×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Spam Doubles, Finding New Ways to Deliver Itself

CmdrTaco posted more than 7 years ago | from the soul-crushing-never-ending dept.

Spam 486

An anonymous reader noted that the times is running a piece on the rise in spam that you might have noticed in your inbox over the last 6 months. Gates promised the end of spam by 2006, but they figure it's doubled in the last few months. And best of all, a huge percentage of spam is now images that circumvent traditional text analysis.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

486 comments

ban images? (1)

tomstdenis (446163) | more than 7 years ago | (#17128928)

I don't know why they don't just ban emails with stupid images anyways, or best yet just strip them out of the attachments. If I really want to share pictures I'll put them on a website or Flickr or something.

If Spammers knew that all of their lovely penny stock .gif puzzle emails were getting stripped of the .gif files, they'd stop sending them.

Tom

Re:ban images? (2, Insightful)

Anonymous Coward | more than 7 years ago | (#17128992)

Good for you. Personally I'd rather just email one or two images to the inlaws instead of dicking around with a web based system.

Now, dropping emails that contain images as inline attachments might be a good idea. As would droping any and all emails with a Content-Type of text/html.

Re:ban images? (4, Insightful)

Shakrai (717556) | more than 7 years ago | (#17129010)

Yeah, cuz it's not enough that I can no longer relay e-mail directly from my machine. It's not enough that I now have to have reverse DNS otherwise my e-mail gets rejected. It's not enough that e-mails that aren't SPAM get dropped/flagged. It's not enough that many e-mail providers drop useful attachments and scan so intrusively into them that I need to encrypt them if I want the e-mail delivered.

Let's take away yet more functionality due to spam! That's a great idea. Seriously, I hate SPAM but the zeal to stop it has ruined many useful features of SMTP.

Re:ban images? (3, Insightful)

tomstdenis (446163) | more than 7 years ago | (#17129308)

Why not use email for what it was meant for?

If clients weren't so friendly to "auto show" images this spam would never had existed.

I too send attachments to folks but usually only source files and/or patches (e.g. really small things).

I want my email client to read/write messages, not the "web". It's bad that HTML emails exist ...

Tom

Re:ban images? (1)

giorgiofr (887762) | more than 7 years ago | (#17129362)

Well if you don't mind, I'll do whatever I like on MY mail server - including dropping mail based on arbitrary criteria.

Re:ban images? (1)

sg3235 (589034) | more than 7 years ago | (#17129806)

And that's perfectly fine, so long as your mail server serves you. If you are willing to miss my message because it was sent from a machine with a dynamically assigned IP, that's your choice. What bothers me is when my provider wants to decide which emails I get or don't get.

Think about it for a minute. (1)

khasim (1285) | more than 7 years ago | (#17129366)

Yeah, cuz it's not enough that I can no longer relay e-mail directly from my machine.

Unless your ISP is blocking outgoing connections to port 25, sure you can. It's up to the recipient whether they want to accept that connection or not.

It's not enough that I now have to have reverse DNS otherwise my e-mail gets rejected.

Again, that's a choice made by the recipient.

It's not enough that e-mails that aren't SPAM get dropped/flagged.

Again, that's a choice made by the recipient.

It's not enough that many e-mail providers drop useful attachments and scan so intrusively into them that I need to encrypt them if I want the e-mail delivered.

Huh?

Let's take away yet more functionality due to spam!

None of the functionality is gone. It's, as always, up to the recipient to determine what characteristics s/he will reject on.

Seriously, I hate SPAM but the zeal to stop it has ruined many useful features of SMTP.

I see it differently. I see over a million spam zombies out there and a few people who don't understand the view from my position. From a business standpoint, the likelyhood of someone that looks like 99.9% of the spam zombies out sending me something important is less than 0.01%.

And if it is important, that person will most likely call when his/her email is rejected.

So for the cost of one phone call, we avoid over 1,000 spam messages. The reality is far better. I reject hundreds of thousands of connections a month. Yet I average less than one real problem a month. (I'm not counting the people who simply cannot spell someone's name which accounts for about 90% of the "errors" I see.)

Wrong. (4, Insightful)

aussersterne (212916) | more than 7 years ago | (#17129778)

It's not up to the recipient, it's up to the recipient's service provider; most recipients have no idea what is or isn't happening to their email before they get it.

And we have lost a tremendous amount of functionality due to SPAM. There was a time not so long ago when I could send to a family member: email with an attached photo, email with an attached document, email sent from my own PC and handled with my own SMTP daemon, email that was only two or three lines long, etc.

Now all of these are likely to be rejected. Even plain text email sent with a large subscription SMTP server is now getting blocked by some friends and family members' service providers simply because the domain of the address (my personal web domain) is not whitelisted and this hits the SPAM score where it hurts. A phone call is great... unless you were hoping to do one of the many useful things you used to be able to accomplish by sending attachments (i.e. send an article you're working on to a friend to have them read it and mark it up with revisions before sending it back).

So I suppose your answer is that we should all get an @gmail.com account, have to use it via the Web interface to send plain-text only email with zero attachments that's at least five but no more than twenty sentences long and doesn't use the words "sex," "free," or "mortgage."

Fine, but don't pretend that email hasn't lost a significant amount of functionality due to SPAM or that these restrictions are being imposed democratically by the consensus of common users. Functionality has indeed been lost and the decisions are made by admins at major email providers trying to save costs and manage the tremendous problem that SPAM has become.

