Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Malicious Spam Jumps To 3B Messages Per Day

kdawson posted more than 4 years ago | from the with-a-b dept.

Botnet 211

Trailrunner7 writes "Last year saw a monstrous increase in the volume of malicious spam, according to a new report (PDF). In the second half of 2009, the number of spam messages sent per day skyrocketed from 600 million to three billion, according to new research. For some time now, spam has been accounting for 90 or more percent of all email messages. But the volume of spam had been relatively steady in the last couple of years. Now, the emergence of several large-scale botnets, including Zeus and Koobface, has led to an enormous spike in the volume of spam."

cancel ×

211 comments

Sorry! There are no comments related to the filter you selected.

Enough about malicious spam (5, Funny)

Anonymous Coward | more than 4 years ago | (#31159178)

What about delicious spam?

Re:Enough about malicious spam (3, Funny)

Tsar (536185) | more than 4 years ago | (#31159700)

And that's just the malicious spam! It doesn't count the dozens of helpful, well-meaning, altruistic spams I get every day from good people who care about whether I have enough hair, or I'm paying too much for prescription drugs, or my wife is completely satisfied. Bless all their hearts!

Oh, did you mean del.icio.us [blogspot.com] spam? No, I didn't think so.

Re:Enough about malicious spam (3, Funny)

interkin3tic (1469267) | more than 4 years ago | (#31159950)

What about delicious spam?

What about it? It's slightly less fictional than unicorn bacon?

Re:Enough about malicious spam (1)

trodofor (1002830) | more than 4 years ago | (#31160070)

What about delicious spam?

I think that's an oxymoron.

Re:Enough about malicious spam (0)

Anonymous Coward | more than 4 years ago | (#31161034)

Mmmm, love me some yummy oxymoron, especially with a bit of delicious spam fried and served on the side with room temperature mayo.

Re:Enough about malicious spam (1)

datapharmer (1099455) | more than 4 years ago | (#31161046)

Clearly you haven't had it mixed with vienna sausages and anchovies. yum!

Out of curiosity... (0)

Anonymous Coward | more than 4 years ago | (#31159194)

Why can't ISP's detect large numbers of messages suddenly going to a vast array of e-mail address and shut it down?

Nobody normally does that; seems like it should be easy behavior to detect and stamp out algorithmically.

Re:Out of curiosity... (3, Insightful)

XanC (644172) | more than 4 years ago | (#31159320)

I'd rather have my ISP not be in the business of picking through my traffic and deciding what's "good" and what's "evil". Who I talk to over my connection is my business.

Re:Out of curiosity... (4, Interesting)

jfengel (409917) | more than 4 years ago | (#31160726)

But it's my business to pay my ISP to funnel the bytes sent to me. If the bytes coming from your ISP are frequently evil, I'd fully support my ISP in blacklisting you, especially if it saves me money or increases my bandwidth.

So if your ISP decides to cut yours off unless they impose some sort of anti-bot policy, I'd be in favor. And I'm perfectly willing to have my ISP do the same to me if it's what's required to play nice with their neighbors.

If you want your ISP to be blind to your bits, and suffer the fact that they'll have to install more bandwidth and be potentially filtered (and lose customers for that, raising your prices further), be my guest. I'm willing to live with that minor invasion of privacy (cutting off obvious bots) in exchange for lower prices.

Re:Out of curiosity... (5, Interesting)

HungryHobo (1314109) | more than 4 years ago | (#31159322)

Because one person sending a mailshot to a hundred or so people looks a lot like a botnet.
One person mailing their CV to 200 companies can look a lot like a botnet.
One teenage girl telling everyone about a party can look a lot like a spammer.

Sure if the botnet isn't well written then it'll just blast spam out of every node 24/7 but the really good ones are going to try hard to evade detection.
Hell if you've got enough compromised PC's and you're organised as modern botnet herders are then you can collect a lot of good data on how regular users send email and make sure the nodes of your botnet avoid going far outside the curve.

Re:Out of curiosity... (1)

Megor1 (621918) | more than 4 years ago | (#31159376)

Botnets tend to send out directly from the PC instead of using the ISP mail server as most people don't tend to host their own SMTP server.

Re:Out of curiosity... (1)

sopssa (1498795) | more than 4 years ago | (#31159424)

Maybe in the year 1995. I'm pretty sure they can handle having a list of ISP's mail servers and use them now. Sending from a consumer line would be quite useless anyway because 99% of email services would directly block such emails.

Re:Out of curiosity... (2, Interesting)

SgtAaron (181674) | more than 4 years ago | (#31160252)

Maybe in the year 1995. I'm pretty sure they can handle having a list of ISP's mail servers and use them now. Sending from a consumer line would be quite useless anyway because 99% of email services would directly block such emails.

