Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Google Spam IT

Google Says Spam Volumes On the Rise 187

Posted by CmdrTaco
from the my-inbox-is-crying dept.
alphadogg writes "Despite security researchers' efforts to cut spam down to size, it just keeps growing back. The volume of unsolicited email in the first quarter was around 6 percent higher than a year earlier, according to Google's e-mail filtering division Postini. Security researchers have won a few significant battles against the spammers in the last year, first against those hosting the spammers' control systems, and later against the control systems themselves, but they will have to change tactics again if they want to win the war. In the first half of last year, security researchers concentrated their efforts on identifying the ISPs or hosting companies that allowed command-and-control servers to operate, and shutting these botnet purveyors down. The success of that tactic was short-lived, however."
This discussion has been archived. No new comments can be posted.

Google Says Spam Volumes On the Rise

Comments Filter:
  • by eldavojohn (898314) * <eldavojohnNO@SPAMgmail.com> on Thursday April 15, 2010 @09:59AM (#31857954) Journal
    If you are successful at combating spam, you will see a rising volume. Here is the chain reaction that takes place:
    1. A spammer has an established source of income that he profits from his operations. Let's say it's ten grand a month. Everything is going well--he kicks back and watches watches the money machine.
    2. You implement a better spam blocking program or a better educate users or do something so that the five hundred clicks he gets a day drops to four hundred clicks a day.
    3. The spammer now finishes at eight grand at the end of the month and notices something is wrong.
    4. The spammer is certain that he can grab back those clicks and all he (did you ever notice how spammers are always men?) has to do is crank up the volume whether it be by getting more e-mails to spam or sending more frequent spams or revolutionizing his spamming tactic and adding new templates and variables to trick people or get around blocks.
    5. In the end we see spam rise.

    Now, maybe he makes that two grand back in his push and maybe he don't. Maybe your new method reduced his clicks from five hundred to five per month. Either way the best we can hope is that at some point that income shrinks to negative or so little it's not worth his time. The problem is that even if 0.0001% of his spam messages generates a click, he's making bank.

    The battle for clean e-mail should be fought on a number of fronts. Public awareness is the key weak link in the chain in my opinion. And as a new net savvy generation arises, that will come naturally.

    No matter how much I tell my friends and family to be safe on the net, my friend in Cairo had ten credit cards opened in her name and I had to help her clean it up over here. To make sure it didn't happen again we went over smart procedures like if your bank sends you an e-mail you should read it and then open up your browser by hand and type in the bank's URL as you know it by hand and look for the corresponding information on the site. Yeah, it's a pain in the ass but if you can't find it you can always just call them. Don't click the e-mail link and drop your username and password into some site you don't trust. If I had to guess how she got tripped up, it was when she went to Cairo for school she couldn't afford to talk on the phone and had gotten lazy and careless with doing all her banking online.

    • by houstonbofh (602064) on Thursday April 15, 2010 @10:07AM (#31858074)
      Kidnapping for money is a big industry in Mexico. It is all but unheard of in the United States. Why? Because the FBI made it unprofitable. They use whatever resources are needed to track down and bust the kidnappers, however long it takes. We need that kind of will in the fight against spam. It is expensive at first, but less expensive as people get out of the business.
      • by eldavojohn (898314) * <eldavojohnNO@SPAMgmail.com> on Thursday April 15, 2010 @10:16AM (#31858196) Journal

        We need that kind of will in the fight against spam. It is expensive at first, but less expensive as people get out of the business.

        The problem with your analogy is that kidnapping is a binary operation. You're either doing it or you're not. It's also often coupled with extortion and bodily harm and a host of other very serious crimes.

        Spamming, on the other hand, is very hazy. What is unsolicited e-mail? People don't take the time to read shit. They just "click click oops, why am I getting these e-mail?" So if they clicked an ad and entered their e-mail address to get thirty thousand acres in farmwars by putting in their e-mail and checking a box that they understand ... where was the failure there?

        I just got five messages in a minute from Boingo this weekend. Followed by an apology letter. It was some database template test process run amok that informed me about my account (which I don't have with them). I used them once in an airport. They apologized to me today in another e-mail I didn't ask for! Do we vigilantly hunt them down and jail them?

