you for that wikipedia page -- I just went on a great hilarious and informative link surf from it.

Won't sombody think of the children? (3, Insightful)

cynicsreport (1125235) | more than 6 years ago | (#23099400)

..... something really should be done....

Yes, sir! something should be done about spam!
And, while we're at it, someone should really do something about domain squatting.
Oh year, and what about phishing? Why isn't anyone doing anything about that!?
Seriously, guys; get on it. I'll be watching the third season of Seinfeld DVD.

Re:Won't sombody think of the children? (1)

KGIII (973947) | more than 6 years ago | (#23099506)

I don't have a good answer as to what should be done. I could opine but, well, I'm really not qualified. (Not that that's stopped a lot of us, myself included, from forming opinions so I'll give it a shot.) Anyhow...

My idea is that if x% of the traffic coming out of a country is abusive then those controlling, let's pick the U.N. for now but it could be another group of countries, then 100% of that traffic will just be bit-bucketted at the gateways. I have absolutely no clue how that would work but I'm thinking more along the lines of spam blacklisting but on a global scale. If a country's traffic is blocked for the majority of the world then their government would (hopefully) crack down on the abuse. I think, to add to this, that no nation should be excluded from this via merit of them thinking that they created or own the internet. Specifically, if required, then the U.S. of A. should be subject to these same rules.

Re:Won't sombody think of the children? (4, Interesting)

1u3hr (530656) | more than 6 years ago | (#23100328)

My idea is that if x% of the traffic coming out of a country is abusive then those controlling..., then 100% of that traffic will just be bit-bucketted at the gateways

If you block a country because it is relaying spam, it will be switched to go via another country before the week is out. Meanwhile millions of innocent people will find themselves cut off.

Specifically, if required, then the U.S. of A. should be subject to these same rules.

You bet. Clean up your own act first. I'm not holding my breath. Easier to blame nasty foreigners.

Did you RTFA:

The US continues to relay far more spam than any other country,
And see the ROKSO list [spamhaus.org] , note the nationalities.

I live in Hong Kong. About 80% of the spam I get is from the US. And yet I find my emails often bounced from US addresses because of similar enlightened attitudes.

Most of the world's spam ORIGINATES in the USA, is PAID FOR by USA companies. Your government does nothing to stop it. (What is it, two or three prosecutions in the last 5 years?) American companies lobby to prevent any effective measures to stop spam. Bit bucket Florida and you might make a dent in it for a while. But attack the source, not the routing.

Re:Won't sombody think of the children? (1)

KGIII (973947) | more than 6 years ago | (#23100500)

Of course I read the article but, well, I live in America and I know that many of us are aloof and think that we can do no harm and, if we do, the world must tough it out thus my insistance that no one nation be left out of the agreement even if they don't like it. It's not a very good solution or anything but I'm not seeing too many options being given. I'd really love to see something done but, at the same time, a good part of me is against regulations.

Re:Won't sombody think of the children? (1)

1u3hr (530656) | more than 6 years ago | (#23101056)

. I'd really love to see something done but, at the same time, a good part of me is against regulations.

Most spam is selling fraudulent or non-existent goods. If investigated, the senders could be convicted for breaking existing laws. But each instance is too small for prosecutors to bother. So they do nothing. If even 1% of spammers weer tracked to source and the senders charged, it would disappear pretty quickly. If the spammers want to make money they need to be hooked into the financial system. Regardless of how they disguise their email, there will be a money trail. Charge them and make the credit card agencies blacklist them.

Government leaders just don't care because they personally never see it. They have staff to read their email and they only see the real stuff. The deepening swamp of crap most of us deal with is not real to them. The only opinions thry hear are from the marketers and fund raisers who don't want any restrictions.

Re:I hate spam... (2, Interesting)

PitaBred (632671) | more than 6 years ago | (#23100344)

I personally advocate "don't be a douche" vigilantism. If too many people complain about you being a jackass, you get your picture in the local paper/news website as the Jerk of the Week.

Re:I hate spam... (1)

KGIII (973947) | more than 6 years ago | (#23100518)

I could go for that one. It'd be interesting to see if people actually shunned the offenders. I think too many of us live in large urban areas for that to be as effective as it might have been back when we had communities instead of cities.

Ranking is unimportant (4, Insightful)

EmbeddedJanitor (597831) | more than 6 years ago | (#23099326)

Yet again we see ranking used in a silly way. It's the numbers that are important.

Third placed Turkey and tenth placed UK are wthin a +- 6% band, probably close to the margin of error in the analysis.

Re:Ranking is unimportant (0)

Anonymous Coward | more than 6 years ago | (#23102278)

Yet again we see ranking used in a silly way. It's the numbers that are important.

Third placed Turkey and tenth placed UK are wthin a +- 6% band, probably close to the margin of error in the analysis.

Yea, you're probably right

I dont get it... (4, Interesting)

repapetilto (1219852) | more than 6 years ago | (#23099332)

I never get spam, I have my school email address I use for trusted sites and people while everything else goes to a yahoo account. The yahoo account is filled with spam, but since I only have to check the newest mail whenever I use it its not a big deal. Am I missing something here?