It may be nearly useless. That doesn't mean that botnets aren't sending email direct-to-MX. These hosts have connected to our incoming MX's in just the last couple of minutes, and I'd say it's a small sample :) But, nearly all of these connections get pretty high scores from spamassassin, and users generally don't see the resulting spam.

129-219-159-242.nat.asu.edu
s0106001d60d07529.lb.shawcable.net
79.103.93.54.dsl.dyn.forthnet.gr
adsl-074-251-208-007.sip.tys.bellsouth.net
87-205-77-134.adsl.inetia.pl
77-56-149-16.dclient.hispeed.ch
cpe-065-190-194-031.nc.res.rr.com
cablelink-173-211-215.cpe.intercable.net
host-89-231-69-81.plock.mm.pl

... and the list goes on. Hmm, we're getting a LOT of smtp connections from botnetted windoze computers nowadays...

Re:Out of curiosity... (0)

Anonymous Coward | more than 4 years ago | (#31160546)

Sadly, the real world does not work the way you expect it to.

Re:Out of curiosity... (1)

Qzukk (229616) | more than 4 years ago | (#31161226)

Sadly, the real world does not work the way you expect it to.

Sadly? More like fortunately, since the botnets' internal SMTP engines typically suck and are often foiled by techniques like greylisting and blocking mail sent directly from dynamic IPs.

If they bothered to read the user's Outlook config and use that to send mail we'd be in a whole heap of trouble.

Re:Out of curiosity... (1)

HungryHobo (1314109) | more than 4 years ago | (#31159472)

why wouldn't they use the users accounts?
Botnets grab logins for hundreds of thousands of legit email accounts, hell they can even use the users own SSL connection to send the emails when they log in to their email.
Whatever way users send normal mail the bots can emulate them.

Re:Out of curiosity... (1)

interkin3tic (1469267) | more than 4 years ago | (#31159968)

One teenage girl telling everyone about a party can look a lot like a spammer.

And what would be so bad about ISPs blocking that???

Re:Out of curiosity... (0)

Anonymous Coward | more than 4 years ago | (#31160100)

You're a moron.

Re:Out of curiosity... (1)

insufflate10mg (1711356) | more than 4 years ago | (#31160294)

He's just salty because he wasn't invited.

Re:Out of curiosity... (1)

pclminion (145572) | more than 4 years ago | (#31160238)

Yeah, well, if it quacks like a duck...

Seriously, if you are trying to communicate with hundreds of people, there are technologies meant for that. Email isn't one of them.

Re:Out of curiosity... (1)

Dishevel (1105119) | more than 4 years ago | (#31160452)

Seriously, if you are trying to communicate with hundreds of people, there are technologies meant for that. Email isn't one of them.

Yes it is. I would argue my point with you but I really do not need to. Everyone here can see that your statement is Wrong.

Re:Out of curiosity... (1)

aztracker1 (702135) | more than 4 years ago | (#31160650)

I'd be happy if more of the bigger mail services recognized my mail server for my hobby site's user signups as non-spam. Despite the fact the MX on record is the sending server, and the domain for the MX has been up for a while. I've in the past year retired the use of my company's domain name, and revised my hobby site to use a newer domain. Just the same, this has been over the course of a year, not all at once.

Re:Out of curiosity... (1)

Kardos (1348077) | more than 4 years ago | (#31161002)

Hell if you've got enough compromised PC's and you're organised as modern botnet herders are then you can collect a lot of good data on how regular users send email and make sure the nodes of your botnet avoid going far outside the curve.

That, or the herders adjust their botnet so the behavior of each node is such that it *becomes* the curve...

Re:Out of curiosity... (1, Insightful)

Jeng (926980) | more than 4 years ago | (#31159458)

Although I think very low of the morality of those who do this for a living, but at times you really have to respect their skills.

This isn't just like running an email service for a fortune 500 company, its more like running a black ops email service for a fortune 500 company.

Every aspect of the operation is ran over with a fine tooth comb for discretion. Not too many from each node, sending out the spam messages at a low rate, redundancy, resource management, payroll. This cannot be easy.

Too bad these people are going with a life of crime, with their potential I would think they could do very well in legitimate work.

Re:Out of curiosity... (1)

MichaelSmith (789609) | more than 4 years ago | (#31160778)

I bet their work is more enjoyable and interesting than mine, over all.

Re:Out of curiosity... (2, Insightful)

HTH NE1 (675604) | more than 4 years ago | (#31159818)

Why can't ISP's detect large numbers of messages suddenly going to a vast array of e-mail address and shut it down?