        The problem with your vigilance is that it's often objective to draw the line where spamming stops and legitimate business e-mails start. The crimes that come with spam aren't on the level of human trafficking ... you get tax evasion or another white collar crime at best. Sometimes theft or grand larceny across all victims. But come on, the FBI isn't going to get the resources from the federal government to chase that rabbit down its hole when they need back hoes to dig up the whole internet.

        The government's CanSPAM act has increased the severity of it when we're sure you were doing it. That's the most you can ask for ... not a special FBI initiative to relentlessly track everyone who spams. Enforcement should be increased but not to the level of tracking kidnappers.

        • Re: (Score:3, Insightful)

          by Tom (822)

          Spamming, on the other hand, is very hazy.

          No, it is not.

          Spammers try to make it appear hazy, but it isn't. 99.999999% of the spam volume is not from some overly zealous marketing temp who sends the company newsletter to a few more people than he should've. Pretty much all the spam you get is from address lists. You buy one of them to send those people mail, you fucking know that you're sending unsolicited mails.

          The tiny fraction of mails that fall in the "you actually did sign in and forgot" category is so negliegable, you can ignore it for the gen

          • If you send me advertisement that I didn't ask for, you are spamming. It is that simple.

            What if it's not an advert? Most of the spam I get is just a random collection of words trying to damage bayesian filters, much like a typical Slashdot post.

        • by gtbritishskull (1435843) on Thursday April 15, 2010 @10:57AM (#31858746)

          I think it is pretty easy to differentiate between spam and not-spam. If the person sending the unsolicited mail tries to obfuscate how or from where they are sending the mail, then it is spam. If it is a company that clearly lists who they are, then they can be held liable (whether by being sued or by public opinion) for what they send out. There is no reason for law enforcement to get involved if the civil sector can sort it out. If, on the other hand, there is no reasonable way to trace the unsolicited email back to a person, they are trying to limit the ability of the civil sector to deal with them, so law enforcement should get involved.

          But, that is just my opinion.

      • by Tom (822) on Thursday April 15, 2010 @10:30AM (#31858408) Homepage Journal

        Good point. The strategy was invented by the Romans, in case you care. The Roman Empire had a kind of primary objective on any and all sieges, namely that they win. No matter how long or what ressources it takes, there was the order from Rome that they will never leave defeated.

        A famous mountain fort considered itself invulnerable due to natural features - there was only one small path up to the fortress. The romans built a big camp at the foot of the mountain and started building a ramp. It took them years to build it, but they did it, and took the invulnerable fortress.

        That's why one day, when the roman army had just begun besieging another city, its ambassador came for talks, and he boasted "we have food for ten years". To which the romans replied "then we will accept your surrender in the eleventh". The next day, the city surrendered.

        I'm telling that story because I like it a lot, but also because it shows that insane investment can pay off in the end. Yes, the romans poured ressources into a few sieges that were far beyond what they gained. But once the word had spread, the return-on-investment came.

        There are two things we have to do to get rid of spam, minus the small amount you can never get rid off.

        One is to make it very hard to make a profit via spam. A few simple laws could cover that. Going through the credit card companies would probably work great. Simply allow people a chargeback for any and all products sold via spam. All you have to do is send the spam message to the credit card company and ask for it. The CC company may not charge you. They don't want to pay for the trouble themselves, either. They will charge the merchant. That would pretty much eliminate all the non-working crap that's being sold via spam.

        Two is to go absolutely anal on the spammers themselves. While #1 reduces the ROI, #2 increases the risk. Once you do that, the business case for being a spammer goes away. I don't necessarily mean higher penalties, but more effort in actually bringing them to justice, in an international effort.

        • by Thanshin (1188877)

          I like the story too.

          Could you, please, provide the necessary info for me to find a more detailed description of the facts? (forts and city names should be sufficient).

        • by Thanshin (1188877)

          I'm telling that story because I like it a lot, but also because it shows that insane investment can pay off in the end. Yes, the romans poured ressources into a few sieges that were far beyond what they gained. But once the word had spread, the return-on-investment came.

          That's how I've been told bank robberies are managed. Spread among the criminals the idea that whoever robs a bank will be hunt down and killed, even if it's more expensive than the robbed money.

        • Re: (Score:2, Funny)

          by LingNoi (1066278)

          A few simple laws could cover that. Going through the credit card companies would probably work great. Simply allow people a chargeback for any and all products sold via spam. All you have to do is send the spam message to the credit card company and ask for it. The CC company may not charge you. They don't want to pay for the trouble themselves, either. They will charge the merchant. That would pretty much eliminate all the non-working crap that's being sold via spam.