Re:I dont get it... (5, Insightful)

chromatic (9471) | more than 6 years ago | (#23099368)

Am I missing something here?

Yes; it takes plenty of processor time, electricity, memory, bandwidth, and administrator time to make sure that you don't get spam. Also, not everyone uses e-mail the same way you do. Some of us actually want to hear from people we don't know.

Re:I dont get it... (1)

repapetilto (1219852) | more than 6 years ago | (#23099852)

So you're saying that if I simply had two yahoo accounts and treated one the same as I currently treat the school one, I would get spam? I guess I wouldn't know but itd be interesting to find out.

Re:I dont get it... (2, Informative)

Architect_sasyr (938685) | more than 6 years ago | (#23100420)

Just because you don't give out your email address doesn't mean someone else can't get it. Website compromises, those idiots who let facebook/myspace/whateverCrapSite log in to their email account to get more address', worm attacks. Hell I got bored and signed my boss up for a whole bunch of porn sites with his home account (he thought he was safe mwahaha).

Also for some reason I am more likely to get spam on my hotmail/gmail accounts than I am on my work account, and I don't hand those emails out to anybody I don't trust (i.e. only my family has them and they're all secure enough for my liking). Go figure.

Re:I dont get it... (1)

theheadlessrabbit (1022587) | more than 6 years ago | (#23100452)

i do exactly that, for the past 7 years or so (since 2001, i think, not sure) i have had 2 email accounts, one is personal, the other is used for online forms, registrations, notifications, ebay, amazon shopping, etc.

it started as an experement. i wanted to see if my gender made a difference in the number of 'v1agra' ads that i got, so one account listed me as male, the other, female.
(it made no difference - aparently, spammers think females want to have a bigger pen1s too)

while my main yahoo account (myrealname @ yahoo.com) is not perfectly spam proof, it only gets about 1 or 2 spam messages a year, hardley enough to worry about.

My other account (theheadlessrabbit @ yahoo.com) gets nearly 100 spam messages a day.
most of them go to my bulk folder automatically and i never see them.

my facebook, slashdot, youtube, ebay, freeporn, etc. go into the main folder, and pop up on pidgin's email notification thingy, so i can quickly scroll through them all, see if any emails are important, or if i can delete them all.

It takes very little effort on my part.

for me, spam is not an issue.

i think all these anti-spam ideas miss the big picture: if no one bought products from spam, they wouldnt do it. we should be going after the idiots who reply to spam.

Re:I dont get it... (4, Interesting)

jimicus (737525) | more than 6 years ago | (#23101402)

i think all these anti-spam ideas miss the big picture: if no one bought products from spam, they wouldnt do it. we should be going after the idiots who reply to spam.

IIRC there was someone who tried an experiment some time ago. They tried to buy some of the v1|4|g|r|4 that they'd seen advertised in spam.

They couldn't find a single spam which actually led to someone genuinely trying to sell something. I think they concluded that spam had mostly become a pyramid scheme, with a handful of people at the top trying (with some success) to persuade everyone below that they could make lots of money from spam - all they needed to do was buy this mailing list software and that list of email addresses...

Re:I dont get it... (0)

Anonymous Coward | more than 6 years ago | (#23100876)

No, He was saying "not everybody uses e-mail the same way you do. Some of us actually want to hear from people we don't know."

If my business e-mail address is sales@anydomainintheworld.com, I will get spam. Hate to risk losing a large sale because I assumed the subject "stock pricing are soaring" was spam rather than a complement on my market's success.

Re:I dont get it... (4, Insightful)

kylehase (982334) | more than 6 years ago | (#23100880)

Even if you only give your private address to your friends, you must have smart friends who NEVER:
  • Included you on a To: or CC: list of recipients,
  • Used your email address to search for you on social sites,
  • Sent you e-cards/e-invites
That's pretty amazing. I'm sure most of the spam in my "friends only" or "business only" email accounts were not leaked by me but by a trusted party who didn't know better.

Re:I dont get it... (3, Funny)

Stellian (673475) | more than 6 years ago | (#23101846)

...you must have smart friends who NEVER:
Your smart friends must also never store your email address anywhere on their harddrive (for example, the browser cache), so that it can't be picked up by the spam sending bot that infected thier machine and does a global scan for "someone@somewhere". Or, only have friends that never get infected. Between the two, you can either:
- have only geek friend
- have no friends
Take you pick - I don't know what's worst.

Re:I dont get it... (3, Interesting)

niktemadur (793971) | more than 6 years ago | (#23101920)

* Included you on a To: or CC: list of recipients,
* Used your email address to search for you on social sites,
* Sent you e-cards/e-invites


There is an astonishing number of people who've had email accounts for years now, and still do the very first and worst thing you mention in your no-no list. I guess it's the most convenient (read: lazy) way to re-send the same lame joke to fifty people. The CEO of the company I work for keeps doing this in my business account!
Or those blasted chain emails. I can imagine that many of those were created by spammers harvesting addresses, exploiting peoples' superstitions in machiavellian fashion.