The proper solution isn't to filter more. The proper solution is the death penalty for SPAMmers. I'm quite serious. We execute far too many blue collar criminals in this world and not nearly enough white collar ones. SPAMmers should be first among these.

Re:ban images? (1)

Anonymous Brave Guy (457657) | more than 7 years ago | (#17129496)

Let's take away yet more functionality due to spam!

HTML in e-mail was never standard functionality anyway. E-mail is a text medium, which has grown in some ways without growing the infrastructure to go with it.

What we have needed for a long time is e-mail 2.0: a proper, standardised protocol that deals with text messages including formatting, that is always encrypted, and that includes formal methods to authenticate the source (probably based on some sort of web of trust) and flag unwanted e-mail (to adjust that web).

Hey, a man can dream, can't he?

Re:ban images? (4, Interesting)

Shakrai (717556) | more than 7 years ago | (#17129620)

HTML in e-mail was never standard functionality anyway. E-mail is a text medium, which has grown in some ways without growing the infrastructure to go with it.

HTML e-mails annoy the hell out of me, mainly because for a long time I was quite content to use older e-mail clients that didn't support them. But that's not what I was lamenting.

I was lamenting how anti-spam measures have made e-mail less and less useful. It was drowned out by the righteous replies of "I'll do whatever I want with my mail server". You can do whatever you want with your own server. But I'm allowed to lament the fact that e-mail has become less and less useful.

It seems to me that there is no technological solution to this problem as long as it remains profitable to SPAM. Any technological solution is short lived (i.e: arms race) and will have at least some negative effect. Can't we take away the financial motivation to SPAM? Go after the companies whose products are being sold? The spammer may or may not be offshore or may or may not be using zombies but if that spam message is to be successful then it has to point me at a product. Go after that product!

That's probably naive of me and smarter people then I have attempted to solve this problem. Still, I miss the days when I could just put up an e-mail server and all it had to do was deliver messages to my users. It wasn't the servers job to care about what was in the message -- it was the clients.

Re:ban images? (3, Interesting)

aaronl (43811) | more than 7 years ago | (#17129686)

Unfortunately, if you go after the product the spam offers, then it turns into a vehicle to damage a third party. Now when someone doesn't like a company/product, they will pay to have a few millions spam messages sent out, and destroy their competition. Or they will threaten to do the same if said company doesn't pay a large amount of money.

This happens today with email viruses and botnet attacks, and don't think that it wouldn't happen if you attacked products advertised in spam.

Re:ban images? (2, Insightful)

Daniel Dvorkin (106857) | more than 7 years ago | (#17129026)

Who's "they," and how exactly is this ban going to be enforced?

If I really want to share pictures I'll put them on a website or Flickr or something.

At which point, we might as well go back to taking pictures on film and sending copies through the mail. [rolls eyes] Practically all the picture-sharing services are an enormous PITA, and not everyone wants to put up every picture they want to show someone on their personal site.

For corporate servers, I agree, the idea of a no-image-attachments policy makes a lot of sense. For personal use, it's not going to happen, nor should it.

Re:ban images? (-1, Flamebait)

tomstdenis (446163) | more than 7 years ago | (#17129390)

Your isp or server is who. I wish gmail had an option "reject all attachments with the following extensions". It'd save them disk space and cut down on spam. They already BAN emails with executable types in them, adding an addition for images probably isn't that much work. I'd make it optional for the images so the ignorant fucks of the world don't have a fit. At least it'd give me a bit of piece of mind.

Frankly if you can't figure out how to use Flickr or some other website, you probably should open your mind, pull the cord and get it going again. Thinking outside of high school isn't a sin. You don't have to be a complete fucking tool you're entire life you know.

tom

Re:ban images? (2, Insightful)

Daniel Dvorkin (106857) | more than 7 years ago | (#17129710)

Huh, so everyone who wants to send pictures through e-mail is either an "ignorant fuck," a high-school kid, or a "tool?" Ooookay. I'm not sure there's much point in continuing this discussion, but I'll give it another shot.

* The executable ban: another PITA, and one that's occasionally caused me real problems. Is it a good idea generally? Sure, but that's the problem with blanket policies that seem like "generally a good idea" -- when they fail, they fail badly.

* The "no images" option: this is a great idea. Would enough people turn it on to make it useful in stopping the flow of spam? Not a chance. And I guarantee you that any ISP which instituted a blanket ban on images would find itself bleeding customers they way people bleed from a severed artery.

* "Frankly if you can't figure out how ..." etc.: Can I figure out how to use Flickr et al.? Sure. Do I want to? No, because their interface sucks. I made my living designing database-driven web applications for seven years, and I can honestly say that by the time I left my last job to return to grad school, I and a team of three other people (count 'em: three) had created a web app that subsumed all the functionality of nearly every DB-driven site I've ever seen (er, with the exception of Google) and looked a hell of a lot better doing it. Making a site for the express purpose of allowing users to post pictures is easy, or at least it ought to be. There is no excuse for the shittiness of sites made for this purpose, or for other single-purpose apps. And there is no reason why I should put myself through the pain of dealing with that shittiness just to send someone a picture of my dog, ferchrissakes.

Destroying functionality is not the answer to the spam problem (or almost any problem, really.) People want the functionality -- that's why it's there in the first place. What we need to do is come up with solutions that work in the existing framework, or they aren't solutions at all.

Re:ban images? (1)

timtwobuck (833954) | more than 7 years ago | (#17129798)

Since when does wishing to receive images via e-mail make someone an ignorant fuck?

God forbid I have a medium in which I can quickly (sub 10 seconds) share an image with my friends without needing to login to a web-hosting service and upload an image.