          Your post advocates a

          ( ) technical ( )

          • by Tom (822)

            The template reply is a lot more funny if the answers aren't checked randomly. To pick out just one:

            (X) No one will be able to find the guy or collect the money

            So the CC company that he uses to be paid by his customers will be unable to find him?

            • "better" answer we start locating the datacenters used cut the outbound network lines and then level the DC
              (use Naval Gunfire or Bombers as required). And of course we would cut the outbound lines first to prevent switchover and then fire/drop warning round so that the folks can evac before the center goes up (or down as the case may be).

            • by LingNoi (1066278)

              The person sending the spam isn't necessary the same person selling the goods; and I very much doubt that Viagra companies pay spammers via credit card.

              Also your idea wouldn't solve the spam issue. All it would do is provide a way for people to steal legitimate purchases the same way fraudsters used to do with ebay and paypal purchases.

              So I buy a Samsung TV and get the credit card company to do a charge back because I got a newsletter or I forge some email myself?

              Your idea is completely ridiculous, stop def

        • I like your idea, but it's very difficult to put into practice. The problem is that email in general, and spam in particular, is not authenticated and is trivial to forge. How much evidence do I need to be able to get a charge back from my credit card? Just the text of the email? Fine, that'll take me five minutes. Mail server logs? Two minutes for me to insert them into /var/log/maillog in the right place. Logs from the sending server? Sorry, it's a machine in a botnet in a foreign country.
          • The way to do it is to target the machines that are sending the spam. So far, much of the effort has been to take down the control networks for the bots. I think that internationally ISPs should agree to charge people trivial amounts for each e-mail sent. People who own infected computers would take notice pretty quickly and take steps to clean up their machines. Legitimate advertisers would have to organize arrangements with the ISPs, but I wouldn't be too sad if that got cut down on as well. Ideally, the

      • by fermion (181285)
        I think a better analogy is the recreational drug trade. Like spam, there are a few vendors and many recipients. To combat the trade, as ill conceived as such efforts are, requires prosecution of the users and the vendors. Furthermore, it requires the suspension of constitutional rights of the vendors, as vendors may be deprived of personal property without due process. If we are to destroy spam, we must do the same thing

        I think the analogy is valid at other levels. Like recreational drugs, people se

      • I propose kidnapping spammers for money. That would kill two birds with one stone.
      • I have an easy solution... Make it legal to kill spammers. I jest, but how effective would the message of 15-20 well known spammers all shot dead one night in a coordinated effort. Who'd want to be the new spam king then?
    • Now, maybe he makes that two grand back in his push and maybe he don't. Maybe your new method reduced his clicks from five hundred to five per month. Either way the best we can hope is that at some point that income shrinks to negative or so little it's not worth his time. The problem is that even if 0.0001% of his spam messages generates a click, he's making bank.

      Unfortunately, even if the income shrinks to negative or so little it's not worth the time, the spam will keep flowing - because someone will thi

      • Re: (Score:3, Interesting)

        by clone53421 (1310749)

        In fact, on the topic of profitability, I seem to recall reading that renting out botnets to spammers is much more lucrative than the actual spamming nowadays...

        Yep... the spammers themselves are getting suckered just as much as the people they’re trying to sucker.

        But as long as there’s another spammer who’s eager to make a quick buck, there will be people ready to rent him a few million cheap e-mail addresses and a botnet to send the spam with.

      • Re: (Score:3, Interesting)

        by sjames (1099)

        Massive botnets for rent to the highest bidder are a threat to national security. Send the army out to find and kill the bastards. Unlike terrorists living in caves, they have to have regular contact with banks and other aspects of the modern world, so they CAN be found.

    • The battle for clean e-mail should be fought on a number of fronts. Public awareness is the key weak link in the chain in my opinion. And as a new net savvy generation arises, that will come naturally.

      That is a good idea, but it won't solve the problem - or even make a huge dent in it - on its own. Even with the new "net savvy" users, there are still plenty of users (including new users) who are uninformed and don't want to be informed. There are still plenty of technophobes who are getting on the internet because junior's teacher wanted him to look something up on wikipedia. And when mommy and daddy are both technophobes, junior won't likely be that much different.