  1. The messages aren't identical
  2. The messages don't originate from just one machine but from botnet zombies scattered all over the net with distributed command and control with multiple contingencies for regaining control
  3. The messages don't end up at just one mail host
  4. By the time it's detected the damage is already done
  5. Anyone who does detect it isn't in a position to stop it from happening again

Basically what you're suggesting boils down to throttling the entire Internet so that it can't handle the capacity of spamming, which will make it useless for any e-mail delivery. You might as well just kill e-mail.

Re:Out of curiosity... (1)

postbigbang (761081) | more than 4 years ago | (#31159940)

Add to this the fact that when you do report phish, 419, or malware spam, the ISPs snooze over the report for days until finally doing something about it-- and sometimes they never do anything at all. Some mail hosters don't even have abuse accounts to report to.

Re:Out of curiosity... (1)

datapharmer (1099455) | more than 4 years ago | (#31161186)

True. I tried reporting a troublesome IP to comcast and their email address bounced as non-existent. I'm pretty sure they are supposed to keep those whois records up to date if they want to keep their domain, but hey, who follows the tld rules anymore? PS you can contact me at by sending mail to:
Proxy Domain nonsense
0 Null-ville Drive
DROP TABLE `%`, IN 12345

Re:Out of curiosity... (0)

Anonymous Coward | more than 4 years ago | (#31161166)

Original poster here, maybe I should elaborate.

Why don't ISPs providing service to home users require outgoing SMTP to pass through the ISP mailserver (firewalling port 25) and flag/block extreme usage so that their customers' virus infected machines don't spew further garbage into the Internet?

In the very rare case where a customer needs to run a mailing list or the like, allow them to change their thresholds in their user profile. For those who don't intend to send hundreds of thousands of messages, it might actually be of some benefit to them to shut down the spigot and send them a warning that their computer's infected.

I don't want to throttle the whole Internet, just implement some form of rationality test on mail output at the ISP level.

Re:Out of curiosity... (0)

Anonymous Coward | more than 4 years ago | (#31160754)

Gmail works flawlessly. I haven't seen spam in years and because it's never accidentally flagged a real message, I've made a filter that automatically deletes any spam instead of filling up a spam folder that I'll never check.

If ISPs and other email providers can't provide the same level of service, then they suck.

Users get spammed (0)

Anonymous Coward | more than 4 years ago | (#31159202)

1. Lusers get spammed by e-mail
2. Lusers migrate to facebook
3. Lusers, get infected with koobface on facebook
4. Lusers spam everyone by e-mail

Re:Users get spammed (4, Funny)

ae1294 (1547521) | more than 4 years ago | (#31159258)

I can't compile what you're trying to say without the ??? and Profit! directives.

Thanks Largely To The Prevalance Of (-1, Troll)

Anonymous Coward | more than 4 years ago | (#31159226)

Windoze [microsoft.com] .

Yours In Minsk,
K. Trout

Re:Thanks Largely To The Prevalance Of (0)

Anonymous Coward | more than 4 years ago | (#31159286)

Not Windows, but stupid people [wikipedia.org] .

Yours on Slashdot,
AC

Re:Thanks Largely To The Prevalance Of (1)

insufflate10mg (1711356) | more than 4 years ago | (#31160352)

The ignorance of your post is incredible.

Re:Thanks Largely To The Prevalance Of (0)

Anonymous Coward | more than 4 years ago | (#31160168)

You're not the real Kilgore Trout, faggot.

Re:Thanks Largely To The Prevalance Of (2, Insightful)

icebike (68054) | more than 4 years ago | (#31160596)

Why is this modded troll?

Seriously people, bot nets are virtually 100% windows machines, not because windows is popular, simply because windows is so EASY to subvert.

Nothing has improved or changed in this fact since spam started to be a serious problem.

Re:Thanks Largely To The Prevalance Of (1)

sopssa (1498795) | more than 4 years ago | (#31161240)

If any other OS was the popular one instead, the problem would be exactly the same there. Remember that you don't even need to obtain root to send spam. The "but you only download software from your distros repo!" wouldn't be so either because people want to buy games, applications and install all kind of shareware/freeware, and that just wouldn't be possible with a single distro that would have strict rules on what apps are there (and no, messing with yum config files and cert's isn't an option with casual people either).

Conflict of Content (1)

Dripdry (1062282) | more than 4 years ago | (#31159236)

So, if we try and hold ISPs or telecoms liable for what moves over their wires, they would have to hunt down the spammers as well as the pirates? What an awkward position to be in, especially when a big revenue stream is at stake.
Yeah, I didn't RTFA.

Also, what percentage of email is 3 billion, anyway?