Drop messages from home ISP's w/*.gif in them. (1)

khasim (1285) | more than 7 years ago | (#17129030)

Why even bother delivering the junk text?

If the message comes from a home ISP block, but not from that ISP's mail server(s), and contains a *.gif, then drop it.

The real home users will be using the ISP's server to send their email. There may be some exceptions to this, but it shouldn't be too difficult to deal with those on a case by case basis.

Of course, this is from a business perspective. We don't seem to receive a lot of legitimate business email *.gif's from home ISP blocks.

Re:Drop messages from home ISP's w/*.gif in them. (1)

MustardMan (52102) | more than 7 years ago | (#17129236)

Some exceptions? I know TONS of people who use their work laptops at home - most of these are using the work SMTP server. Automatically dropping all emails based on some arbitrary criteria is almost always a bad idea.

Re:Drop messages from home ISP's w/*.gif in them. (1)

Transdimentia (840912) | more than 7 years ago | (#17129324)

And I suppose their job actually entails composing emails with inline graphics in them?

You don't use authentication? (3, Insightful)

khasim (1285) | more than 7 years ago | (#17129430)

We have people who work from home. But I've set them up with email authentication. They can send anything, from anywhere, to anyone, providing that they have signed on with their username and password.

You do it differently?

Re:ban images? (1)

MyLongNickName (822545) | more than 7 years ago | (#17129054)

ban emails with stupid images anyways

Who is "they"? I already strip images from my home email. And html. And believe it or not, even Outlook's cheesy filtering system blocks 98% of my spam with very few false positives (and the false positives are generally my wife's goofy friends who send "fwd: fwd: fwd: fwd: fwd re:This is so cool you have to do it!!!!!!1!!!)

Re:ban images? (0)

Anonymous Coward | more than 7 years ago | (#17129080)

... and they'd start sending more spam emails without the .gif files. I guess what is convient for you (stripping out all attachments) is convenient for everyone. Except those people who just want to send some pictures of their kids to family members. Or people who have to send a file somewhere. Or someone like me who uses email to send files to myself in case I lose/break my usb drive and I need to get something while away from my main computer. People SHOULD be able to send emails with attachments, it is supposed to be convenient. Sure, I could send myself an email with a link to a website so I could download something, but it would be much more convenient if I could just email myself the file.

Re:ban images? (1)

pipatron (966506) | more than 7 years ago | (#17129288)

Or you could just zip/rar/tar/lha your files and attach to the email.

Re:ban images? (1)

ericlondaits (32714) | more than 7 years ago | (#17129502)

Most attachment filters already search inside compressed archives.

I suffer from this all the time, since I'm a developer of custom systems and many times I need to send back and forth executables, scripts (Javascript and such) and DLLs since the customers I work with have SMTP filtering.

Workarounds range from encrypted RAR files to using webmail services (not GMail, which also filters) or sending the attachment through YouSendIt.com.

Re:ban images? (1)

LoonyMike (917095) | more than 7 years ago | (#17129582)

AV scanners are no longer fooled that easily. Many of them already scan inside ZIP/RAR/etc. Also, if you rename an EXE file to something else, it might still be detected and dropped. If you password-protect the archive, that can also trigger the deletion.
In the end, what matters is the set of rules the admin chose to activate, the scanners already support a lot of criteria.

Re:ban images? (2, Informative)

Eagleartoo (849045) | more than 7 years ago | (#17129770)

Or you could just zip/rar/tar/lha your files and attach to the email.
Man you sound like a Karate Movie! =)

Re:ban images? No! (1)

Joce640k (829181) | more than 7 years ago | (#17129118)

Cmon', sending Images is essential.

I don't mind the stock spams so much. Every time I see one I just think of the morons who actually read spam losing their money - it brightens up my day!

Re:ban images? (1)

canuck57 (662392) | more than 7 years ago | (#17129222)

don't know why they don't just ban emails with stupid images anyways, or best yet just strip them out of the attachments. If I really want to share pictures I'll put them on a website or Flickr or something.

The answer is as simply as this.

With all the virus scanning and filtering it sells more servers. More servers is more money for M$.

Thus, don't fix it.

To show what I mean, in one environment I know they have sendmail running on 2 old 300MHz UNIX systems for 8 years relaying the mail for 10000 users. They just replaced them with Exchange 2003 - 3 quad proc Windows systems and they can't keep up and reliability dropped from 99.999 to maybe 90%. They are going back to UNIX.

Re:ban images? (1)

t0rc (788914) | more than 7 years ago | (#17129386)

Well Part of the problem with this image based spam is that it utilizes the component of an email which allows you to attach one of those nifty little logos in your email like so many people do. The nature of this image spam is rather interesting. they use a simple color pallete, which allows them to make the image large for the size of the file. The text is also changed so every time the image is a different size. Its very difficult to detect.

It is totally possible to block all embedded image based emails, but the issue is that you can potentailly block a lot of legitimate email from anyone who has a signature with an embedded image in their signature. When it comes down to it, an administrator most of the time does not have the authority to always block these types of messages because it may be coming from some potential profit source.. I.E, new customer, sales contact. If their managment finds out that they are losing money because the admin is blocking some emails, their head will be on the chopping block, so they let the messages through, and just let this spam through.

Most embedded image logos in sigs are small and decent file size. Frequently these large spams are lighter than the average logo, which makes this comparason moot. I think the best thing to do would be set an X Y limit on embedded images, where the spam scanner decodes the embedded image and determines how big it is, If its over the X Y limit set, then its purged.

