By Latest Count, 95% of Email Is Spam 198
An anonymous reader writes "The European Network and Information Security Agency released its new spam report, which looks at spam budgets, the impact of spam and spam management. Less than 5% of all email traffic is delivered to mailboxes. This means the main bulk of mails, 95%, is spam. This is a very minor change, from 6%, in earlier ENISA reports. Over 25% of respondents had spam accounting for more than 10% of help desk calls. The survey targeted email service providers of different types and sizes, and received replies from 100 respondents from 30 different countries."
Logic? (Score:5, Interesting)
I don't doubt that it's around 95%, but the logic of the above-quoted statement is certainly flawed.
Re:Logic? (Score:4, Informative)
your internet provider or mail server administrator is likely blocking more (a LOT more) spam than you see come through to your "spam folder".
95% spam is a reasonable estimate for a report coming out of the EU, i think; and is pretty close to what i see here in the US (about 9 of every 10 inbound messages to our domains is either blocked at time of delivery or filtered later on).
More like 99.9 %, 1 out of 1000 valid (Score:2)
I have had my own domain since uunet! days. I drop connections when the envelope header is to a non-existent account. There are very few valid accounts on this domain. Here are the last three days stats on dropped and accepted connections (D dropped, N accepted):
D/837,780 N/941
D/935,298 N/884
D/901,749 N/832
This is 1 valid email out of 1000 attempts to a first approximation, 99.9% spam. Even with these, I still get several hundred validly addressed spams a day, most automatically junked altho I still sca
Re: (Score:3, Interesting)
Well, I use a greylisting system, with amavisd behind it, and the greylisting blocks 90%, before it even reaches the spam filter. (Which also keeps the resource usage down.)
Then spamd and the other spam systems linked into in amavisd throw out nearly all the rest of the mails.
I’d say 95% is a vast understatement. More like 99.5%.
Also, everything that is filtered by amavisd, still goes to the junk folder of my IMAP account, so I still can undo false positives.
Works pretty sweet for my own server.
I simp
Re: (Score:2)
... or if they use Email Certification.
Long story short, everyone who wants to send Certified mail has to be 'certified' by their ISP. (UN-certified mail would still be possible, if you wish.) Getting certified is nothing more than providing enough information to positively identify you, and costs a nominal fee.
In return, you create a public/private key pair, and give the public one to the certifier. The private key goes into your email server, which adds some headers to each outgoing email. One of these is
Re: (Score:2)
If you get spam, your email client has a big 'report certified spam' button. Click it, and an email is auto-launched to the certifier of the sender. The certifier contacts the sender and demands an explanation. If sender was hacked, they fix the security hole and tell certifier they did so. If spam was not spam, or a misunderstanding, they explain.
Why not just have the client reject mail from that sender and cut out all the dicking around?
Re: (Score:3, Insightful)
Right. They are ignoring the huge volume of legitimate mail that hotmail/msn silently deletes in violation of the RFCs.
Re: (Score:2)
Right. They are ignoring the huge volume of legitimate mail that hotmail/msn silently deletes in violation of the RFCs.
Hotmail doesn't represent the majority of e-mail accounts, and usually it seems to be down solely to the incompetence of whoever is administering hotmail, rather than intentionally violating RFC. Same difference, I suppose, but it's certainly not a majority of the legitimate e-mail they get to them, anyway.
Re: (Score:2)
Worse, a change from 6% to 5% "real mail", if that is indeed the case, isn't a "very minor change", it's a 20% difference!
Re: (Score:2)
If you check out the statistics I've been collecting at work then you'll see the figure is quite correct.
You should be able to see the stats here:
http://www.earth.ox.ac.uk/~steve/spamstats/
Re:Logic? (Score:5, Informative)
Survey only took place in Europe and apparently one company in the US.
In short, this is a waste of someone's money.
Only, huh?
27 nations and a population of >500 million forming the largest economic block in the world...
might be a good thing (Score:2)
Re:might be a good thing (Score:4, Insightful)
Doesn't matter. There's no shortage of people who believe spamming will make them rich. Spam isn't going to go away just because it doesn't work.
Re: (Score:2)
No- it's the fact that there are people WILLING to pay for what's advertised through spam that it has proliferated so much.