Back in the days of dialup, when the "Dalai Lama wisdom tidbits, send this to twenty people you know" type pps files were already bugging me beyond belief, some bitch that somebody knew that somebody knew that I knew had the nerve to send out a gigantic list of CC: recipients to hundreds of people, with no message whatsoever, just the headline "Let's see what happens". Needless to say, she was bombarded with hate mail, but it was too late. In a few months' time, I was getting about a hundred and fifty spam mails a day, so I created a new address, notified my inbox contacts and asked them to never, ever put me on a CC: list.

It worked for a while, then I started getting spam again, and I couldn't figure out why. Then it hit me: "Damn, I used my address to register in Amazon (also buying stuff through its' independent affiliate sellers), Paypal, eBay and the like". Could that be an additional reason?

Re:I dont get it... (2, Insightful)

jimicus (737525) | more than 6 years ago | (#23101392)

while everything else goes to a yahoo account. The yahoo account is filled with spam...

Then you do get spam. You've just chosen to deal with it by making sure it all goes to a particular address.

As soon as you sign up to a public mailing list, post on usenet or put your email address on something not terribly well known for privacy (eg. Facebook), you'll find that - lo! - you get spam.

Either that or your school's email admin staff have finally discovered the Holy Grail of anti-spam solutions. Perhaps they'd care to share it with us?

Re:I dont get it... (2, Funny)

nxsty (942984) | more than 6 years ago | (#23102094)

Am I missing something here?
Yes. You are missing some very valuable offers from people who are eager to help you with your erection problems.

Re:I dont get it... (1)

nmg196 (184961) | more than 6 years ago | (#23102362)

> I never get spam,
> Am I missing something here?

Yes. You simply haven't got any SPAM *YET*. It's not you giving it out that you've got to worry about - if anybody you've ever emailed gets a virus, their whole address book could easily be uploaded to the net (since hundreds of viruses are created simply to harvest address books).

One day you WILL get spam at that address and it doesn't take long once it's "out there" for you to get a LOT of spam.

Wooohooo!!! Go Turkey! (2, Funny)

swillden (191260) | more than 6 years ago | (#23099360)

Movin' UP!

Re:Wooohooo!!! Go Turkey! (0)

Anonymous Coward | more than 6 years ago | (#23099716)

...aaand movin' on down [youtube.com] .

Re:Wooohooo!!! Go Turkey! (1)

houstonbofh (602064) | more than 6 years ago | (#23100482)

I don't know, but I think Turkey Spam is taking low fat health food too far. It needs to stop!

A video from the Spam Dept (2, Informative)

AsmCoder8088 (745645) | more than 6 years ago | (#23099370)

In case you are wondering, here is a related video courtesy of Monty Python:

http://www.youtube.com/watch?v=anwy2MPT5RE [youtube.com]

Enjoy!

Re:A video from the Spam Dept (2, Interesting)

i.of.the.storm (907783) | more than 6 years ago | (#23100148)

I love how youtube thinks most of the comments on that video are spam.

Wait a minute (5, Funny)

relikx (1266746) | more than 6 years ago | (#23099392)

I thought Turkey was a Muslim country, isn't spam some sort of shoulder meat? Oh right, they're secular.

Re:Wait a minute (5, Interesting)

EdIII (1114411) | more than 6 years ago | (#23099830)

isn't spam some sort of shoulder meat ?


I think you may have answered your own question there :) LOL

Officially, S.P.A.M originally stood for "Shoulder of Pork And haM". However, it most often referred to as "Something Posing As Meat" and "Spare Parts Animal Meat."

There are also, completely unsubstantiated of course, rumors that old man Hormel himself thought he was going to hell for his part in creating it...

Re:Wait a minute (1)

elloGov (1217998) | more than 6 years ago | (#23100116)

Funny you say! In Turkey, there is a saying: "If it's illegal, Turk will master it!" :)

Re:Wait a minute (3, Funny)

p0tat03 (985078) | more than 6 years ago | (#23100494)

Funny, I would have thought that turkeys would say "bok bok b'gawk!"

Sturgeon's Law (2, Informative)

CastrTroy (595695) | more than 6 years ago | (#23099488)

Which once again proves Sturgeon's Law [wikipedia.org] which states that 90% of everything is crap. Or 92.3% in this case. Luckily for me gMail is pretty good at filtering the crap, son I only see about 1 spam for every 10 real emails. However, if I look in my junk folder, and compare that to the number of valid emails I receive, I would say that 99% of it is spam.

Re:Sturgeon's Law (1)

cheater512 (783349) | more than 6 years ago | (#23099812)

In the last 2 weeks I have gotten 80 emails (thats not including conversations but meh).

In the same period I've gotten 25,818 spam.

That means 99.69% of all my email is spam.

Re:Sturgeon's Law (1)

The MAZZTer (911996) | more than 6 years ago | (#23100252)

GMail deletes spam older than 30 days.

In 30 days I've gotten 45 legitimate e-mails and 1792 spam. Most were automatically filtered, a few manually.