Re:ban images? (1)

OldeTimeGeek (725417) | more than 7 years ago | (#17129442)

If I really want to share pictures I'll put them on a website or Flickr or something.

Great idea. Which means that I have to: (1) put them on Flickr, making them available to the entire planet - whether I want to or not or (2) put them on Flickr, make an account and then make everybody else deal with accounts and passwords or (3) create a web site to put them on and still have to deal with (1) or (2).

I think I'll just use snail mail.

These images are quite arty (1)

drx (123393) | more than 7 years ago | (#17129682)

I made a web site where you can vote for your favorite spam image in "am i hot or not" style ... http://www.winter2006.info/ [winter2006.info] ... the new winter collection arrived!

This spam waves are obviously not geared towards really changing something on the stock market. Who would follow tips in such trashy looking images? It looks already more like a sport or computer art. Maybe once the image generators running on botnets will generate really beautiful pictures.

Bill Gates promised ! (5, Funny)

Rastignac (1014569) | more than 7 years ago | (#17128944)

Gates promised the end of spam by 2006. He still has one month to succeed. It is still possible. I'm waiting. I really want to see that. Thanks, Bill.

Re:Bill Gates promised ! (2, Funny)

eln (21727) | more than 7 years ago | (#17129156)

You won't be saying that when Microsoft takes off and nukes the site from orbit in order to stop the spam.

After all, it's the only way to be sure.

Re:Bill Gates promised ! (1)

Jedi Alec (258881) | more than 7 years ago | (#17129432)

they'll just trigger the backdoor in Exchange. First they packet all other mailservers to death, then they commit digital suicide. Problem solved!

Picture spam (3, Interesting)

millwall (622730) | more than 7 years ago | (#17128978)

The picture spam not caught by the gmail spam filters that I receive all look very very similar. Randomly generated sentences with buzz words and a "picture text" haussing a certain stock.

I'm very surprised these all come through the gmail spam filter. By now it should be easy to identify them.

Re:Picture spam (3, Insightful)

anotherone (132088) | more than 7 years ago | (#17129036)

A huge percentage of legitimate email is random sentences with buzz words and a picture.

Maybe it would be possible to OCR every image as it comes through but then you'll just have spammers sending you CAPTCHA'd messages.

Re:Picture spam (0)

Anonymous Coward | more than 7 years ago | (#17129058)

By now it should be easy to identify them.

Darn, why didn't I think of that?? Thanks, I'll update my spam filters right away.

It's the bottom line, stupid! (5, Insightful)

Pig Hogger (10379) | more than 7 years ago | (#17128988)

The crux of the problem is the penny-pinching network executives who prefer to run spam sewers where zombies thrive without any supervision.

Competent sysadmins are expensive, and the idea of, say blocking outbound port 25 would never occur to them, or is brushed-off for stupid reasons.

The only way out is to exerce pressure on those network owners and the best way to do so is by simply blocking them left and right until they are left with nothing but their huge intranets.

Re:It's the bottom line, stupid! (1)

Shakrai (717556) | more than 7 years ago | (#17129140)

The only way out is to exerce pressure on those network owners and the best way to do so is by simply blocking them left and right until they are left with nothing but their huge intranets.

It's funny that your subject is "it's the bottom line, stupid!" but the idea of going after the bottom line of the spammers products isn't mentioned. Why should we become even more restrictive with networks and e-mail? Why should my outgoing port 25 be blocked because others abuse it? Instead we should be going after the money. It doesn't matter if the source of the SPAM is offshore or not. The products they are selling have some sort of presence in the US -- otherwise, why spam Americans?

We keep looking for technological solutions but that's just an arms race. Neither side will win and useful features keep falling by the wayside.

Re:It's the bottom line, stupid! (1)

Lehk228 (705449) | more than 7 years ago | (#17129606)

there is no reason you couldn't have an unblocked subnet which a customer can call and be transfered to as long as they don't start spamming.

another way is for the combined modem/firewall/routers to be shipped with 25 blocked except to the ISP's servers

Re:It's the bottom line, stupid! (5, Insightful)

David McBride (183571) | more than 7 years ago | (#17129346)

My understanding is that botnets, mostly made up of weakly-secured home machines, are the source of the majority of spam. Thus the main problem is not network administrators not taking good care of their networks (which are usually quickly identified and isolated using blocklists), but rather the woefully insecure configuration of home desktop machines out-of-the-box.

And the blame for that can be squarely placed with Microsoft.

anti-spam tactics now anti-filter (2, Insightful)

Bananatree3 (872975) | more than 7 years ago | (#17128994)

Interesting how things come to pass. Websites like this one and many others have used text-in-image capchas for a couple of years to avoid spam bots. Now, spam bots are using text in images to avoid filters. The spammers have caught up for now, but just wait another couple months/year and anti-spam technology will catch up

Went back down for me (1)

MECC (8478) | more than 7 years ago | (#17128996)

I gauge my spam intake by looking at my 'held mail' folder at spamcop. At one point a couple of weeks and a few days ago, it was up to over 220 per day (earlier in the year it was about 20 spams a day). For the past week or so, its been at less than fifty per day (today so far its at 30. Normally by this time it was about 150). Something has changed, although my measure may not indicate that spam volume in general has dropped. That's actually interesting to me, because spamcop just catches them and lets me do with them as I wish (I report them).