If you can get even a handful of sales from sending out a million spams, you still make a profit.
Imagine if doofuses everywhere didn't send money to Nigerian princes promising them wealth, or ignored the viagra/cialis ads that keep appearing.
If there was a way to shutdown the payment gateways for spammers their means of making money would be forced to stop and discourage them from cont
More than 90% for me too (Score:4, Interesting)
I also get about 10 times as much spam as actual email. Fortunately, Google is pretty good at filtering that - the number of false negatives in my inbox has been less than ten this month, while I got over a thousand to my spam folder.
It's hard to comprehend how people deal without that level of spam filtering - I have relatives who regularly register new accounts in order to escape their spam.
Re: (Score:2)
False positives are the bigger problem. The amount of spam drives the need to "profile" incoming content with greater scrutiny, leading more and more real E-mail to the spam folder. Some of that E-mail might be important. Whitelisting is only a partial solution -- you don't always know where an important E-mail is going to come from. I've had more than one occasion where I've missed out on an opportunity, and a coupl
Re: (Score:2, Interesting)
Want to reduce false positives, and your friends, colleagues and email partners to ask their provider to support either Domainkeys or SPF. Once they get on the bandwagon, their mail will no longer get false positive flagged.
Re: (Score:2)
Re:More than 90% for me too (Score:5, Funny)
Yeah, I know what you mean. Just last week I missed out on the opportunity to make a living just from surfing the web from my home computer! I can't tell you how disappointed I was that the email offering that 'chance of a lifetime' went to my spam folder.
Then there was the time I won a million dollars but because of my spam filter I never got to claim it in time. Or the time that the Prince of Nigeria sent a desperate email to me for help, but because of spam filtering I was never able to offer my assistance. I feel just terrible knowing that he was never able to access his fortune or reclaim his rightful seat on the throne.
Re: (Score:2)
For the past few months, I've been volunteering at a transitional housing shelter, providing basic computer assistance to anyone who needs it. The guys at the shelter range in education level and in their experience with computers and the internet. Most have some basics down, many are perfectly competent or better, some have almost no experience. I have, just-in-time, stopped several people from giving out their social security numbers to spammers. I've had guys ask how come they can't get the free cred
Accounting for help desk calls?! (Score:3, Interesting)
Now I am not a corporate email guru, but why would spam be the reason to call for help? In this day and age it boggles the mind. Even my grandmother can deal with spam without needing tech support.
Re:Accounting for help desk calls?! (Score:4, Insightful)
I too was the email guru once upon a time (last year). It boggled my mind that people simply could not understand that some email was spam, and that some valid mail got caught because their friends forwarded a forward or an ad company sent them an actual email. And I explained this to the same set of people over and over again.
Re: (Score:3, Interesting)
This off topic but- don't you think OS X was born out of it being easier to make Unix friendly than fixing MacOS which they tried and failed to do internally? I really don't see how Windows has anything to do with it.
Re: (Score:2)
_Reporting_ spam is often routed to the help desk. And the intricacies of reporting the entire, unedited message with all the headers intact is often beyond a casual email user. Particularly irritating email also climbs up the reporting priority list and wastes helpdesk time, such as email being forged from one domain to pretend that it is from another domain and getting other people's email being blocked or taking advantage of their whitelisted domains (known as "joe jobs").
Re: (Score:2)
Are you sure ? I know a lot of inexperienced people who are overwhelmed by the number of messages in their mailbox. One 70 year old just told me she gave up on her mailbox because there were 750 messages in it. Another one, 50 years old, is drowning in advertisement messages - not even spam, she gave her email on legitimate shopping sites.
A third one, 50 years old, lost an email confirming her plane travel and ended up rebooking it ! When she called me, i found the email in 1 second by using the search fun
Re: (Score:2)
I've had "my daugter is getting a load of inappropriate adverts that she finds disturbing, how do I stop it" several times.
I'm surprised it's that low (Score:5, Insightful)
I was seeing more like 97% (once you excluded system generated internal emails - CVS and Bugzilla between them can generate a fair bit of mail).