Re:Conflict of Content (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#31159330)

So, if we try and hold ISPs or telecoms liable for what moves over their wires

That is a can of worms you do NOT want to open.

Wait no, not a can of worms, that is Pandora's Box.

Re:Conflict of Content (1)

AndrewNeo (979708) | more than 4 years ago | (#31159576)

Can we compromise and call it Pandora's Can of Worms?

Re:Conflict of Content (1)

Red Flayer (890720) | more than 4 years ago | (#31159932)

Far better is "Pandora's Wormy Can".

Because the visuals associated with the term are so much more... disturbing.

Re:Conflict of Content (1)

Volante3192 (953645) | more than 4 years ago | (#31159678)

Or a can of peanut brittle with those compressed snakes

Oh really? (5, Insightful)

B5_geek (638928) | more than 4 years ago | (#31159238)

And I still see less then 1 per month in my Inbox.
_THIS_ is the price I am willing to pay to allow Google to filter my email.

Re:Oh really? (1, Interesting)

sopssa (1498795) | more than 4 years ago | (#31159366)

Considering the world soon has a population of 7 billion people, on which 1.7 billion people use the internet [internetworldstats.com] and usually people have several email addresses, it means it's still probably like 0.1-0.2 spam messages per day per person. Add filters to that which caught most of the spam and the 3 billion per day isn't actually that large number.

Re:Oh really? (4, Informative)

martinbogo (468553) | more than 4 years ago | (#31160158)

Until you take into account that the total number of legitimate emails is between 100 and 300 million messages per day. Spam messages make up over 90% of the total stream, and that means untold amount of wasted bandwidth, processing time, and frankly wasted time on code needed to combat the issue.

Re:Oh really? (1)

49152 (690909) | more than 4 years ago | (#31159422)

I see about the same amount. Some times it goes months with no spam then I get two or three in a week. I reckon the spammers are constantly adjusting their techniques to try to get through the filters.

We are a small company running our own email server. Ubuntu Server with Postfix, spamassasin and all the trimmings.

I redirect all spam to an imap account I set up for the purpose, just in case we need to get hold of some blocked message. The last two years this has not been necessary. But I browse through this mailbox once in a while out of curiosity. The amount of spam it blocks is just staggering!

The price we pay is close to zero, the same box handles all other kind of stuff too and I spend perhaps half an hour every other week to check if any updated packages or security fixes need installing. It practically manages it self.

Re:Oh really? (0)

Anonymous Coward | more than 4 years ago | (#31159536)

That's not the point! The point is waste. There should not be this amount of email traffic that is clogging the infrastructure -- reducing not only bandwidth but also raising latency in the process.

When I check gmail and I see 1000 spam message but my Inbox remains clean, that is still a failure!

Re:Oh really? (2, Insightful)

Jugalator (259273) | more than 4 years ago | (#31159550)

And I still see less then 1 per month in my Inbox.
_THIS_ is the price I am willing to pay to allow Google to filter my email.

Hear, hear. I was very surprised when I recently checked my spam volume. That is, in my Gmail *spam* box, not inbox. The inbox is usually clear of it, but the surprising part was that I had around a third to a fourth of my former spam volume a few years ago! I used to have to have 1.5 pages of spam per day before, now you have around 0.5 pages of daily spam in the spambox.

I'm not sure what Google did if this article is true... Maybe they are so sure of that it's spam, that it doesn't even end up in the spam box? Because, as for my mail address, when it ends up in a register, I don't see why spammers would later remove it. It obviously receives the spam since the mail server doesn't return an error...

Or maybe it's what I heard being rumored once - that certain spam networks avoid Gmail to save costs, because it's so inefficient to spam those mail boxes.

Re:Oh really? (1)

rtaylor (70602) | more than 4 years ago | (#31159680)

Maybe they are so sure of that it's spam, that it doesn't even end up in the spam box?

That's it. Most spam is rejected without telling you about it, possibly even before it gets delivered to the mail server. The spam folder gets the questionable stuff.

Re:Oh really? (1)

msclrhd (1211086) | more than 4 years ago | (#31160332)

I like Gmail for many reasons, one of which is their awesome spam filter. I get only one or two mis-categorised email every couple of weeks, the rest goes to the spam box. Couple that with the coloured labels & filters, and spam/not spam is very easy to identify.

Hotmail on the other hand is terrible. Ages ago when I was using Hotmail, I ended up with the majority of my inbox being spam so I gave up and tried Gmail. I don't know how good Hotmail is at the moment (or others like YahooMail).

Re:Oh really? (1)

oodaloop (1229816) | more than 4 years ago | (#31159588)

Your sig is deliciously ironic, no?