      That said, you almost hit the cor

    • by MikeFM (12491)
      I'm just glad I get my email through GMail (Google Apps actually). Those accounts get as much spam as any of my other accounts but almost none of it reaches my inbox which I can't say for any of the other email services/servers/programs I use. Very few false positives these days either.
    • by causality (777677)

      If you are successful at combating spam, you will see a rising volume. Here is the chain reaction that takes place:

      1. A spammer has an established source of income that he profits from his operations. Let's say it's ten grand a month. Everything is going well--he kicks back and watches watches the money machine.
      2. You implement a better spam blocking program or a better educate users or do something so that the five hundred clicks he gets a day drops to four hundred clicks a day.
      3. The spammer now finishes at eight grand at the end of the month and notices something is wrong.
      4. The spammer is certain that he can grab back those clicks and all he (did you ever notice how spammers are always men?) has to do is crank up the volume whether it be by getting more e-mails to spam or sending more frequent spams or revolutionizing his spamming tactic and adding new templates and variables to trick people or get around blocks.
      5. In the end we see spam rise.

      Now, maybe he makes that two grand back in his push and maybe he don't. Maybe your new method reduced his clicks from five hundred to five per month. Either way the best we can hope is that at some point that income shrinks to negative or so little it's not worth his time. The problem is that even if 0.0001% of his spam messages generates a click, he's making bank. The battle for clean e-mail should be fought on a number of fronts. Public awareness is the key weak link in the chain in my opinion. And as a new net savvy generation arises, that will come naturally. No matter how much I tell my friends and family to be safe on the net, my friend in Cairo had ten credit cards opened in her name and I had to help her clean it up over here. To make sure it didn't happen again we went over smart procedures like if your bank sends you an e-mail you should read it and then open up your browser by hand and type in the bank's URL as you know it by hand and look for the corresponding information on the site. Yeah, it's a pain in the ass but if you can't find it you can always just call them. Don't click the e-mail link and drop your username and password into some site you don't trust. If I had to guess how she got tripped up, it was when she went to Cairo for school she couldn't afford to talk on the phone and had gotten lazy and careless with doing all her banking online.

      That's why spam has become an arms race, an exchange of measures and countermeasures. The only real solution is to get the word out and equip the average Internet user to identify spam and understand why it should never be responded to. That would remove the profits from the spammers and force them out of business. Then and only then will the spam problem end.

      1. A spammer has an established source of income that he profits from his operations. Let's say it's ten grand a month. Everything is going well--he kicks back and watches watches the money machine.
      2. You implement a better spam blocking program or a better educate users or do something so that the five hundred clicks he gets a day drops to four hundred clicks a day.
      3. The spammer now finishes at eight grand at the end of the month and notices something is wrong.
      4. The spammer is certain that he can grab back those
    • by plover (150551) *

      This description is from the spam merchant's POV, not the spammer who operates the spamming equipment. The merchant wants to get his message out to X people. The spam operators charge money per address.

      What'll happen here is the spam operators will find it more difficult to operate in conditions of continual crackdowns. Taking down a 100,000 bot net does not suddenly create 10 10,000 bot networks. The laws of supply and demand will kick in, meaning the price-per-address will rise. And spammers are going

    • by Hatta (162192)

      Ten grand a month sounds a bit high. I'm willing to bet these people make about minimum wage. Enough to keep up with rent in a trailer park and fill the fridge with Miller High Life. That's why it's so hard to get rid of. These are people with no other prospects, and nothing to lose.

  • What about... (Score:3, Interesting)

    by Pojut (1027544) on Thursday April 15, 2010 @10:00AM (#31857966) Homepage

    ...the amount of spam that actually makes it to an inbox, instead of being dumped into a junk folder or blocked outright?

    • Re:What about... (Score:5, Insightful)

      by Jaysyn (203771) <jaysyn+slashdot@NoSPAm.gmail.com> on Thursday April 15, 2010 @10:02AM (#31858008) Homepage Journal

      It still has to travel thru email servers & routers costing money via electrical & bandwidth costs.

      • Re:What about... (Score:4, Insightful)

        by Shakrai (717556) on Thursday April 15, 2010 @10:08AM (#31858080) Journal

        It still has to travel thru email servers & routers costing money via electrical & bandwidth costs.

        Aren't people around here rather fond of making the claim that bandwidth doesn't cost money, at least whenever we see a story pop up about some ISP wanting to impose caps or metered billing?