Lucky you :-) (1)

Anonymous Brave Guy (457657) | more than 7 years ago | (#17129158)

Alas, I am in the opposite position. I organise the e-mail for a local non-profit, and recently introduced an automated spam filter on all our incoming addresses. A month ago we were trapping under 100 spams a day across those addresses. Now it's well over 200, and rising fast. :-(

My hotmail account is fine (1)

RingDev (879105) | more than 7 years ago | (#17129004)

I get maybe 2-4 unsolicited spam emails a day. I get another 10-20 spams a day from groups that I have an affiliation with.

-Rick

Re:My hotmail account is fine (1)

Utopia (149375) | more than 7 years ago | (#17129604)

Back in 2003 I used to get about 5 spams a day in my hotmail Inbox.
Now it has dropped to an average of 1 per month.

Image spam? (1)

Anonymous Brave Guy (457657) | more than 7 years ago | (#17129008)

And best of all, a huge percentage of spam is now images that circumvent traditional text analysis.

Yep, I've seen plenty of that.

I can't help feeling that this is mostly a solved problem, though. OCR is pretty good these days, and the bad guys have been using text-recognition techniques to foil the more cleverly disguised text in captchas [wikipedia.org] on web sites for a while now. The text in these e-mail images should be relatively easy (algorithmically speaking) to identify.

Of course, given the volume of spam and the processing time required to scan such images, this isn't a completely done deal. But just as things like SpamAssassin rules get updated fairly often to deal with changing trends, I can't help thinking there's a solution pretty close here with a realistic level of resources required.

Re:Image spam? (1)

Transdimentia (840912) | more than 7 years ago | (#17129248)

Captchas always operate in the obvious fasion. Why not play a bit more devious and reverse the letters, reverse the order, enter characters which do not appear in this image, etc...? Or, start asking trivia questions, ala the startup to some Leisure Suit Larry series... Oh wait I guess those didn't really keep me out. Nevermind.

Re:Image spam? (4, Interesting)

Brandon Hume (73471) | more than 7 years ago | (#17129636)

The problem is mainly that the spammers have an absolutely IMMENSE amount of stolen processing power available to them. Botnets with hundreds of thousands of hosts, and many of those PCs have just as much, if not multiple times more processing power than any common server in your rack. Your mail server is built for reliability and I/O, and has a much longer life cycle than a desktop.

It's nothing for the spammers to analyze a captcha, even if they want to. But for every obfuscated image they send to you, you've got much fewer resources to try and analyze it. Even if you build a monster mail transport (muchos dinaros) they'll just bot a few more idiot machines and overwhelm you.

In fact, that's apparently a new tactic some of the more scummy spammers have been taking. If your filtering/tarpitting is TOO good, they'll just unleash the whole botnet onto you and crash your mail servers until such time as you see that it's better to take their crap than try to fight them. I've seen admins complaining about it on NANAE.

It seems outrageous to say this in relation to something as "unimportant" as email... but I really, truly wish we'd start seeing some fatalities amongst the spammer set.

Spam is a non-issue for those in the know. (1, Funny)

Anonymous Coward | more than 7 years ago | (#17129012)

Spam is really a non-issue for most end users. Even just using Bayesian spam filter software will eliminate the vast majority of spam. Using three or four such filter systems chained together virtually guarantees that no unsolicited commercial email will get through.

Of course, having separate public and limited-distribution email addresses helps, too. Not getting your address in the hands of spammers is obviously a good first step.

That's not to say spam isn't a problem for server and network administrators, who have to deal with higher server loads and wasted bandwidth. But for your average user, it's rather easy these days to avoid spam. With some common sense and the use of modern filtering technology, spam becomes virtually a non-issue.

Re:Spam is a non-issue for those in the know. (1)

millwall (622730) | more than 7 years ago | (#17129152)

Spam is really a non-issue for most end users [...] virtually guarantees that no unsolicited commercial email will get through.
Are you speaking for the majority of end users or are you just trolling? I don't know any end users who don't see spam as an end user issue.

Re:Spam is a non-issue for those in the know. (1)

pipatron (966506) | more than 7 years ago | (#17129648)

Personally I use gmail. At the moment it seems to be around 1000 spam messages in the spam folder. To me, the end user, it's just a number on the screen that I can chose to remove from view if even the number bothers me. To google, it probably causes a lot of more problems since they actually have to store the crap.

Re:Spam is a non-issue for those in the know. (2, Interesting)

Overzeetop (214511) | more than 7 years ago | (#17129688)

having separate public and limited-distribution email addresses helps, too

I beg to differ. My limited distribution email scheme has been completely foiled by email list selling (by companies I deal with, including pseudo-government departments) and by worms which have harvested emails in the past. Heck, it only takes a single one of my "trusted" contacts (close friends, family) to decide to forward a message to a group with the list recipients viewable and then any of those people who get a virus will let that email into the wild.

I'm tempted to can the whole partitioning of emails altogether and go back to a single email. The system used to work before there were spam filters, and when I could trust the party on the other end. Since both of those are now false, I may as well just simplify.

The penny stocks SPAM (1)

hoy74 (1005419) | more than 7 years ago | (#17129032)

Not sure if anyone else has seen these, but I wish all spam filters would simply delete any mail that contains 2 or more gif files. Gmail does a decent job of removing them, but that's the only one that I have found.

Yay, T-Bird (1)

93 Escort Wagon (326346) | more than 7 years ago | (#17129038)

"And best of all, a huge percentage of spam is now images that circumvent traditional text analysis."

Yet another reason I love Thunderbird - if the Bayesian spam filter misses it, I still don't see the ad.

I do still have to waste .25 seconds hitting "Delete" though...

