By Latest Count, 95% of Email Is Spam 198
An anonymous reader writes "The European Network and Information Security Agency released its new spam report, which looks at spam budgets, the impact of spam and spam management. Less than 5% of all email traffic is delivered to mailboxes. This means the main bulk of mails, 95%, is spam. This is a very minor change, from 6%, in earlier ENISA reports. Over 25% of respondents had spam accounting for more than 10% of help desk calls. The survey targeted email service providers of different types and sizes, and received replies from 100 respondents from 30 different countries."
Logic? (Score:5, Interesting)
I don't doubt that it's around 95%, but the logic of the above-quoted statement is certainly flawed.
More than 90% for me too (Score:4, Interesting)
I also get about 10 times as much spam as actual email. Fortunately, Google is pretty good at filtering that - the number of false negatives in my inbox has been less than ten this month, while I got over a thousand to my spam folder.
It's hard to comprehend how people deal without that level of spam filtering - I have relatives who regularly register new accounts in order to escape their spam.
Accounting for help desk calls?! (Score:3, Interesting)
Now I am not a corporate email guru, but why would spam be the reason to call for help? In this day and age it boggles the mind. Even my grandmother can deal with spam without needing tech support.
Micropayments again (Score:4, Interesting)
Micropayments. Yes I know it's been mentioned before, but one rarely hears of paying *each other* (rather than the host or government). It would be a good idea anyway even if spam didn't exist.
If we paid each other (say a penny or 1/10th of a penny), obviously the spam problem would be solved. (though some can charge nothing if they want) It also means that someone who gets a ton of email and hasn't got the time to read all of them will receive only the 'cream' of email. Only those who are willing to sacrifice say, a pound (or £10/£100 for super busy/famous people) would be able to email them.
As we know, Youtube has/is developing methods of payment to watch videos, and online papers are experimenting, so micropayments may be common sooner than we think.
Re:Micropayments again (Score:2, Interesting)
http://piestar.net/2009/06/24/idea-fixing-the-email-system/ [piestar.net]
There are many better ways outside micropayments - which would add up on a large system (such as a forum or social networking site).
Spam not equally distributed among message media (Score:2, Interesting)
Re:Logic? (Score:1, Interesting)
I don't doubt that it's around 95%, but the logic of the above-quoted statement is certainly flawed.
Link to full report:
http://www.enisa.europa.eu/act/res/other-areas/anti-spam-measures/studies/spam-survey/at_download/fullReport
There also appears to be selection bias in the sample. The confidence interval is also missing. Survey only took place in Europe and apparently one company in the US.
In short, this is a waste of someone's money.
Re:What do they mean by 'all'? (Score:4, Interesting)
- Incorrectly formatted HELO/EHLO greeting? 5xx Doesn't catch too many connections as the other end would have to massively screw up in order to trigger the invalid HELO rule.
- Giving a HELO/EHLO that is not a FQDN (fully qualified domain name)? 5xx Many botnets don't follow the FQDN rule and will give a randomly generated HELO name. I've never had a false-positive with checks like this.
- Giving a HELO/EHLO that does not resolve via DNS (see RFC 5321, section 2.3.5 [ietf.org] where it talks about this issue in the 1st bullet point)? 5xx or 4xx if there was a DNSFAIL issue
- SPF record says "-all" for the MAIL FROM or HELO lookup and it fails to pass SPF? 5xx (At which point, you're simply following the instructions of the sender. If the record says "-all", they WANT you to reject non-conforming mail.)
- HELO/EHLO which purport to be from your own system? 5xx Know your servers, know who is allowed to put your domain into the HELO/EHLO and boot the pretenders. Easily done in Postfix with a few simple rules.
Most of those are standard checks in Postfix and will greatly reduce the amount of spam that you have to analyze in a more in-depth manner. Which results in a huge CPU/bandwidth savings if you can tell them to bugger off before the DATA command is issued.
I prefer to save block lists for the spam scoring system as there are too many false positives (and sometimes abuses of power) in the DNSBLs. Far safer to score rather then block - although Spamhaus' Zen list is extremely good.
Re:More than 90% for me too (Score:2, Interesting)
Want to reduce false positives, and your friends, colleagues and email partners to ask their provider to support either Domainkeys or SPF. Once they get on the bandwagon, their mail will no longer get false positive flagged.
Re:What do they mean by 'all'? (Score:2, Interesting)
Re:Accounting for help desk calls?! (Score:3, Interesting)
This off topic but- don't you think OS X was born out of it being easier to make Unix friendly than fixing MacOS which they tried and failed to do internally? I really don't see how Windows has anything to do with it.
Re:Logic? (Score:1, Interesting)
This morning, over 6000 messages came through my domain of which 6 were legitimate. I spend more time waiting for the deletes to complete than reading my messages.
I think the 95% may be too low.
And if you account for the bits, the ratio is even worse, since my legitimate messages are usually a bit of text, whereas almost all the spam includes an attachment or image.
Re:Logic? (Score:3, Interesting)
Well, I use a greylisting system, with amavisd behind it, and the greylisting blocks 90%, before it even reaches the spam filter. (Which also keeps the resource usage down.)
Then spamd and the other spam systems linked into in amavisd throw out nearly all the rest of the mails.
I’d say 95% is a vast understatement. More like 99.5%.
Also, everything that is filtered by amavisd, still goes to the junk folder of my IMAP account, so I still can undo false positives.
Works pretty sweet for my own server.
I simply can’t say, that spam is a problem for me anymore.