So 97.55% here... hrm.

An interesting percentage would be how much of the spam snuck through, but I don't have that metric.... couldn't be more than a couple dozen though.

Facebook (1)

billy901 (1158761) | more than 6 years ago | (#23099508)

Something interesting I noticed, is that since I signed up for Facebook, and all my friends that have signed up for Facebook have been getting the same spam. It's free offers and stuff. At least I don't get the enlarge my penis stuff.

Re:Facebook (1)

Slashdot Suxxors (1207082) | more than 6 years ago | (#23099556)

You agreed to it when you installed your 23484039057 billion Facebook "Apps".

Re:Facebook (1)

billy901 (1158761) | more than 6 years ago | (#23099618)

I've actually installed very few apps. Just to clarify it for you, I'm receiving all of the same stuff as my friends with different apps. I still get stuff like "Free Xbox!" Or "$500 in Kmart gift certificates!" Who would want either one? Give me a Linux box and $500 in WalMart gift certificates and I might open them up. :)

Re:Facebook (5, Funny)

Anonymous Coward | more than 6 years ago | (#23099684)

You think it's bad now, wait until the spammers can faceboogle you.

Re:Facebook (1)

kvezach (1199717) | more than 6 years ago | (#23101630)

The mind boogles.

Browser Share in Turkey? (1)

rubah (1197475) | more than 6 years ago | (#23099572)

I was wondering if anyone had any numbers on the market share of IE vs other browsers in Turkey. A few quick google searches were hesitant to reveal anything.

Re: Browser Share in Turkey? (2, Insightful)

Technician (215283) | more than 6 years ago | (#23100086)

I was wondering if anyone had any numbers on the market share of IE vs other browsers in Turkey. A few quick google searches were hesitant to reveal anything.

More interesting is the ratio of infected computers. It isn't stated. But take the population of the US and the Population of Turkey and do a comparison. The other interesting number is the number in Russia. Russia has a large population, but how many of them even own a computer or have internet? Something tells me they have a very high proportion of infected machines. This is most likely due to Microsoft and their WGA program keeping most of those machines unpatched and vulnerable as the population in general can't spend several months wages for a genuine copy.

It's bad enough that anything ending in .ru is simply discarded. For me this is a 100% filter that doesn't have any false positives. Nigeria is second on the list.

Everything else left then goes to spam filters. This lightens the load.

Re: Browser Share in Turkey? (1)

pegdhcp (1158827) | more than 6 years ago | (#23100490)

I used to have some numbers, but they are not valid as of now. However, with the exception of some academic and military networks, all (ALL) government computers are running Microcrap OS. Same applies to company networks (with the exception of media companies, where the trouble source of choice is Apple) and home computers (with the exception of a small percentage of younger home users, mostly Linux running script kiddies). You can deduct browser and mail client preferences. There are even some companies using old IE logo for "Internet" place holder :(

A Rate Comparision (4, Funny)

pyrrhonist (701154) | more than 6 years ago | (#23099594)

Just to give some idea of the scale, this is more than twice the rate at which the human male thinks about sex [snopes.com] .

I didn't think it was possible.

Re:A Rate Comparision (1)

EdIII (1114411) | more than 6 years ago | (#23099926)

I didn't think it was possible.


Don't be silly! Of course it's not actually possible. You see the sex "thought process" is actually a continuously running background process with at least one dedicated processor at all times. The size and strength of that processor varies of course, but is nonetheless always active. Furthermore, the rate at which some people are measuring this process is incorrect, as they only measure when it gains control over the active "window", which is about once every few seconds.

Was anyone surprised here? (4, Insightful)

damn_registrars (1103043) | more than 6 years ago | (#23099672)

I know that my email (especially in my older accounts) certainly matches the rate of spam in excess of 90% by volume.

And the part about a new spam site created every 3 seconds shouldn't surprise anyone either. As much as people despise spam, there is still money to be made in it. Thats why people continue to send spam, of course. Thats also why people continue to buy new domain names to sell discount "drugs" and "software".

This just tells us what many of us already knew. The spam problem will continue to get worse until we actually apply a economic solution to this economic problem.

Re:Was anyone surprised here? (1)

i.of.the.storm (907783) | more than 6 years ago | (#23100192)

One proposal that's been thrown about is a sort of micro-tax on emails, something like .1 cents per email sent or something. For most people it wouldn't matter, but spammers would get charged massively. The problem is how to actually charge for email. The thing is, we still have junk mail and that actually has a postage fee, so I'm not sure how much a tax on email would help. Of course, users would probably react violently to being charged for email so they could have a CAPTCHA type thing whereby at the end of a month you could prove you were still human (as opposed to a legitimate account that had been 0wned) and have the tax negated, which would theoretically allow for only spammers to be charged. But really, this method has too many loose ends so it's probably not likely to occur any time soon.

Re:Was anyone surprised here? (2, Informative)

Weedlekin (836313) | more than 6 years ago | (#23102188)

"For most people it wouldn't matter, but spammers would get charged massively"

Except of course for those who use botnets controlled by compromised servers to send spam, which is most of them nowadays.