The killer for running our own mail system in its entirety was when I did the arithmetic and our co-hosted secondary mail server was costing more than buying Google for Domains. That's before you even consider the document management Google for domains offers, which was just icing on the cake.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Funny)
By disallowing spamming an ISP has a specific line in the TOS that they can point to when a customer calls in screaming about their "intarwebs" being unreachable. "Yes sir, I understand that you are upset but it appears that we got several reports that large amounts of unsolicited email was being sent from your home, upon further monitoring by our technicians it was established that several thousand spam emails were being sent from your home and in accordance with paragraph 713 in the terms of service we di
Re: (Score:2)
In the EU, spamming is only illegal if it is to "personal subscribers" where you have had no prior business relationship. Viagra spam is illegal because of the content of the email, not the way it is sent.
Personal subscribers means non-corporate subscribers. You can spam companies with impunity. Depending on partnership law in the juristiction in question, you can spam some of them with impunity. For example, in Scotland, partnerships are corporate bodies, but in England they are not, so you can spam em
Re: (Score:2)
Perhaps his small company does lots of business over E-mail as many do? E-mail is the primary interaction with customers for lots of smaller businesses and customers draw some pretty weird conclusions when they get even one NDR.
Also two or more mail servers is common the system is designed to work that way which is exactly why you can have multiple MX records for your domain. This way a sending server can try the other mail server if / when it can't contact the primary. Oh I suppose you could use some co
Re: (Score:2)
Quite correct. The secondary MX wasn't for load balancing - Postfix can handle more mail than I could ever throw at it - the secondary MX was to minimise the risk of NDRs.
It actually caused as many problems as it solved because spammers seem to think "secondary MX == no spam filtering".
Re: (Score:2)
If there is downtime on your main mailserver, or the telephone line connecting it to the outside world, you need a secondary server to pick up mail until it comes back online again.
Micropayments again (Score:4, Interesting)
Micropayments. Yes I know it's been mentioned before, but one rarely hears of paying *each other* (rather than the host or government). It would be a good idea anyway even if spam didn't exist.
If we paid each other (say a penny or 1/10th of a penny), obviously the spam problem would be solved. (though some can charge nothing if they want) It also means that someone who gets a ton of email and hasn't got the time to read all of them will receive only the 'cream' of email. Only those who are willing to sacrifice say, a pound (or £10/£100 for super busy/famous people) would be able to email them.
As we know, Youtube has/is developing methods of payment to watch videos, and online papers are experimenting, so micropayments may be common sooner than we think.
Re: (Score:2, Interesting)
http://piestar.net/2009/06/24/idea-fixing-the-email-system/ [piestar.net]
There are many better ways outside micropayments - which would add up on a large system (such as a forum or social networking site).
Re:Micropayments again (Score:4, Funny)
Your post advocates a
( x) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won’t work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we’ll be stuck with it
(x ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(x ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don’t care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else’s career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( x) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( x) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( x) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( x) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( x) Extreme stupidity on the part of people who do business with spammers
( x) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
( x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( x) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( x) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don’t want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x ) Sorry dude, but I don’t think it would work.
( ) This is a stupid idea, and you’re a stupid person for suggesting it.
( ) Nice try, assh0le! I’m going to find out where you live and burn your house down!
Re: (Score:2)
( ) Killing them that way is not slow and painful enough
Pray tell, what level of vigilante justice would you consider to be slow and painful enough?
Re: (Score:2)
While I find that list as funny (and often true) as the next guy, you failed in applying it.
Mailing lists and cooperation of everyone has long been solved in the micro-payment solutions. Central authorities are not needed, just a reasonably small set of payment handlers. And it's got nothing to do with blacklists, rather with dynamic whitelisting.
A little technical voodoo solves the rest.
Still, I agree with your result that it won't work, mostly because people have become way too used to the way e-mail work
Re: (Score:2, Insightful)
but one rarely hears of paying *each other* (rather than the host or government)
Only if you don't read the discussions. A scheme like that is proposed every time the topic comes to "how I would end spam once and for all". Go ahead and try it. Oh, you want everybody to switch? See, that is a fundamental problem: If your scheme requires a critical mass of people to adopt the scheme at the same time, then it won't work. (There are more problems with pay-for-email and email-bond schemes, but that is the most obvious one.)