        The bandwidth and electrial costs of spam are negligible. You would have made a better argument by pointing out the lost productivity when humans need to divert time away from useful tasks to clean out their inbox.

        • by LingNoi (1066278)

          I don't think anyone claims that bandwidth doesn't cost money.

          My guess is you're referring to articles where telecom giants try to get a company like Google to pay for transferring their content. In those instances people here argue that Google has already paid and the consumer has paid their ISP too so why should the ISP company get extra money for nothing.

        • Re:What about... (Score:5, Informative)

          by KiloByte (825081) on Thursday April 15, 2010 @10:25AM (#31858322)

          Network bandwidth taken by emails is indeed nearly free -- a typical piece of spam is just around 5KB (median). Yet, with more and more complex processing needed to run spam filters, you need quite a bit of CPU to weed them out. Looking at my logs, SpamAssassin runs are around 8 seconds each. Part of that time is spent for DNS queries, but there's a number of CPU-intensive tests as well.

          And servers are certainly not free.

          • "8 seconds"??? My single CPU server can toss tens of thousands of spams per hour - a few million per day has been observed. Because my domain is very old, it features in every spam list this side of Betelgeuse. My incoming mail is almost exclusively spam. Out of the million or so incoming, only about 5 emails are legit. So, no, it cannot take 8 seconds to process a spam message.
        • by MikeFM (12491)
          Somewhat funny.. the biggest cost to our company is that we exceed our DNS query limit frequently on one of our domains (I dunno why it gets picked.) and it's always people hitting it from China or someplace unlikely like that. Our web servers don't get that many visitors from China so I have to suspect it's spam. I need to fight with Ultra DNS over just blocking those hits instead of charging me for them. We should all just cut China off the net IMO until they fix their issues.
          • by Shakrai (717556)

            Your host charges you for DNS hits? That's absurd.

          • by Elshar (232380)

            If this is a chronic problem, you're better off just getting some cheap host and quickly setting up bind or tinydns to serve the requests. Heck, I ran a DNS server that served about 100 domains off of a P2 350 with 128MB of ram for over 10 years. It's really not CPU intensive. And there's plenty of docs out there for typical setups that you could probably set up your own DNS server in the time it takes you to deal with just one of these provider-caused outages.

            Let's face it, blocking off large swathes of th

      • by Pojut (1027544)

        I was referring more to how much spam blocking technology has increased compared to the increase in spam volume...

    • by nxtw (866177)

      ...the amount of spam that actually makes it to an inbox, instead of being dumped into a junk folder or blocked outright?

      I don't see much spam in my inbox, but I occasionally get lots of backscatter in my inbox - maybe 10 messages a day for a week, and then nothing for a few months.

    • In this regard Google is awesome... I get 1 spam message per month in my mailbox tops, but my spam box (which keeps the spam for 30 days) has over 10.000 spam messages in it. So only one in every 10.000 spam messages slips trough at maximum.
    • ...the amount of spam that actually makes it to an inbox, instead of being dumped into a junk folder or blocked outright?

      That spam is, at the very least, equally as costly as spam that makes it to the inbox. Sure, it uses less of the users' time, but it still takes CPU time, network bandwidth, and storage (somewhere).

      People who rely on their filters (or similar practices) upstream of their inbox to deal with the spam problem often overlook that very important point. That is part of why filters will never be the real solution to the spam problem.

    • what i mean by that is that it doesn't scale for the individual, the technology does scale.

      It is far too easy for people to get in contact with me via email. My time is wasted reading their junk, and this includes corporate spam as well. We can try lots of technical solutions, but i think i'll go down a subscription model.

      You paypal me a dollar a year and i'll whitelist your email address, otherwise, go away. A few trusted friends and family get whitelisted for free.
       