Re:Oh really? (1)

maxume (22995) | more than 4 years ago | (#31159722)

They Can See His Grocery List And That Stupid Forward From His Mother-In-Law.

Alert. Alert. Alert.

Re:Oh really? (1)

bondjamesbond (99019) | more than 4 years ago | (#31159624)

Ditto with my using Appriver for my company.

Re:Oh really? (2, Interesting)

squisher (212661) | more than 4 years ago | (#31159814)

And I still see less then 1 per month in my Inbox.
_THIS_ is the price I am willing to pay to allow Google to filter my email.

I do agree that gmail's spam filter does not let much through, in truth, it is way too aggressive. Are you subscribed to mailing lists? Often it'll just tag some random message as spam. I've had various things end up in spam over the years, and really wonder how many landed in there that I never noticed (who checks their spam folder every couple of days?).

Recently I got very upset because I tried to sell something on craigslist, and sure enough, an offer ended up in spam. Of course I didn't check until a couple of days later, and by then the person wasn't interested any more. Since I'm going to start job hunting soon, I can't really afford the uncertainty the gmail spam filter introduces, and plan on moving my email elsewhere.

Seriously. (4, Interesting)

aussersterne (212916) | more than 4 years ago | (#31159854)

SPAM was the absolute bane of my existence (I have several very public email addresses that have to remain that way) until the day I finally (at at the time reluctantly) decided to run all of my mail through Gmail accounts, without exception. I had used block lists, several ISP-based filters, spamassassin post-POP3 on my own local net, and a bunch of filters, and it was eating hours a day of attending to SPAM (new filters, fixing filters, marking as spam, marking as ham) and so many CPU cycles that a dedicated box couldn't keep up. Not to mention that due to the processing overhead of all that filtering, when someone did send me a message and told me so, I'd have to tell them "I'll get it in ten to fifteen minutes." And all for a few (three, really) email queues that belong to one person and a couple assistants?

Now I forget that SPAM exists, and my email comes in more or less instantly.

For a decade now, Google has more or less singlehandedly kept the internet usable.

Re:Oh really? (1)

martin-boundary (547041) | more than 4 years ago | (#31159872)

_THIS_ is the price I am willing to pay to allow Google to filter my email.

Then you're a fool. Use a personal Bayesian filter, and you'll get that same kind of accuracy without the privacy pricetag. You can find a bunch of them on freshmeat.

Want to See Spam? (2, Interesting)

Petersko (564140) | more than 4 years ago | (#31159240)

Subscribe to one free daily naked chick mailing list. Imagine how much of that spam is about porn! There are probably more porn emails sent out every week than there are people on the planet.

I keep three email accounts. One I give out for things - registrations, contests, all that stuff. One I give out to friends and family. The third just quietly sits there empty. I check it periodically anyway and it makes me happy when no mail is found.

Re:Want to See Spam? (1)

characterZer0 (138196) | more than 4 years ago | (#31159406)

I check it periodically anyway and it makes me happy when no mail is found.

I check my toothbrush holder periodically and it makes me happy when no mail is found in it. Assuming you brush your teeth every day, you should try it - it is quicker than checking an email account.

Re:Want to See Spam? (1)

StuartHankins (1020819) | more than 4 years ago | (#31159408)

I have my own domain. I have only 4 "real" accounts and give a different account for everyone that needs an email address. My catch-all account sees all the stuff, and I trust SpamAssassin results. Very very little spam gets to me, and when it does I know which company gave out my email address.

Cheap and easy to setup, and I don't rely on any third party's free email services (which seem to come with their own supplies of spam and losses of privacy).

Re:Want to See Spam? (1)

The MAZZTer (911996) | more than 4 years ago | (#31159490)

I used to have my main e-mail account be catch-all but quickly discovered spammers like guessing random addresses at any registered domain so I turned it off.

Re:Want to See Spam? (3, Interesting)

sopssa (1498795) | more than 4 years ago | (#31159564)

That's why its best to use the middle way. Have own domain and some way to quickly create a new address on it (even if they all go to same mailbox). Always use a new address for different sites and purposes. That way if one of them starts to get problems with spam, you know who sold your address and can easily disable it.

Re:Want to See Spam? (1)

svallarian (43156) | more than 4 years ago | (#31160248)

this works too..

yourname+slashdot.yourdomain.com

this even works with gmail!

Re:Want to See Spam? (1)

MobyDisk (75490) | more than 4 years ago | (#31160774)

Yeah, but that trick is so common I can't imagine spammers haven't figured out how to chop off everything after the + sign and get to your main account.