Re: (Score:2)
People can use both email types, until gradually the 'micropayment' emails become the norm, and the free, spam ones are ditched by more and more people. Not forgetting of course than even the 'micropayment' email can charge zero if that's what they really want. It 'subsumes' the old type in that sense.
If these kind of things didn't work, then we wouldn't have new connectors at the back of PCs. USB wouldn't exist for instance.
Re: (Score:2)
People can use both email types, until gradually the 'micropayment' emails become the norm, and the free, spam ones are ditched by more and more people.
Won't happen.
So maybe 95% of the e-mail that is sent to me is spam. What is it worth to me to have to pay to send e-mails as I sit in front of my PC trying to decide whether to use the free system or the pay-for system to send my mate Bob an e-mail. The answer is apparently nothing. My e-mail is perfectly serviceable and spam is only a minor inconvenience. I don't see almost any of that 95% spam because virtually all of it gets filtered before it drops into my inbox.
You could argue that there is an infr
Re: (Score:2)
If people have the option to send me an email for free, or to pay for sending me it, which one are they going to pick?
Re: (Score:2)
What advantage will early adopters have from joining your scheme?
What advantage did early adopters of computers with USB ports have of getting their PC? As I said, these things will be added to server installations, and will be available as an *option* to the end user. People can have a 'normal' email and a 'micropayment' email.
I think the main problem is transaction cost. Once companies figure out how to send and receive micropayments for the cost of transmitting normal information over the internet (i.e. virtually nothing), then we have a winner.
I like the humour in th
Re: (Score:2)
They get to pay extra to use email, of course! Clearly this is an "advantage" that everyone will want..
/Mikael
Re: (Score:2)
Or get paid if they receive more email than they send. Of course it would all be negigible anyway if costs were $0.0001 per email sent anyway.
In the long term, it would balance out as they send and receive email.
Re: (Score:2)
I can't help but feel that a scheme like this would be loved by telcos all over the world, all they'd need would be a law that forbids email without this "feature" coupled with some sort of licensing scheme that required server operators to jump through a whole bunch of hoops plus pay a large yearly fee (perhaps labeled as a "downpayment" on that year's transfer fees so technically you'd only have to get the money once and then you could use the money for last year this year again but it would still be too
Re: (Score:2)
What I meant was that probably very few devices supported USB in the beginning, so it didn't seem such a great feature at first. However, with the giant Apple backing it, there's the promise that it will eventually become standard.
Now you: What advantages will early adopters of your scheme have?
No spam, and ability to receive less and better quality email by charging arbitrary amounts. Some people who otherwise may not be reachable at all (being super busy), suddenly become available by being able to pay them to read your email.
Re: (Score:2)
Reply to this (my) post if you read it.
No need to be anon - I'm not going to get bitchy no matter how much I disagree.
Re: (Score:2)
Because, as one of those irritating but often accurate form rejections points out, transaction costs make this impractical. You'd spend far more administering the payments than you would actually making them, so if you had a system where you paid someone $0.05 to receive your email, and they paid you $0.05 to receive
Re: (Score:2)
Well the way we handle transactions currently must be hopelessly inefficient. Computers are supposed to be good for this kind of thing.
Re: (Score:2)
1) Create hundreds or thousands of throwaway email accounts. ... perhaps not.
2) Subscribe all those accounts to your target's mailing list.
3) Watch as your target has to spend a significant amount of money sending "Thank you for subscribing" emails and daily/weekly/monthly messages.
4) ???
5) Profit?
What I think could work would be an escrow system. When you sign up for your ISP account, you put some amount of money (say $20) in escrow with your ISP. After a certain period of time subscribed to your ISP wit
Re: (Score:2)
Most of the spam is sent through botnets. Who is going to end up paying this email levy? Mind you it might encourage them to clean up their machines, but more likely just mean some sensationalist articles in the Daily Wail and judges refusing to enforce payment.
Re: (Score:2, Funny)
If we paid each other (say a penny or 1/10th of a penny), obviously the spam problem would be solved. (though some can charge nothing if they want)
Your post advocates a
( ) technical ( ) legislative (x) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the mone
Re: (Score:2)
It seems to me that the key objection to this is the mailing lists.
But what if mailing lists were replaced by RSS? When you're delivering identical content to a lot of different users, letting them pull rather than push eliminates spam, and for zero cost beyond having the servers.