End of spam by 2006? (1, Interesting)

ThiagoHP (910442) | more than 7 years ago | (#17129060)

Bill Gates was never good at guessing what the future would be. Who would need more than 640K of RAM? Vista would not even run with good performance and all the bells and wistles with one thousand more RAM than that . . .

Re:End of spam by 2006? (1)

mwvdlee (775178) | more than 7 years ago | (#17129498)

Vista wouldn't even run if you had one thousand more RAM than 640K? But that's like 641K, man!

p.s. AFAIK, Bill is misquoted here. He claimed 640KB would be enough at that time and made no claims about future memory requirements.

Another problem (5, Interesting)

Sv-Manowar (772313) | more than 7 years ago | (#17129072)

Good to see them documenting the rise of email spamming, but I'm suprised the article doesn't talk more about the spammers who are running amock across websites rather than people's inboxes nowdays. While the problem of email spam is still growing, it has pretty much always been there and the public are fully aware of it (with mainstream services such as Gmail offering spam protection, etc), the huge rise at the moment is the amount of web applications and sites that are being exploited. Take for instance Youtube (with many of the most popular videos having their comment threads spammed hard), or any mainstream forum software (most commonly phpBB), where spam bots are continually developed to get around registration methods (including OCR) and then spam the forum with either their profiles or posts. Not forgetting the guestbook spamming which many of the people behind these use for SEO purposes, so they can get phising or product selling pages to the top of search engines (even if it is for a day or so before they are penalised/blacklisted).

While email spamming is still the main problem, it would be nice to see the mainstream media realise that there is a growing danger in people exploiting community websites nowdays, because all it takes is for one of these operations to install enough spyware/get traffic from sites/top search engines for banking/insurance etc websites, then they will start taking consumer's data faster than spam would - all without the majority of customers realising, because they think the main threat is in their inbox.

darn... (1)

boisepunk (764513) | more than 7 years ago | (#17129076)

I thought this was going to be about that Flying Circus skit with vikings. Spam spam spam bacon eggs spam.

non-repudiation (0)

Anonymous Coward | more than 7 years ago | (#17129098)

We need to fix this with solid non-repudiation at the hardware and protocol levels. Anything else is bullshit.

paragraph from TFA ... (0, Troll)

Daniel Dvorkin (106857) | more than 7 years ago | (#17129104)

Spammers have effectively foiled the first strategy -- analyzing the reputation of the sender -- by conscripting vast networks of computers belonging to users who unknowingly downloaded viruses and other rogue programs. The infected computers begin sending out spam without the knowledge of their owners. Secure Computing, an antispam company in San Jose, Calif., reports that 250,000 new computers are captured and added to these spam "botnets" each day.

Remember, kids, it's not "infected computers," it's "infected Windows computers."

Re:paragraph from TFA ... (0)

Anonymous Coward | more than 7 years ago | (#17129192)

If it was infected Apple computers there wouldn't be enough for spam to be a problem. OF COURSE IT'S FRICKIN WINDOWS!

Re:paragraph from TFA ... (1)

flyingfsck (986395) | more than 7 years ago | (#17129550)

Hmm, I have repaired quite a few infected Linux servers. The trouble with a spambot on a Linux box, is that it is so damned efficient, especially since they are typically on an optical fibre backbone.

solution (0)

Anonymous Coward | more than 7 years ago | (#17129150)

most effective solution for filtering would be hiring someone to check every mail manually. There are worse jobs than that. You'd have to sacrify privacy, but it could be acceptable to most people.

Re: solution (1)

nettdata (88196) | more than 7 years ago | (#17129396)

Anyone who thinks that email is private needs a smack in the head anyway.

Hell, at this point, I'd be willing to offer the spammers money to NOT include me in their spam... it's probably cheaper than dealing with the time and effort and cash of all the anti-spam appliances, etc., I'm doing right now.

I could care less if it was extortion... it would probably be more effective for me in the long run.

I sure noticed. (1)

Bright Apollo (988736) | more than 7 years ago | (#17129218)

POPFile used to be 98.7% accurate in classifying email. I'm lucky to get 67% these days, even with a simple binary filter (spam/notspam). What I'm going to need to do -- and do not relish -- is start looking at the ones making it through and manually updating the word lists to tag them properly.

Why don't I want to do this? Because I remember the Bad Old Days of Spam, when I was forced to create Byzantine layers of regexp in Pegasus to snag all the bad people. Bayesian classifiers have been mitigated for now...

-BA

Different ways of thinking about the problem (2, Funny)

anotherone (132088) | more than 7 years ago | (#17129232)

Do any large email services compare all email over the entire system to check for spam? If gmail receives 4,000,000 messages from the same IP in 5 minutes, each with the same image attached; you can be sure it's spam. That's still defeatable, though.

The only way I can think of to totally stop the problem is to make it unprofitable. Maybe Bill Gates could stop the problem by producing a high-profile ad campaign telling people to stop buying things from Spam.

Re:Different ways of thinking about the problem (1)

anotherone (132088) | more than 7 years ago | (#17129316)

In fact it turns out that Symantec does the first thing I suggested, maybe I should finish the article before posting. It gets defeated by spammers changing pixels here and there in the image, changing the hash of the image- how good are visual fingerprinting systems these days?

Not only the rise of spam. (1)

Don_dumb (927108) | more than 7 years ago | (#17129250)

But the rise of "the rise of spam" articles all over the web.
We seem to have at least a couple a week.