Re:Want to See Spam? (1)

gilgongo (57446) | more than 4 years ago | (#31161262)

That's why its best to use the middle way. Have own domain and some way to quickly create a new address on it (even if they all go to same mailbox). Always use a new address for different sites and purposes. That way if one of them starts to get problems with spam, you know who sold your address and can easily disable it.

Yeah - trouble with that is you then get wildcard spam. Once the bots realise your mail server will accept anything on your domain - boosh - 10,000% permanent increase. This means that disabling one address reduces the onslaughts by an amount vanishingly close to zero.

Re:Want to See Spam? (1)

Foolicious (895952) | more than 4 years ago | (#31160600)

I have my own domain, too. I also have an ISP that's funny about ports. Sure, I could drop them for such restrictions. But my other choice is dial-up.

Re:Want to See Spam? (1)

Alwin Henseler (640539) | more than 4 years ago | (#31159450)

Subscribe to one free daily naked chick mailing list. Imagine how much of that spam is about porn! There are probably more porn emails sent out every week than there are people on the planet.

If you subscribe to such a mailing list, then what you're getting from them isn't spam (because you asked for it). Only other, uninvited e-mail is spam.

Also, I don't know what network you're on. Spam I get is mostly for the famous blue pills & co, fake watches, and the occassional silly 419 / phishing attempt or "get your degree now!" bullshit. Porn spam? What on earth are you talking about?

Re:Want to See Spam? (1)

Petersko (564140) | more than 4 years ago | (#31159526)

"If you subscribe to such a mailing list, then what you're getting from them isn't spam (because you asked for it). Only other, uninvited e-mail is spam. Also, I don't know what network you're on. Spam I get is mostly for the famous blue pills & co, fake watches, and the occassional silly 419 / phishing attempt or "get your degree now!" bullshit. Porn spam? What on earth are you talking about?"

If your email gets on their radar (a mailing list would work) you'll suddenly start receiving a whole lot of email from all sorts of people and sites who want to sell you porn. Isn't that porn spam?

Re:Want to See Spam? (1)

stimpleton (732392) | more than 4 years ago | (#31159528)

"I keep three email accounts....."

My "third email" is a gmail and is for my one weakness in life: big breast websites(subscription based).

Oddly, I get no spam. I do get the odd newsletter and update "notices". What I also get is the occassional promotion from old sites I subscribed to, which I do like to get.

How Gmail manages to work out what I want and do not want, and gets it right is either very clever or very chilling.

Re:Want to See Spam? (3, Funny)

rtaylor (70602) | more than 4 years ago | (#31159708)

How Gmail manages to work out what I want and do not want, and gets it right is either very clever or very chilling.

Google has no way to know what you want. Instead, they focus on making you want what they give you.

Seems to work well enough.

Let me be the first to say (0)

Anonymous Coward | more than 4 years ago | (#31159244)

Thanks Mr. Bill Gates.

charge for email (1)

zaax (637433) | more than 4 years ago | (#31159278)

1c each, first 30 per day free. It would stop all spam dead

Re:charge for email (0)

sopssa (1498795) | more than 4 years ago | (#31159506)

Your post advocates a

( ) technical ( ) legislative (x) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
(x) Microsoft will not put up with it
( ) The police will not put up with it, anywhere other than Russia
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(x) Asshats
(x) Jurisdictional problems
(x) Unpopularity of weird new taxes
(x) Public reluctance to accept weird new forms of money
(x) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
(x) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(x) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
(x) Outlook

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(x) Countermeasures must work if phased in gradually
(x) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(x) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, asshole! I'm going to find out where you live and burn your house down!

Re:charge for email (2, Informative)

smallfries (601545) | more than 4 years ago | (#31159738)

If you're going to use the check-list then at least fill it out right:
(x) No one will be able to find the guy or collect the money
( ) Microsoft will not put up with it

Bill actually suggested this a couple of years ago.

Re:charge for email (1)

compro01 (777531) | more than 4 years ago | (#31159524)

Yes, I am sure the botnet herders will be happy to send you a cheque.

Re:charge for email (3, Insightful)

harp2812 (891875) | more than 4 years ago | (#31159552)

Let me know when you find a reliable way to...
a) Charge for email
b) Prevent unpaid mail from being sent
c) Prevent botnets from sending 30 free messages then stopping for the day
d) Prevent botnets from sending a ton of paid messages using financial info on the host computer
e) Prevent spammers from setting up a mail server that charges for messages, repeating d) and then collecting all the money.

etc, ad nauseum.

Re:charge for email (1)

JustNilt (984644) | more than 4 years ago | (#31160034)

Not to mention much of the corporate world's communications. This is one of those "looks good on paper" things.