Having zombies' accounts drained is bad for them, but maybe it would make people more alert to them.
The dropped connections as you phase in the system is sad, but it's in pursuit of a more usable system in the end.
Re: (Score:2)
We'll see micropayments work when we see fusion power. The overhead of authentication and actually processing money are so large that they are simply not practical for normal email, and the kind of idiot who does spamming now would simply steal funds from your mail servers.
Re: (Score:2)
People have been talking about micropayments for at least 10 years now. The problem isn't a technical one, see paypal.com for an example of how it is done. The problem is that as soon as people are asked for payment details, even for a very small amount that they wouldn't notice, they stop to think about whether or not they really need it, and generally decide they don't.
The problem is it takes a bit of effort to spend money. If you make it less of an effort, people don't like it because it makes them fe
Re: (Score:2)
Right now the vast majority of spam is sent by compromised computers. What would stop those computers from paying the micropayments? Sure, it'd be nice to collect a few dollars from the incoming spam, but I'd feel a bit evil taking money from random people around the world. Even if they should have been smarter.
You can say that fraudulent transactions are only a few percent of total transactions today, but it will difficult to build a micropayment system which has as many abuse checks as the current transac
Spam not equally distributed among message media (Score:2, Interesting)
Re: (Score:2)
Yep. This is why I simply abandoned email. Sure, I have a gmail box so that I can "click on this link to activate my membership", but other than that it just slowly fills up with "newsletters" I never read. Any actual human being wanting to contact me online knows full well by now to send me a PM in some "walled garden" environment such as facebook or one of the music forum/communities I visit. Does this reversion to "walled garden" comms systems suck from a 'back in the day the internet was supposed t
My spam count has gone down lately (Score:2)
I have no idea why, but my spam count has gone down. I have my own domain name and I used to receive about 100 spam per day. Lately that's gone down to 2 or 3.
I'm not doing anything different so I assume I fell off a list or someone upstream is fixing things.
Sometimes I run a filter that let's all plaintext through but whitelists mime and messages with http or www in the message. They get rejected at the server level.
I just turn it off when I register for new web sites.
Re: (Score:2)
For what its worth, I've had the same thing happen on my own domain. As recently as 6 months ago I was averaging about 1500 spams a month, and now its down to maybe 200 a month. I'm certainly not complaining, but I'd love to know why it dropped.
Re: (Score:2, Informative)
check to see if your provider is using SPF... If so, they end up blocking domains that does not have one or is spoofing a domain that does have SPF setup. This helps significantly to reduce the amount of junkmail.
Re: (Score:2)
I don't know where you get this from. All that SPF gets you is that you receive less "backscatter" spam, non-delivery-reports for mail you didn't send in the first place. For most people, that's a tiny fraction of the spam they receive. The majority of spam is sent from domains with valid SPF records and passes SPF checks.
Re: (Score:2)
Not just backscatter, also spam "from" you - I used to get a lot of.
Re: (Score:2)
SPF only protects the envelope from, not the "from" which is shown to the user.
Re: (Score:2)
Insta-death for most of the Internet, too...
Bill Gates (Score:5, Funny)
http://www.cbsnews.com/stories/2004/01/24/tech/main595595.shtml [cbsnews.com]
Bill Gates promised in 2004 that spam would be completely solved within 2 years.
Re: (Score:3, Funny)
He's not lying, you know. He's just waiting for the perfect year to start his two-year-plan...
Re: (Score:2)
Bill Gates promised in 2004 that spam would be completely solved within 2 years.
And in 20 years, he'll claim to have no memory of having ever said that. And his apologists will claim that he's too smart to have said something so stupid. And history will have repeated itself yet again.
Re:Bill Gates (Score:5, Funny)
Re: (Score:3, Insightful)
And what kills me is that he COULD HAVE, the bastard. Or at least, made a very large dent in it. All he had to do was have MS release some patches for Windows and give them for free to EVERYONE, "pirates" included. According to a quick search, 80 percent of spam comes from zombies. [google.com]
Re: (Score:2)
I use outlook and I never see spam and I don't get false positives. That doesn't mean the spam problem is solved but at least my time isn't wasted (just bandwidth).