Why even bother anymore? (0)

G27 Radio (78394) | more than 7 years ago | (#17129262)

Most of the spam I get probably comes from people harvesting the whois database since I never use the address elsewhere online. Nearly all the spam is automatically detected by Gmail and moved automatically to junk mail. If I bother to look at any of these messages the almost always fall into one of two categories:

1) The spelling and grammar are so poor that I would have to make an active effort to decipher what the spam says, assuming that the message makes any sense at all to begin with.

2) The message is encoded in little gif or jpg files which show up as thumbnails in Gmail that I would have to go through a bunch of trouble to download and re-arrange to make legible.

At this point it seems like sending spam is just a tremendous waste of time. It amazes me how much of it I get, but it no longer bothers me because it simply doesn't even get close enough to accomplish anything. That's not to say that I don't think spammers are a bunch of douchebags. If you're an e-mail admin, I feel your pain man. But spam is a non-issue for me as an end-user anymore.

A solid solution (5, Funny)

east coast (590680) | more than 7 years ago | (#17129266)

We can hire the A-Team to come in and stop them.

I pity the fool who litters Mr T's inbox with ads for home equity loans.

Re:A solid solution (1)

anotherone (132088) | more than 7 years ago | (#17129470)

Ironic since Mr. T is in recent years reduced to doing commercials for home equity loan companies.

Reporting Spam (1)

hadhad69 (1003533) | more than 7 years ago | (#17129314)

I was just wondering what actually happens when you hit "report as spam" or its equivelant? As the addresses are random and the gif urls are geocities or whatever, does reporting actually achieve anything?

Re:Reporting Spam (1)

anotherone (132088) | more than 7 years ago | (#17129394)

Typically it just tells the mail filter to be on the lookout for mail that looks similar to this. I doubt the authorities are contacted each time you press the button.

Migration to IM (1)

ender- (42944) | more than 7 years ago | (#17129328)

FTA: ... and unsolicited junk mail now accounts for more than 9 of every 10 e-mail messages sent over the Internet

And I used to wonder why the younger folks like my brother were avoiding email and only using IM. 90% SPAM? This is just ridiculous. Yet for some reason, the industry seems to be focusing on trying to 'catch' the spam [and as a result, constantly playing catch-up], instead of working on a real solution, such designing an email system that isn't vulnerable to spam. I'm sure this is partially because the anti-spam companies are making a fortune.

So far I've done ok, trying to stay ahead of the spammers. I recently implemented greylisting on my mail server, and the number of spams has dropped significantly. But I know that soon the spammers will figure out what we're doing, and my spam levels will again increase.

I can't say that I know what kind of solution would be successful, but I've seen very little indication that it's seriously being worked on.

Am I wrong? Are there any serious contenders for a new, secure, non-spammable store-and-forward messaging system being worked on?

Using Clamav against the images (4, Insightful)

rutger21 (132630) | more than 7 years ago | (#17129336)

Since about two weeks I am using the image-spam repositories of MSRBL [msrbl.com], and of Sanesecurity [sanesecurity.com]. Using a cron script to fetch the data and keep Clama's database up-to-date works quite well!

mod 04 (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#17129360)

*BSD is dy7in6 It is

Ban HTML email (0)

Anonymous Coward | more than 7 years ago | (#17129374)

> a huge percentage of spam is now images that circumvent traditional text analysis.

Why would an email client be configured to automatically to display images? If you want html, put it on a web server and send people a link as plain text.

One viable alternative (2, Informative)

A beautiful mind (821714) | more than 7 years ago | (#17129398)

Greylisting [wikipedia.org]. All MTAs should be RFC compliant, so this one hurts the broken MTA's only, but some find the delay this adds to the normal mailing process unworkable.

Fortunately you can whitelist known good servers and even use an AWL.

According to some university administrators I've talked to where it is deployed, 93.6% of all mail is blocked this way. The network is around 20k computers strong. No big mail losses reported.

Re:One viable alternative (1, Interesting)

Anonymous Coward | more than 7 years ago | (#17129664)

I use greymilter for sendmail with a ten minute retry period, and I have *zero* spam. I see it blocking around 400 spams a day and I have *no* false positives.

If you run your own mail server, it's worth checking out.

short preview + icon for images (1)

davidwr (791652) | more than 7 years ago | (#17129400)

In its normal "list" view, one of my mail systems displays a text-only preview of the first few lines, plus an icon to indicate any attachments. It's a hoot when the first few lines are html or javascript.

The sender + subject + those lines + the presence or absence of any attachments makes it very easy to identify spam that got through the filters, without actually seeing the advertisement.

Outlook 2003 blocks all of the image-spam I get (4, Informative)

SpecialAgentXXX (623692) | more than 7 years ago | (#17129406)

I have had no problems at all using Outlook 2003 with Junk E-mail settings set to high. I have not seen 1 image-spam. However, when I fire up Thunderbird, the image-spam always shows up. I wonder what settings/algorithm MS is using because it works. My corporate E-mail server also blocks all spam. I have not received 1 spam of any type in my office E-mail account.

So is the problem really an increase in spam or incompetent admins who don't know how to setup their filters to block them? Yes, the size & volume of E-mails may have increased, but if you can filter them they will be deleted before they take up space.

Re:Outlook 2003 blocks all of the image-spam I get (3, Informative)

muckdog (607284) | more than 7 years ago | (#17129776)

Do you realize how many valid emails are likely getting caught by your filters? Just because you're not seeing any spam doesn't mean your spam filters are doing what they are supposed to do.

bAit3h (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#17129536)

project faces a set you down. It was 4ll; in order to go our cause. Gay please moderate a super-0rganised arseholes at Walnut

The "spam problem" *IS* largely solved. (3, Insightful)

wayne (1579) | more than 7 years ago | (#17129554)

I know people like to rant about the "spam problem" a lot, but for all practical purposes, the problem has been largely solved for several years now.