The ratio is completely wrong for that. (3, Interesting)

khasim (1285) | more than 6 years ago | (#23100274)

This just tells us what many of us already knew. The spam problem will continue to get worse until we actually apply a economic solution to this economic problem.
Yes, in theory.

The reality is that a single sale of "herbal \/1agr4" can mean a profit for the spammer. The cost of spamming is that low for them.

In order to make it economically unsound for the spammers, you'd have to make it economically annoying for the rest of humanity. More annoying than simply putting up with the spam.

UNLESS we get rid of the stupid CAN-SPAM law and allow each state to institute its own anti-spam laws and allow citizens in those states to sue the spammers for violating those laws.

Yeah, this will hurt "legitimate" fucking "email marketing" companies ... but in my experience those do not exist. Any legitimate company would view the 50 different legal requirements as a cost of doing business. The same as it is with insurance companies.

Re:The ratio is completely wrong for that. (1)

kvezach (1199717) | more than 6 years ago | (#23101610)

In order to make it economically unsound for the spammers, you'd have to make it economically annoying for the rest of humanity. More annoying than simply putting up with the spam.

Not necessarily. If you have a trust network or database telling you which sources are more likely to spam (like RBL but with degrees instead of "either you're a spammer or you're not"), mail servers could demand more of sources that are likely to spam. Just connect this thing to another network of cryptographic time stamp servers (who, themselves, don't permit a single address to get more than a single token in a given interval), and demand that legitimate users send no more than say, 10 mails per minute and spammy users send no more than 0.1 mail messages per minute. Boom, spam zombies are slowed down by 100x.

That's an economic solution to the degree that the cryptographic timestamp servers print money and the RBL-alikes lets one adjust supply and demand. If you can't trust the timestamp servers, a poor man's approximation could be proof of work (like Hashcash, but use something memory bound since memory speed doubles more slowly than CPU power). See this paper [econinfosec.org] about that strategy.

Re:The ratio is completely wrong for that. (2, Insightful)

swillden (191260) | more than 6 years ago | (#23102210)

The reality is that a single sale of "herbal \/1agr4" can mean a profit for the spammer. The cost of spamming is that low for them.

No, the reality is that spammers don't care if the product they're pumping sells at all. Spammers sell spam, it's the fool that's buying the spam that wants to sell "herbal \/1agr4". Sure, spammers would like it if someone would buy the stuff, but when the current fool finally realizes he's not making any money there's always another sucker with a get rich quick scheme and a little cash to buy the spammer's services.

open season (1)

Anonymous Coward | more than 6 years ago | (#23099680)

Anyone who is associated with a spam operation is fair game. Bullet in the head and make sure you have evidence. Hell, kill the entire family associated with the spammer to prevent these scumbags from creating more of their own.

Re:open season (1)

i.of.the.storm (907783) | more than 6 years ago | (#23100206)

That's a bit harsh, don't you think?

Re:open season (3, Funny)

calebt3 (1098475) | more than 6 years ago | (#23100254)

Your post advocates a

( ) technical ( ) legislative ( ) market-based (*) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
(*) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(*) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

(*) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(*) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(*) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(*) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

ASSP is the answer (4, Informative)

Lershac (240419) | more than 6 years ago | (#23099700)

ASSP

30 minutes to install on an exchange server... filters out all the spam.

I run it on all my clients, and they average about 95% of all mail intercepted as spam with a zero false positive rate.
http://assp.sourceforge.net/ [sourceforge.net]

Re:ASSP is the answer (1)

Rogan's Heroes (1274232) | more than 6 years ago | (#23099744)

But what happens when one of your friends starts selling penis pills and wants you to buy his product? How will you ever get word of it?!?!?!

Re:ASSP is the answer (3, Funny)

Lershac (240419) | more than 6 years ago | (#23099776)

well if we have exchanged email in the past, he is on the whitelist and I will definitely get his awesome product!

Or I can blacklist his ass.

ASSP (2, Funny)

game kid (805301) | more than 6 years ago | (#23099840)

Sorry, I don't trust a product that evokes "ass pee" with spam protection. :P

Re:ASSP (1)

lottameez (816335) | more than 6 years ago | (#23102374)

If you provide us with your email address, I can send you and 5,000,000 of your closest friends an offer for an AMAZING new drug that will cure "ass-pee".

Re:ASSP is the answer (2, Interesting)

Technician (215283) | more than 6 years ago | (#23100162)

30 minutes to install on an exchange server... filters out all the spam.

I too can install a filter that filters out all the spam.. Send it to dev null. A good filter should have a low false positive rate along with removing most spam. Many filters that remove most (or all) spam also have a high false positive rate.

My ISP seems to lose about 50% of my business mail. Some comes marked spam and some doesn't even arrive.. Either that or my requests for quotes are ignored by my vendors.

I've been trying to get quotes and questions answered on some American DJ and Elation DMX consoles. Email is a 100% loss. I have to use the phone.

I did manage to get an answer on some Chauvet stuff. That has been the exception, not the rule.