Re: (Score:2)
Well, that article is somewhat about captchas and I couldn't see any direct quotes from billy, considering that most email providers, live/gmail etc. use that tech. and my spam has virtually been reduced to zero in the last few years... No one can stop spammers from sending spam, but you can always filter it out.
The reason your inbox - or anyone's, for that matter - is not overflowing with so much spam that "just hit delete" is no longer an option is not because nobody's sending spam.
Neither is it because the magic email fairies are ensuring that you only receive legitimate email.
It's because some poor bastard is attempting to stop it. But for every counter-measure we take against spam, the spammers work on anti-counter-measures.
For those anti-counter-measures, we take contra-anti-counter-measures.
This doesn't wor
Re: (Score:2)
Yes. I conjecture that the only reason my current counter-measures (and that of GP) work reasonably well is because so many people use worse counter-measures -- which makes it less necessary for spammers to outsmart them (yet). It's not a solution, and by definition only works for a relatively small part of the population of email users.
Mine WERE working reasonably well! Or so I thought - I was blocking well over 90% of incoming email to spam but I didn't have a mechanism for end users to check "may be, may not be" spam - and I didn't want to crank up the sensitivity without that.
But when the people worst affected are the executives who agree the pay every month, you have to ask yourself "how married am I to running my own email system in its entirety?". I can easily see a future where most sysadmins decide the answer is "not very" and
Re: (Score:2)
In the second paragraph there is a direct quote.
“Two years from now, spam will be solved,” he told a select group of World Economic Forum participants at this Alpine ski resort. “And a lot of progress this year,” he added at the event late Friday, hosted by U.S. talk show host Charlie Rose.
Google it up, and you'll find several sources directly quoting him, not to mention follow-ups years later when Gates says it was a mistake to make such a claim.
Only 95%? (Score:2, Insightful)
I am surprised they conclude the fraction of good mails is as high as 5%.
From the CERN mail server report:
Incoming mails: 1992789
Rejected: 1952787 (98%)
Moved to Spam Folder: 14520 (1%)
Good mails: 25482 (1%)
Spam in Total 99%
And this is a good day. Often good mails are less than 1%.
Re: (Score:2)
I'm guessing that they don't count mails to non-existent mail boxes as spam (it's dropped before the spam/no-spam determination). CERN probably counts it as spam.
Stop the floodgates (Score:2)
1) Do the unthinkable, actually pay for email service at a place, ideally, like www.fastmail.fm which uses spamassassin unlike the simpler less forgiving systems at yahoo/gmail/etc.
2) Use a handful of aliases (yielding unlimited email addresses) in order to sort mail to its relevant level of "attention"
e.g.
2a) john.smith@fastmail.fm would go to friends to use
2b) wellsFargo@level01.f
Accountability (Score:2)
There's no single solution to spam, obviously at times I want people that have never sent me an email before to be able to reach me. Trying to derive whether it's spam from the content will always be an approximate process. But what is not so great is that currently, all the eggs are in one basket. If you get your hands on my email address, then it's valid for years and years, and I have no practical means of switching.
What would help a great deal, is if there was a standard way to generate and revoke an em
Win-win? (Score:2)
Not for me. (Score:2)
I use DNS blocklists, greylisting, and a bayes filter. I rarely see spam, maybe 1 or 2 stupid marketing mails from companies I have dealt with a week. My work has more or less the same setup and doesn't get much spam either.
This report must be counting mail blocked at the SMTP level as spam. That seems the only way to get upto 95%.
How many emails in your (gmail) spam folder ? 396 (Score:2)
Please put the answer in the title of your response. Note that gmail deletes spam that is older than one month so if you answer for another spam system, count for the last 31 days or specify the length of time.
I have 396, much lower than the peak that has been around 900 for years then abruptly got to around 400 each month and remarkably stable.
Spam can be pretty useful occassionally (Score:2)
I've had the same main email address since the mid 90s, so as you might expect it's on every spam list going, and on average I'm seeing 100 emails a day hitting my Outlook spam folder. However it's never an issue for me as I pay for the rather wonderful Cloudmark spamfilter which is near as dam it 100% accurate for my use.