If you run reasonable spam filters, including many open source ones, you will not end up with much spam in your inbox. Yeah, there will be lots of spam still being sent, but the real, significant, cost of spam is really mostly people's time, not machines. Any ISP, company or person who gets "too much spam" is simply being penny wise and pound foolish. The same goes for systems that get too may "false positives", that is, legitimate emails being rejected. Almost all of that is due to trying to run "cheap" spam filters, or buying snake-oil systems. Upgrade your mail servers or switch to someone who runs reasonable spam filters.

The "spam problem" of today is really the "you can't do anything about spam" problem. Too many people are convinced that you can't stop spam, so you shouldn't try harder. The problem is low expectations. The problem is people cutting corners.

For email senders having problems getting caught in spam filters, some of this is due to people running bogus spam filters and that is the receiver's problem more than yours. Most of the rest is due to either you not running a standard-compliant mail server on a static IP address that can have a reputation built up for you being a good server, or because you really do send out spam, either due to "bad" customers or backscatter (bogus bounces, challenge/repsonse systems, autoresponders, etc.). Don't be cheap and think you can get away with not running spam filters on your outbound email and catching your "bad" customers. Don't be cheap and spew backscatter. Don't be cheap and say you can't afford to do port 25 blocking of dynamic IP addresses, or not allow customers to configure their reverse DNS.

The vast majority of knowledgable people in the area of spam do not munge their email addresses. The vast majority do not suffer either lots of spam in their inbox nor lots of false positives.

image spam (0)

Anonymous Coward | more than 7 years ago | (#17129560)

I don't understand why this image spam is such a big problem. The random text _still_ doesn't look like legitimate text to my personal Bayesian filter, so 98%+ gets shuffled off without me ever seeing it. (Admittedly I had to lower the threshold from 0.9 to 0.85 to get there; before it was at about 95%, which was still decidedly annoying with 3 or 4 messages a day slipping through.) Now, of course institutionalized bayesian filtering won't work because the variety of legitimate mail will be too large over a large group of people, but regular spam filters can cull the majority on the server, and then personal bayesian filters can take care of the rest on the client.

pretty easy to be spam free... (0)

Anonymous Coward | more than 7 years ago | (#17129564)

What are you people doing that you still get spam?

I've had an email addy since 1983, well before spam (not to mention before DNS - this was a bang-style address at the time). Eventually spam started, and the addr I was using started getting spammed. Might have been sometime in the 90's I guess. I got quite mad, of course. Had to get rid of the address. But I learned from that, and now I've had the same address for ~7 years totally spam free. I haven't had a single spam in that entire time.

So I wonder why spam is still a factor for people. I know this sounds like a troll, but it isn't. It really isn't hard at all to be spam free, so why don't people do it? Anything with even a remote spam risk, I do with a temp dropbox which gets deleted later. My real addr, I'm careful with. That's all it has taken. I fully expect to never again get another spam.

Pump and dump solutions (1)

Ritz_Just_Ritz (883997) | more than 7 years ago | (#17129666)

One of the reasons that the pump and dump has become so popular for criminals is that the money trail has often gone cold by the time there is enough interest from law enforcement to chase the bad guys.

The SEC could mostly take pump and dump schemes for penny "pink sheet" stocks off the table by using rules to lengthen the settlement process for sales of those shares or to suspend entirely the trading of stocks in companies that are not fully reporting entities. With fully reporting companies that have legit transfer agents, it is a LOT easier for law enforcement to find out who these selling shareholders are in a timely manner.

Once these vermin begin to get caught, they'll move on to the next bit of low hanging fruit and the arms race will continue.

Simple SPAM solution (1)

arthurpaliden (939626) | more than 7 years ago | (#17129668)

The ISP restricts the client system to 1 outgoing email per 'n' seconds except if they have applied for a business exception which of course costs more. And sends a monthly email sending report so that the client can see something may be wrong.

Recent new trend in smap is MOST ANNOYING! (0)

Anonymous Coward | more than 7 years ago | (#17129728)

Spammer joins mailing list or forum.
Spammer collects member email addresses.
Spammer sends UCE with From:admin@mailinglist.com or anounce@forum.com

Now I have to modify how my white list decides what to pass.

I tell you, one of these days, I'm gonna run into a spammer at a bar and shove a friggin beer bottle up his nose until it bangs against the back of his skull... maybe a plastic fork in the ear would be easier...

Wait a second here. It's DOUBLED? (1)

Chas (5144) | more than 7 years ago | (#17129736)

Okay, not too long ago, they were saying that spam accounts for HALF of all e-mail traffic.

According to the math, you're not saying it accounts for ALL mail traffic (plus some)?

Okay, fuck that. I renounce the use of e-mail.

A huge percentage of spam is..? (1)

suv4x4 (956391) | more than 7 years ago | (#17129792)

And best of all, a huge percentage of spam is now images that circumvent traditional text analysis.

Now look at that statement and think a little. How would we filter this? Gee.. a tough one... hmm...

Let me think about it...

(41 years 6 months 10 days later)

We'll filter e-mails with images! Who needs friggin images in e-mails anyway. They are used for few purposes:

1. newsletters (aka "nice spam"), but newsletters can learn to be leaner.
2. pointless (and huge) "image signatures" showing off your latest company logo. This practice should be shot anyway.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...