Idiot email admins. (1)

khasim (1285) | more than 6 years ago | (#23100338)

#1. Any mail accepted MUST be delivered.

#2. Any mail rejected MUST be rejected at SMTP time and include the phone number of the email admin of the rejecting server.

That's how I do it. If my machines are rejecting your messages, your server is getting my phone number along with the 5xx error message. Exim4 rocks.

If your server does not deliver that rejection notice to you, that's the fault of your email admin.

I've pretty much cut spam out completely at the company I work for. The only problem is the rather large white list I have to maintain because of all the email "admins" out there who do not know anything about SMTP or how to configure their servers. And I'm working on improving the automation of that anyway.

Re:Idiot email admins. (0)

Anonymous Coward | more than 6 years ago | (#23100402)

I guess you think that people actually STOP at STOP signs, too.

Re:ASSP is the answer (1)

EdIII (1114411) | more than 6 years ago | (#23100322)

First off, I don't understand if the article is talking about emails actually accepted by email servers and delivered to accounts, or just SMTP connections (terminated or successful).

I don't know about ASSP, but I use third party solutions for my servers as well. Your not the only one that seems to have a handle on it.

I get perhaps 8% of all inbound email messages labeled as SPAM and STILL placed into the Junk Mail folders. I don't have a zero false positive rate though, but it is very low. Less then 10 per month when we started and it has fallen down considerably considering that any entry placed in the contacts is automatically white listed. I had a single false positive last month. Our web interface also allows the users to flag the false positives from the junk mail folder and have them moved to the Bayesian learning folders and placed back in their Inbox.

The interesting part is that we are only around 50-60% SPAM on all SMTP connections for a given month that are terminated without accepting the email. These are separate from the aforementioned 8% as well. So SPAM accounts for no more than 70% period.

I am not huge yet by any means, but the domains I service are an average of 3-4 years old (some much older). We have been up a pretty long time with a couple hundred email accounts and even more aliases as I have explained to many power users how to create an alias for specific websites.

I sometimes wonder just how far the big players have their heads up their assess. With heuristics, drop lists (banned network ranges), SPF, DKIM, Spamhaus, SpamCop, etc. how can it be so difficult to terminate SPAM sessions and not even deliver the message to the Inbox?

It actually seems to be getting easier for the email community to stop SPAM at the lower levels. Sure there is an incredible amount of Noise to Signal going on, but we are getting so much better at determining the noise and dropping it.

I dunno, I hear about SPAM being such a tremendous pain in the ass all the time and I was very worried about it when I started administrating email servers, but it has turned out to be a lot easier than I thought. Nothing like how everyone else makes it out to be. Strange huh?

Re:ASSP is the answer (3, Interesting)

gujo-odori (473191) | more than 6 years ago | (#23100532)

You're proud of 95% efficacy? I work for one of the well-known anti-spam companies, and if our efficacy *fell* to 95% that would be considered an emergency. Our overall efficacy is >99% and the spam categories I manage are closing in on five nines.

Re:ASSP is the answer (1)

mlts (1038732) | more than 6 years ago | (#23100714)

Remarkably, I have found Exchange 2007 good at stopping spam, once you enable the anti-spam rulesets at your mail gateway or edge server by running the .\install-AntispamAgents.ps1 script then restarting the Exchange transport service.

To boot, on supported installations, Microsoft is very good at updating anti-spam heuristics either weekly or more often when needed.

So far, just the default rulesets have dropped almost all incoming spam before it reaches my mailbox, and the few that do get through will be dropped into my junk E-mail folder when I run MailWasher Pro.

summary is misleading (3, Interesting)

martin-boundary (547041) | more than 6 years ago | (#23099720)

Phrases such as "Turkey's contribution to spam" are highly misleading. Turkey doesn't actually contribute significantly to spam. How many Turkish language spam messages have you got recently in your mailbox? How many spam messages advertizing a Turkish company's products? None? Then Turkey's contribution to spam is negligible.

What everyone gets in their mailbox are mainly American spam messages intended mainly for Americans, sent via hijacked Windows computers around the world. There's also a significant fraction of messages intended for a handful of other rich countries, but the only third world country seriously contributing their own spam is probably Nigeria.

Re:summary is misleading (2, Informative)

seyyah (986027) | more than 6 years ago | (#23100094)

Phrases such as "Turkey's contribution to spam" are highly misleading. Turkey doesn't actually contribute significantly to spam. How many Turkish language spam messages have you got recently in your mailbox? How many spam messages advertizing a Turkish company's products? None? Then Turkey's contribution to spam is negligible.

I disagree. There needs to be a means of getting all these Turks to get their computers infected. I can tell you that there are many many web-sites targeting Turkish internet users for all sorts of attacks. Plus, downloading music using clients saturated with spyware is common and I'd be shocked if many of these were not also trojans.

So, yeah I think Turkey is totally contributing to the spam problem.

Re:summary is misleading (0)

Anonymous Coward | more than 6 years ago | (#23100418)

FYI Turkey isn't a third world country.

