Google Says Spam Volumes On the Rise

alphadogg writes "Despite security researchers' efforts to cut spam down to size, it just keeps growing back. The volume of unsolicited email in the first quarter was around 6 percent higher than a year earlier, according to Google's e-mail filtering division Postini. Security researchers have won a few significant battles against the spammers in the last year, first against those hosting the spammers' control systems, and later against the control systems themselves, but they will have to change tactics again if they want to win the war. In the first half of last year, security researchers concentrated their efforts on identifying the ISPs or hosting companies that allowed command-and-control servers to operate, and shutting these botnet purveyors down. The success of that tactic was short-lived, however."

What about...

[Pojut]

...the amount of spam that actually makes it to an inbox, instead of being dumped into a junk folder or blocked outright?

Re:If One Person Clicks, We All Lose

[houstonbofh]

Kidnapping for money is a big industry in Mexico. It is all but unheard of in the United States. Why? Because the FBI made it unprofitable. They use whatever resources are needed to track down and bust the kidnappers, however long it takes. We need that kind of will in the fight against spam. It is expensive at first, but less expensive as people get out of the business.

LOL

[Zoidbot]

90% of the spam on my forum is from Gmail accounts...

Re:If One Person Clicks, We All Lose

[clone53421]

In fact, on the topic of profitability, I seem to recall reading that renting out botnets to spammers is much more lucrative than the actual spamming nowadays...

Yep... the spammers themselves are getting suckered just as much as the people they’re trying to sucker.

But as long as there’s another spammer who’s eager to make a quick buck, there will be people ready to rent him a few million cheap e-mail addresses and a botnet to send the spam with.

Re:If One Person Clicks, We All Lose

[Tom]

Good point. The strategy was invented by the Romans, in case you care. The Roman Empire had a kind of primary objective on any and all sieges, namely that they win. No matter how long or what ressources it takes, there was the order from Rome that they will never leave defeated.

A famous mountain fort considered itself invulnerable due to natural features - there was only one small path up to the fortress. The romans built a big camp at the foot of the mountain and started building a ramp. It took them years to build it, but they did it, and took the invulnerable fortress.

That's why one day, when the roman army had just begun besieging another city, its ambassador came for talks, and he boasted "we have food for ten years". To which the romans replied "then we will accept your surrender in the eleventh". The next day, the city surrendered.

I'm telling that story because I like it a lot, but also because it shows that insane investment can pay off in the end. Yes, the romans poured ressources into a few sieges that were far beyond what they gained. But once the word had spread, the return-on-investment came.

There are two things we have to do to get rid of spam, minus the small amount you can never get rid off.

One is to make it very hard to make a profit via spam. A few simple laws could cover that. Going through the credit card companies would probably work great. Simply allow people a chargeback for any and all products sold via spam. All you have to do is send the spam message to the credit card company and ask for it. The CC company may not charge you. They don't want to pay for the trouble themselves, either. They will charge the merchant. That would pretty much eliminate all the non-working crap that's being sold via spam.

Two is to go absolutely anal on the spammers themselves. While #1 reduces the ROI, #2 increases the risk. Once you do that, the business case for being a spammer goes away. I don't necessarily mean higher penalties, but more effort in actually bringing them to justice, in an international effort.

Re:If One Person Clicks, We All Lose

[gtbritishskull]

I think it is pretty easy to differentiate between spam and not-spam. If the person sending the unsolicited mail tries to obfuscate how or from where they are sending the mail, then it is spam. If it is a company that clearly lists who they are, then they can be held liable (whether by being sued or by public opinion) for what they send out. There is no reason for law enforcement to get involved if the civil sector can sort it out. If, on the other hand, there is no reasonable way to trace the unsolicited email back to a person, they are trying to limit the ability of the civil sector to deal with them, so law enforcement should get involved.

But, that is just my opinion.

Re:If One Person Clicks, We All Lose

[sjames]

Massive botnets for rent to the highest bidder are a threat to national security. Send the army out to find and kill the bastards. Unlike terrorists living in caves, they have to have regular contact with banks and other aspects of the modern world, so they CAN be found.