    • by Inda (580031)
      Strange because my gmail account currently has 830 in the spam folder, down from 3,000.
  • constantly fighting it is just one of those maintenance functions of civilization

    you don't declare a war on spam, win it, and then spam is forever gone. thats not the nature of the problem. its forever reborn as some "brilliant idea" in the mind of some asshole out there who has no problem abusing the commons for selfish gain. it requires constant eradication. additionally, you can't completely automate the process of spam destruction. spam is created by creative human beings. human beings always find away around any locked door. and therefore it will require the constant effort of creative human beings dedicated to police work to forever fight these other creative beings who have no decency. that's just the way it is. its stasis: good guys versus bad guys, forever

    the same applies to hard core drug addicts, pedophilia, terrorism, etc: you don't declare war on terrorism, pedophilia, or hard core drugs, win it, and then those phenomena are gone forever. thats not the nature of those problems. they will always be low grade problems that always reassert themselves. unless you stop fighting them: in which case they metastasize into worse problems

    as long as civilization exists, certain classes of utterly intolerable problems (problems that you cannot in any way reclassify as tolerable problems) will continually reassert themselves in every generation, and, for the sake of the health of society, require constant hard effort to simply keep them as low grade issues that don't expand into worse problems

    • by sjames (1099)

      True, the same way we can never completely abolish burglary. However, we CAN cut it down to the point where spam is not the majority of email much like we make sure that burglary isn't the majority of visits to a home.

  • I've felt the pain of this battle myself. I moved to a new host, and Google rejected every message sent by my mail server as being spam. They redirected me to their "bulk email policy," which is absurd. My server has never sent anything even remotely similar to bulk email. I spent days jumping through Google's hoops (by enabling SPF, etc.) and their mail server started ACCEPTING mail from my server at least, but it still routes it all to the Spams folder in GMail.

    The worst part is that Google doesn't even l

    • by clone53421 (1310749) on Thursday April 15, 2010 @10:31AM (#31858420) Journal

      Sounds like you switched to a less-than-reputable host...

      • I am not sharing my IP address with anyone else. Google is inarguably falsely implicating my mail server as being a spam source.

        I can't afford a lawyer yet, but it is only a matter of time until someone a little bigger runs into this problem.

        • by clone53421 (1310749) on Thursday April 15, 2010 @11:14AM (#31859018) Journal

          Contact your host, or switch. It isn’t Google’s fault if you signed up for a host which got its entire IP range blacklisted by allowing its customers to send spam and ignoring the subsequent spam complaints. I’m not saying that’s definitely what happened, but there’s a good likelihood it’s exactly what happened.

          It’s unreasonable to expect Google to start white-listing customers from a sleazy host on an individual basis. Screening customers is the host’s job and they failed; now they got blacklisted and all their customers suffer. Yell at the hosting company, not Google. If enough of their customers leave because they aren’t cracking down on the spammers, they’ll suddenly realise that not doing anything about the spam is hurting them economically just as much as terminating a few spamming customers would. And if they don’t realise this, or if it wouldn’t... that isn’t the sort of host you want to be associated with.

      • A similar thing happened to my company, except it was malicious. One of our competitors is apparently very buddy-buddy with Spamhaus. Spamhaus just up and blocked our email server one day (which, up to that point, had a perfect "No-Spam" score). Every time we changed to a different host, just so we could have our website up and communicate with our clients, it was blocked within hours. Our website was erased along with any data that hadn't been backed up from that host, and to top it off: They reported
  • As long as spammers can continue to make money through spam, they will continue to send out more spam. You can filter all you want, you won't do shit to reduce the volume until you address the motivation behind the spam itself.
    • by tlhIngan (30335)

      As long as spammers can continue to make money through spam, they will continue to send out more spam. You can filter all you want, you won't do shit to reduce the volume until you address the motivation behind the spam itself.

      Worse yet, the business model ensures this is the case.

      Business needs marketing, so they pay $100 for a million spams. Spammer takes $100, sends out million spams. Spammer gets $100 from next business and so on ad naseum.

      It doesn't matter if the guy paying the spammer gets $100 worth

  • I don't know why the superior resources of spam recipients aren't harnessed to overwhelm spammers and their spam.

    Whenever a message is identified as spam, either by a server or by a recipient, that message should be registered in a database network shared among servers and recipients. Then all those servers and recipients in the network should automatically identify that message as spam.

    The automarking should also mark messages very similar as spam. And the "votes" from immediate identifiers should count to

    • Whenever a message is identified as spam, either by a server or by a recipient, that message should be registered in a database network shared among servers and recipients. Then all those servers and recipients in the network should automatically identify that message as spam.

      So it sounds like you are advocating for devoting more resources to fighting spam - specifically more network and CPU resources.