Re:summary is misleading (1)

ubernostrum (219442) | more than 6 years ago | (#23100554)

What everyone gets in their mailbox are mainly American spam messages intended mainly for Americans,

Actually, in the past year or so I've noticed a trend in my spam toward the CJK section of Unicode... all that newfound Chinese buying power is searching for an outlet.

Re:summary is misleading (1)

Michael Wardle (50363) | more than 6 years ago | (#23101470)

"Turkey's contribution to spam" suggests that either Turkish ISPs are spammer friendly or PCs in Turkey are easy to hack into and send spam from (e.g. because it's uncommon for users to run security software or apply updates).

From this you can draw conclusions like anti-virus and firewall software is too expensive for home users in Turkey, and decide how best to fix the problem.

Different kinds of numbers (2, Informative)

gmuslera (3436) | more than 6 years ago | (#23099722)

Tnat a country have more or less computers that send spam could be related the amount of new people with internet connection there, specially if there is no big culture around security.

But the 1st number, the amount new web pages related to spam, needs to be explained a bit more. The original Sophos report [sophos.com] at least explain that are the related to the web links included with the mails, but not sure if that implies more spam realted domains, more spam related servers or if the big numbers are more related to different ways to write urls in the same servers,

Something should be done (0)

Anonymous Coward | more than 6 years ago | (#23099820)

Am I the only one that thinks that something should be done about this?

Re:Something should be done (1)

Mr. Roadkill (731328) | more than 6 years ago | (#23099888)

Am I the only one that thinks that something should be done about this?
No, you're not.

However, Zombied machines on Turkish dial-up or broadband connections aren't the biggest problem I have - they seem to get added to various blacklists fairly rapidly. The biggest headache I have right now is those wacky Nigerians and their national sport, abusing Hotmail and Gmail and Yahoo accounts for fun and profit.

Let's tell Dubya that Osama has been seen hanging out in Lagos, and that most of the proceeds from 419 scams go to finance Global Terror.

The reading is of this postage (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#23099920)

Greetijgs yuo are a gay homosexual who does the sex with men in the butt, anally.

Re:The reading is of this postage (1)

tomtomtom777 (1148633) | more than 6 years ago | (#23102100)

Moderated as offtopic??

Only on slashdot

3 secs? (0)

Anonymous Coward | more than 6 years ago | (#23099946)

I mean, do you have to count (in your mind) 1,2,3 until you find another one?

One day... (2, Interesting)

Fluffeh (1273756) | more than 6 years ago | (#23100056)

First it was their entry into Eurovision, now they are getting up there in the Spam stakes... what next Turkey? What next?

Never give up! (2)

gruvmeister (1259380) | more than 6 years ago | (#23100068)

"Turkey's appearance in the top three makes for an interesting realignment so early in the year," said Carole Theriault, senior security consultant at Sophos.

"But this does not mean that other countries can give up the fight."

That's right, it's still early in the year, no one is down and out quite yet. Plenty of chances for any up-and-comer to catch up and make an appearance on the leaderboard - who knows what the second quarter may hold!

anti net neutrality for spammers (0)

Anonymous Coward | more than 6 years ago | (#23100168)

Is it me or is this a constructive use of bandwidth limiting tools? A nice corner case. Imagine if we could make it so difficult to send this crap? But then again the people required to limit this are the same charging somebody for the wasted bytes. This is the same reason we get paper junk mail. In the post office view is not a bad thing. Plus all those security companies have all these "spam solutions" to sell.

Should something be done about it? Probably. Will something ever be done about it...nope.

Re:anti net neutrality for spammers (1)

mlts (1038732) | more than 6 years ago | (#23100748)

This can be slowed down on the ISP's end by doing two things:

1: Blocking outgoing port 25, unless the customer explicitly asks for it to be unblocked and will take the consequences of his or her actions if spam results.

2: Offering a properly configured SMTP server which is up to date on SPF records, DomainKeys, and other configurations, so people who have dynamic IPs and E-mail servers can use that server as a smart host, while their dynamic IP can reside on a dial up blackhole list. Of course, the SMTP server would throttle E-mail sent through it when it got to a certain threshold of messages per time period.

Doing both these things would keep spam zombie bots from spewing (unless they use ports 587 or 465, but that is more of the receiving end's problem similar to allowing an open relay), and it would allow users to be able to send E-mail out without issue.

While American spam offers girth and inches... (3, Informative)

jddj (1085169) | more than 6 years ago | (#23100306)

Turkish Spam KISS YOU! IT KISS YOU!!! It loving sex with all the womens of the world!

Sender Policy Framework (SPF)... (0)

Anonymous Coward | more than 6 years ago | (#23100502)

Urge your email provider to adopt Sender Policy Framework (SPF).

http://www.openspf.org/

slackers (1)

wardk (3037) | more than 6 years ago | (#23100514)

3 seconds the best they can do? what a bunch of hacks

Why (2, Funny)

rawg (23000) | more than 6 years ago | (#23100566)

I just don't understand why this can't be fixed. Why does ISP's let this happen? Why do people let this happen?