Correct title should be that they saw 3 billion (1)

Megor1 (621918) | more than 4 years ago | (#31159344)

3 billion spam is a drop in the bucket of the daily spam volumes seen worldwide, there has not been a global increase of spam volumes in the last year of that magnitude (Or really much at all).

Ya know (3, Interesting)

Stan92057 (737634) | more than 4 years ago | (#31159426)

Ya know,until they start going after the people who hire the spammers nothing is going to change. Some businessperson is responsible for our spam not the spammer. Where and how is this Viagra getting into our country?Where are all the watches being made? and so on. Someone is paying theses spammers,get them. PS: Yes i know its not easy to catch them,but if we can send and control robots from earth on mars it CAN be done.

Maybe ISP should do something about it? (0)

Anonymous Coward | more than 4 years ago | (#31159484)

I'm sure someone will post the standard reply to this comment but here it goes:
What if ISPs blocked ports and prevented everyone and his dog from running a mail server by default? (I can already hear the outcry from everyone running his own) - though as with DNS redirections this could be turned off by logging in to your profile (at your ISPs home page)? At least we'd get rid of all the crap coming from bot nets.

Re:Maybe ISP should do something about it? (1)

Virtucon (127420) | more than 4 years ago | (#31160126)

Do you want ISPs in the business of Policing traffic? This is a multi-faceted problem and it needs multiple avenues to solve it. Blocking Spam traffic is one thing, filters are another. It does need to get blocked from the source. That of course will get fixed when Windows has no further BSODs.

Re:Maybe ISP should do something about it? (1)

compro01 (777531) | more than 4 years ago | (#31161182)

A lot of ISPs already block port 25, what else do you want?

Botnet upgrades? (1)

Alwin Henseler (640539) | more than 4 years ago | (#31159548)

FTA: "The spamming botnets are constantly in flux, waxing and waning, morphing, becoming obsolete, being replaced, taken down, and upgraded."

Read: replace dual-core bots with quad-core ones.

You just won the lottery, click here (0, Troll)

Geert Jalink (1738722) | more than 4 years ago | (#31159598)

Just joking.

I have said this before... (1)

hesaigo999ca (786966) | more than 4 years ago | (#31159682)

If we incorporate a pay per email scheme, with an email costing anywhere from 1/2 to 1 cent per email....with a cap being set by the government so you don't get screwed over by the ISP, not only would it be beneficial for the ISP, as less bandwidth because less spam, but also, people infected would be aware that they are infected if not by the first bill, then by the second billing.

I am aware of my downloads next bill, cause i see the extra bandwith used, but i don't see the emails sent.
If i get charged on the side, and see 1 million emails, but a cap of 20$ (let's say), then you bet your *ss I will clean my pc, and
get myself organized not to get billed for that again. People that spend no time monitoring their system have no clue, unless someone points it out for them.

By forcing a pay per email, you also make sure to have paper trails, and someone has to pay for that..eventually as the botnets die out, the spammers will have to charge more for the less they are making, or it will not be worthwhile for them, and the spam kings will slowly go out of business. Right now, they incorporate the pricing into what they charge their clients, but if you raise the cost because now legit spammers have to pay per email, you will get clients investing elsewhere for their marketing.

Re:I have said this before... (1)

sopssa (1498795) | more than 4 years ago | (#31159820)

And what about all the legit mailing lists? Or slashdot that sends an email when someone answers to your comment. Or newsletters and so on..

Pay per email is not going to work and no one is going to put up with it.

Re:I have said this before... (1)

vlm (69642) | more than 4 years ago | (#31159878)

If we incorporate a pay per email scheme, with an email costing anywhere from 1/2 to 1 cent per email

I get more paper spam in my mailbox, than email spam that slips past spamassassin.

So... if capital one sent me two credit card offers per week, for several years, and each cost at least 50 cents to print and post, that one CC company is spending $50/yr trying to win my business... but charging 1 cent per email will stop spam?

I get coupon magazines that I toss out. For over a decade, when I get a phone book, I toss it out. I get endless catalogs. All of which cost several orders of magnitude more than one cent.

Also if there's one thing the cellphone and landline business has shown, its impossible to bill in units below about one cent (per minute) or below about $20 per total bill. They will have to charge WAY more than one cent, just to recover the costs of the billing infrastructure.

Re:I have said this before... (2, Funny)

HungryHobo (1314109) | more than 4 years ago | (#31159976)

Your post advocates a

( ) technical (X) legislative (X) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
(X) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(X) Users of email will not put up with it
(X) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(X) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
(X) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
(X) Jurisdictional problems
(X) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(X) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
( ) Joe jobs and/or identity theft
(X) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
(X) Outlook

and the following philosophical objections may also apply:

(X) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
(X) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(X) Countermeasures must work if phased in gradually
(X) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(X) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!