      Which leads me to the question of who will pay for this? As it is, companies are already buying dedicated anti-spam hardware, and individuals (and some companies) are paying for anti-spam software as well. But who would want to pay for a distributed collection of servers to spend their CPU time and bandwidth on processing email? And whose email would be processed? Would you

      • by Doc Ruby (173196)

        No, the network is just interconnecting the resources used by existing antispam applications. Which already scan entire mail queues - however much work and intrusion that might be.

        I'm talking about making the existing resources vastly more efficient by eliminating the redundancy of separate recipients each scanning the same message to determine whether it's spam. And closing the percentage of missed spam by allowing multiple different scanners to spot it their way.

        And indeed I also explicitly specified the

        • No, the network is just interconnecting the resources used by existing antispam applications. Which already scan entire mail queues - however much work and intrusion that might be.

          Which would generate more network traffic than letting the last mail host scan it in whatever way it is configured to do so. Simultaneously you would be increasing the work load of each system that scans, as it would be scanning more mail than it did before.

          I'm talking about making the existing resources vastly more efficient by eliminating the redundancy of separate recipients each scanning the same message to determine whether it's spam. And closing the percentage of missed spam by allowing multiple different scanners to spot it their way.

          Those sound like two different aims there. You want to work at "eliminating the redundancy" while also "allowing multiple different scanners to spot it their way". I don't see how you can do both.

          And indeed I also explicitly specified the FBI and other cops should go after the root of the problem: spammers.

          Sorry, wrong answer. The FBI and other US police fo

          • by Doc Ruby (173196)

            No, you don't understand what I wrote. Or maybe you don't understand what is the load of the actual processing and transmission in the different cases.

            Instead of each machine scanning the same message, only a few machines that get it first scan it. They generate a hash and distribute it to the other machines receiving messages. Those machines need only generate a hash of incoming messages, which is not as intensive as scanning it for spam (like bayesian algorithms). The hashes do increase network traffic a

            • Instead of each machine scanning the same message, only a few machines that get it first scan it

              Which still requires that message to be distributed to several different servers. How does this not generate additional network traffic?

              They generate a hash and distribute it to the other machines receiving messages. Those machines need only generate a hash of incoming messages, which is not as intensive as scanning it for spam (like bayesian algorithms).

              So does your hash then match the entire message, or some part of the header instead?

              The hashes do increase network traffic a little, but not nearly as much as the reduced spam effect decreases traffic.

              So are you then proposing that an upstream server filter the messages before they get to their second-to-final destination (as in, some sort of "post office" intermediate)? Otherwise the email still needs to get to that last server (generally prior to the user's system) to be filtered.

              The hash is probably something like 16 or 32 bytes, while the average spam is hundreds or thousands of bytes, in each message.

  • ... designed by Blue Security [wikipedia.org], but shutdown by the spammers themselves. If only Google would put his strengh on such a venture, spam would die.
    • by dkleinsc (563838)

      Wouldn't that be a proven non-solution, since it was shutdown by the spammers?

      • by slb (72208) *
        Their weakness was in their business model (paid subscription by companies). Google would not have to fear this.
  • The only way you'll ever see email spam or any other highly irritating marketing ploy go away is if it stops be profitable. And email spam is pretty damn cheap for the people pumping it out.

  • All of the obvious spam messages that seem to have a practical chance of garnering hits is getting detected now. The only way to get through is to use some obfuscated content that a reader is much more likely to either detect as spam or so obscure that the email doesn't interest the reader. I can't imagine the spam business is very good anymore.

  • by lazarus (2879)
    The following is a variant of greylisting. You can comment on it from your soapbox if you wish but I've been running it for about three years now and it works great. I put it together for my own use and I have no desire to document it, support it, or in any way promote it. I'm posting it here because I'm tiring of hearing people whine about spam. It uses Exim and mysql to get around some of the inherent limitations of greylisting as it was originally defined (specifically the mandatory "delay" in receiving
  • I just block e-mail from gmail.com accounts. That clears up most of the spam.

    For a company that whines so much about spam. Google sure seems unable to clean up their own act.

  • More spam is a symptom, not the problem itself. The problem is the amount of spambots, all around the web, how many millons of computers are in a botnet or another. If spam by some magic becomes non profitable, still those millons of computers will be around, ready to be used by its owners or whoever hire them to do other kinds of nasty stuff.

    In fact, is GOOD that they send spam, as could be used that traffic to identify the hosts and accounts, and do something with them, like ISPs redirecting them in a san

System going down in 5 minutes.

Working...