This is just so utterly ridiculous to me that it actually makes me sick to think about it. The shear amount of waste being dealt is just insane. And it's not just Email, it's regular postal mail too. The US Mail System is so clogged up with junk that it amazes me that my paycheck gets to me each month. Every single day my mail box is full of, basically, junk that goes straight into the fire.

Re:Why (1)

prockcore (543967) | more than 6 years ago | (#23101324)

Why does ISP's let this happen?


Stubborn sysadmins. Think about how much spam would be eliminated if you forced the from address to be the same server that was actually delivering the email.

If my email address is bob@example.com, the only machine that should be allowed to send mail proclaiming to be from example.com is example.com.

But noooo.. sysadmins demand the ability to forge the from address. It's a *feature*.

Email is broken by design.

Re:Why (1)

Stellian (673475) | more than 6 years ago | (#23102032)

If my email address is bob@example.com, the only machine that should be allowed to send mail proclaiming to be from example.com is example.com
Never heard of mailing lists have you ?

UN Solution? (1)

Cathbard (954906) | more than 6 years ago | (#23100636)

This issue is indeed becoming a major problem, my spam folder always holds more email than my inbox by an order of magnitude and sometimes important emails get missed because they incorrectly get filtered as spam.

The australian govt outlawed spam here but only when the spam is directed towards other australians (the govt then issued their own spam the next day but that's another story of it's own). This of course doesn't help at all, now australian isp's only host spammers that ply their filthy trade overseas. No help at all.

Surely it's time that the UN passed a resolution to outlaw spam across the board. They pass resolutions for far less important things than this. How much energy and resources are expended on spam? Surely this contributes to the pollution of the planet enough to warrant action? It certainly degrades the efficiency of international communications. Iirc there was a paper tabled at the UN but nothing has come of it. Perhaps somebody knows more about this?

Simple but no one will do it (2, Insightful)

zymano (581466) | more than 6 years ago | (#23100794)

Find IP and shut it down.

This is the problem with decentralized control.

Isp's are part to blame.

The Email Universe has failed. (1)

zibix (654122) | more than 6 years ago | (#23100862)

It's really time for someone to create a new system for exchanging online communications. Honestly, I'm just tired of spending my time with spam. I would like to track down people that have wasted literally hundreds of hours of my time and beat the shit out of them. How about the death penalty for hardcore spammers?

Found or created? (0)

Anonymous Coward | more than 6 years ago | (#23101004)

The headline says a site is found every three seconds. The story says a site is created every three seconds. Which is it, sloppy copy editors?

I use Gmail (1)

Arancaytar (966377) | more than 6 years ago | (#23101308)

What is this "spam"? :P

I mean, sure, I get a few per week in my Inbox, but that's hardly the problem it used to be with my former accounts. I've stopped using those and forward them to the Gmail account now.

Don't know how to ged rid of spam (1)

gokalp (686689) | more than 6 years ago | (#23101494)

I live in Turkey. There's a boom in broadband internet access lately and that's the main cause that we're listed in the top 3. People buy broadband but don't know how to secure their computers and that's why most of the systems are taken by spam bots and so. Also the corporates, even they make investment on the subject, they're spreading the spam because of poor management of their security stuff. I think we'll hang there for a while till we learn how to protect our systems.
--
http://www.antispam.gen.tr/ [antispam.gen.tr]

No solutions to spam? (1)

olman (127310) | more than 6 years ago | (#23101916)

Come on guys, you're being lazy! I haven't seen one decent "perfect" solution to spam attached to this story yet!

My own solution still stands - The parasite will eventually destroy the host at which point "huge investment to existing SMTP infra" becomes dodgy enough that it will be replaced by something else.

Hard to see how you can stop zombie-nets, thought. Even if you had some super-duper cryptographic challenge system in place, spammers can throw 100k botnet at that which can do whatever the legitimate user could do.

I'm also disappointed nobody has trotted up the dead horse "stop buying from spammers"-argument. Revenue stream isn't from people to spammers, it's from spammers to organized crime maintaining the botnets. Botnet hosters don't give a toss if the spammer makes money on their â99.95 email marketing starter kit, there's a get-rich-quick loser born every minute.

OK, I suppose spammers with quasi-legit product such as pharma-spammers may actually do some business.

Do the numbers mean anything? (2, Insightful)

ocbwilg (259828) | more than 6 years ago | (#23102048)

First, let me say that I hate spam. I understand that in most cases it's annoying. I also understand that in most cases it's sent via illegal access to unwitting people's computers, and that there is no doubt a real cost associated with the amount of bandwidth that it consumes. I understand that in most cases the products that it advertises are scams.

But I have to wonder, how does that statistic that 92.3% of all email sent is spam relate to the rate of junk mail sent via snail mail? I don't know about you, but I'd say that 90% or more of the mail that comes to my home is junk mail, so I'm not sure that the spam statistic is all that surprising. This may just be the expected signal/noise ratio.

So .... ? (0)

Anonymous Coward | more than 6 years ago | (#23102340)

What's your point?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>