So all I have is spam hitting my spam fillter at about one every 15 minutes. Which has on several occasions been a useful 'heartbeat' to diagnose when my there's something wrong with my
Sounds low (Score:2)
If you take the % at home ( i host my own domain, and I'm the only real user... ) its more like 99.9% due to all the bounce backs and 'dictionary' emails which don't exist anyway..
At the office, its well over 98. ( external email only, not internal )
This shows the true cost of spam... (Score:2)
Because in the end, servers around the world are using bandwidth, storage, CPU time, etc, to relay spam. And those servers ha
Yet there are so few spammers (Score:2)
What's striking is how few different spams there are. When one of the major spammers is shut down, spam drops noticeably worldwide. Statistics like "the top N spammmers account for NN% of the spam" could be helpful. In terms of cost, the top few spammers probably have more impact than Al-Queda.
Maybe we could get major spammers classified as enemies of the United States, so the CIA could go after them.
Please learn to do math. (Score:2)
Imagine that the volume of non-spam email remains constant.
If spam was previously 94% of email, and is now just over 95% of email, that is not a change of 1% in the amount of spam.
Let's give concrete numbers. Imagine that there are one million non-spam emails per time unit. How much spam needs to be sent for spam to be 94% of email? The total amount of mail would be 16.6~ million emails, so 15.6~ million of them would be spam. Now imagine that the new amount of non-spam email is "less than 5%" -- let's
Re:What do they mean by 'all'? (Score:4, Interesting)
- Incorrectly formatted HELO/EHLO greeting? 5xx Doesn't catch too many connections as the other end would have to massively screw up in order to trigger the invalid HELO rule.
- Giving a HELO/EHLO that is not a FQDN (fully qualified domain name)? 5xx Many botnets don't follow the FQDN rule and will give a randomly generated HELO name. I've never had a false-positive with checks like this.
- Giving a HELO/EHLO that does not resolve via DNS (see RFC 5321, section 2.3.5 [ietf.org] where it talks about this issue in the 1st bullet point)? 5xx or 4xx if there was a DNSFAIL issue
- SPF record says "-all" for the MAIL FROM or HELO lookup and it fails to pass SPF? 5xx (At which point, you're simply following the instructions of the sender. If the record says "-all", they WANT you to reject non-conforming mail.)
- HELO/EHLO which purport to be from your own system? 5xx Know your servers, know who is allowed to put your domain into the HELO/EHLO and boot the pretenders. Easily done in Postfix with a few simple rules.
Most of those are standard checks in Postfix and will greatly reduce the amount of spam that you have to analyze in a more in-depth manner. Which results in a huge CPU/bandwidth savings if you can tell them to bugger off before the DATA command is issued.
I prefer to save block lists for the spam scoring system as there are too many false positives (and sometimes abuses of power) in the DNSBLs. Far safer to score rather then block - although Spamhaus' Zen list is extremely good.
Re: (Score:2, Interesting)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
98% of what we get is not delivered to mailboxes.
If you block it at SMTP time do you still count that as mail you got?
Re: (Score:2)
Re: (Score:2)
If you're rejecting at SMTP connection time - you're not dropping mail on the floor - you're doing it properly by giving the origin server a 4xx or 5xx code.
(The worst thing you can do is to 2xx the message, and then decide later that it's undeliverable. At that point, you're either not obeying RFCs by dropping it on the floor or you're going to generate backscatter if you
Re: (Score:2)
Re: (Score:2)
Bill Gates appears to know little about technology. Why else would be make such a stupid statement?
He reminds me of the support guy that just makes stuff up because most users will believe anything.
Re: (Score:2)
The spammers already use hacked systems to send out their email. It's no big leap for them to also hijack the stamp/payment system to have the hacked system's owner pay for the spam run.
Basically, the bad guys will get away with paying nothing - and the burden will fall on legitimate users of e-mail.
The only possible upside to your proposal is that it would cost the hacked system's owner in a way that might encourage th
Re: (Score:2)
Oh, this is exciting, I've never done this before!
Your post advocates a
( ) technical ( ) legislative (x) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
(x) No on
Re: (Score:2)
If you hardly ever use your "real" email address, or only to very limited number of recipients, then yes, you are less likely to get spam. But if you use email a lot, even to people you otherwise trust, every time you hit send you are handing them your address - as well as transmitting it to any number of relays along the way. And any of your recipients can be malware infested.