 

Re:I have said this before... (1)

HungryHobo (1314109) | more than 4 years ago | (#31160068)

I was mistaken
( ) Microsoft will not put up with it

Too much thinking in hex. (5, Funny)

Anonymous Coward | more than 4 years ago | (#31159772)

Am I the only one who read this headline and thought, "59 messages a day isn't so bad?"

Formatting (0)

Anonymous Coward | more than 4 years ago | (#31159858)

The report is very well written and provides very interesting information, but whoever decided to use light grey on white should get his or her eyes poked out with a needle.

Where's your beloved filter now? (4, Insightful)

damn_registrars (1103043) | more than 4 years ago | (#31159994)

Yeah, we can see how much of a wonderful difference all those filtering programs that are on the market today are doing for the worldwide spamming problem. That is, no difference.

If you want to do something about the spamming problem, start looking beyond your own nose. Stop adjusting your filtering rules constantly. Pay attention to the cause of the problem - spam is an economic problem. Until something is done about the profit-motive (and the insane margins of profit) behind spam, the problem will only continue to grow.

Re:Where's your beloved filter now? (1)

Dmala (752610) | more than 4 years ago | (#31160816)

If you want to do something about the spamming problem, start looking beyond your own nose. Stop adjusting your filtering rules constantly. Pay attention to the cause of the problem - spam is an economic problem. Until something is done about the profit-motive (and the insane margins of profit) behind spam, the problem will only continue to grow.

Two problems with this idea. First, the people who actually buy stuff from spam can be difficult to identify. I think many of them know deep down that they are doing something exquisitely stupid and will deny it if asked. Second, even if we can identify these spam patrons, it is quite illegal in most places to bash their empty skulls in with a baseball bat. Barring some significant changes in legislation, I just don't see how the problem can be tackled from this end.

Spam Spam Spam Wonderful Spam (2, Funny)

Virtucon (127420) | more than 4 years ago | (#31160040)

- Monty Python

"Have you got anything without spam?"
"Well, there's SPAM, egg, sausage, and SPAM; that's not got much SPAM in it."

Therefore all SPAM should have eggs and sausage in it.

Is Viagra spam considered malicious? (1)

istartedi (132515) | more than 4 years ago | (#31160970)

The Viagra spams seem to be dominating my filter now. They don't even mangle the spelling any more! They just change the percent discount from spam-to-spam. Perhaps they change other things too but I don't know because I just "check all, delete". The rise in Viagra spam (no puns intended anywhere in this post) seems to have started about a month ago.

If Viagra spam isn't considered malicious, then I can't say I've noticed any increase in spam. Maybe they have malicious code attached; but like I said I don't open them...

Seems like incentive to rethink e-mail (3, Insightful)

LordArgon (1683588) | more than 4 years ago | (#31161044)

Given the estimation that 90% of e-mail was spam *before* a five-fold daily increase, why aren't more people/companies clamoring for a complete e-mail re-architecture? Improved filtering and new spam laws are just symptomatic fixes - the entire way we do e-mail needs to change.

The resources wasted and stolen by spam are staggering. Eventually the economic and political incentive to adopt better e-mail protocols has to kick in; I'm just surprised it hasn't yet.

Anybody read Daemon? (1)

arbiterveritas (1617099) | more than 4 years ago | (#31161078)

I find the way they handled the "spam problem" in the fictional book Daemon [thedaemon.com] quite perfect: "All spammers will die."

It's simple, straightforward, and is impossible to stop as it [the Daemon] operates outside the law. The first time the scenario is presented, four people are shot to death and that message is left amid the carnage. That happens a few dozen times over worldwide and you start to see a pattern even spammers will recognize...

Moral relativity aside, from a certain standpoint that tactic might actually work; there is nothing right now that scares spammers. Being found requires a significant amount of resources: tracing down the network, identifying a single point of control (if there is one,) identifying the person(s) attached to that system, etc. Botnets make the problem exponentially harder. Yet, we still can't really do anything about it and we have to dedicate entire careers to the act of reducing spam. There is something fundamentally wrong with that, I think.

there should be bounty to track down the spammer (1)

swframe (646356) | more than 4 years ago | (#31161150)

Everyone is paying to filter the spam but maybe ISPs should pay to find the spammers. At some (probably low) cost, you can induce people to find the spammers. After all, the spammer has to have a way to collect money from his/her targets. Also, I wish ISPs would find the people who respond to spam and give them email accounts at a site that the spammers can freely target. These people are the real cause of spam.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>