digg

Join DiggAbout

Discover and share the best of the web!
Learn more about Digg by taking the tour.

Spam Doubles, Finding New Ways to Deliver Itself

nytimes.com — In the last six months, the problem has gotten measurably worse. Worldwide spam volumes have doubled from last year, according to Ironport, a spam filtering firm, and unsolicited junk mail now accounts for more than 9 of every 10 e-mail messages sent over the Internet.

Bury
show profanity settings
expand all
  • anonymoustroll, on 10/12/2007, -1/+10I ran across my first piece of image spam that I actually couldn't read because the image was too muddled (in an effort to avoid OCR detection). Mostly stock pumpers...

    I find it interesting that the stock pumpers don't rely on link or return email, but are only interested in spreading the meme of the three or four character stock symbol.


    • latova, on 10/12/2007, -0/+16I've noticed this too. Gmail still does a good job of filtering out this and other kinds of spam though.
    • chris4404, on 10/12/2007, -0/+13@latova
      I've given up deleting my spam out of my Gmail account. I haven't cleaned it for a month so its auto delete does the job but at the moment I have 14053 spam e-mails. Thank god for it though don't know what I'd do without Gmail.
    • wbreim, on 10/12/2007, -39/+4I actually enjoy spam mail, I have fun setting up filters and you know checking out some of the offers out there. I've bought tons of stuff i found through spam mail
    • truspector, on 10/12/2007, -0/+20@wbreim
      and you sir are the reason the rest of us are still getting spam.
    • ch33sehead, on 10/12/2007, -1/+11@wbreim
      You must have a small penis.
    • pointNumberOne, on 10/12/2007, -0/+4@wbreim

      You forgot the /sarcasm
    • gr8one, on 10/12/2007, -1/+6Kill Spammers.
  • jacksh11t, on 10/12/2007, -2/+4Another story on iht: http://www.iht.com/articles/2006/12/05/business/spam.php

    The spam situation is getting ridiculous. 50% of my incoming mail at work is spam. 90% of my personal mail volume is spam (sad).
    • ebs16, on 10/12/2007, -0/+6For a second I thought that your linked article was plagiarized off of the submitted NYTimes article, but it's actually the same author. He just changed the wording around a bit. Interesting...
    • PeterJS, on 10/12/2007, -0/+4@ebs16: IHT is the European version of the New York Times, they share articles all the time, IHT is a more global/international/euro-centric paper published/edited in Paris.

      Re: spam: at work, roughly 85% of our email traffic is SPAM. For the day yesterday, we received 10,432 messages out of which we allowed 1,874 to be delivered. Rest was classified as SPAM. Thank goodness for Barracuda SPAM firewall.
  • ebs16, on 10/12/2007, -13/+3The laptop being used in the article's photo is turned off.
    • hadiz, on 10/12/2007, -10/+2It could just be a power saving thing that turns the display off after a couple of minutes.
    • BossX, on 10/12/2007, -4/+13Who cares?
    • vertinox, on 10/12/2007, -1/+3Who reads the articles?
  • JimMessenger, on 10/12/2007, -6/+10"Three years ago, Bill Gates, Microsoft’s chairman, made an audacious prediction: the problem of junk e-mail, he said, “will be solved by 2006.”

    Oops...

    • bias, on 10/12/2007, -5/+13holy *****, so now it's microsoft's fault?
    • Grimdotdotdot, on 10/12/2007, -0/+4Microsoft wanted to charge 0.1cents (or something) for each email send (or, rather, delivered).
      That would have sorted out spam, TBH - but no-one liked that solution.
    • Asriel86, on 10/12/2007, -2/+15Most of the SPAM being sent today is done so by home-use Windows PCs that are running a virus or spy/adware in the background. There are millions of home computers that unknowingly (to their owners) are part of massive botnets that are being used to send billions of spam messages.

      This is all because Windows has so many security holes that allow for viruses to so easily propogate. It's Microsoft's fault there is so much spam because most machines running Windows are being used as zombie slaves, and Microsoft refuses to admit or account for this.

      What do they do, instead? They make their own Antivirus program and charge money for it. They have to make a program to sloppily fix the fact that their operating systems are security nightmares, and they profit from it. That's freaking racketeering.

      If every internet-connected Windows computer on earth was running an updated antivirus program (and not just letting the Symantec icon sit in the corner, the 60 day trial that came with the computer five years ago that was never activated) SPAM would practically stop dead in its tracks. The only way to send spam then would be to do so directly through a mailserver, which is far easier to filter, track down, and stop.

      In short, it's Microsoft's fault because their swiss-cheese OS lets spammers hijack millions of computers.
    • catch-22, on 10/12/2007, -2/+7While I'd love to agree entirely that it's all Microsoft's fault, you have to admit that some of the blame falls on the users that let these viruses run rampant on their systems. It's not very difficult to get a free antivirus/spyware solution that would keep you protected from that garbage...
    • molecool, on 10/12/2007, -0/+1Your problem is that you think from the prospective of a computer geek who knows how to maintain his/her own box. The average user out there *should not* have to know anything about computers in order to use them - or at least just enough to get by reading email, surf the web, create spreadsheets, etc. You have already mentally been anchored into the status quo which is that someone sells you a broken system which can be easily invaded and which gets you caught in a ***** arms race with spammers, identity thefts and other type of vermin.
  • motivator, on 10/12/2007, -1/+17IMHO, the only way to solve the spam problem is to somehow get people to stop buying what they're selling. If it wasn't lucrative, they likely wouldn't do it.
    • anonymoustroll, on 10/12/2007, -9/+1wrong... SPAM is like background radiation or sun spots... it just is; sometimes there's more of it than other times.
    • harumph, on 10/12/2007, -1/+8i agree with motivator. if nobody responded to spam, it would become unprofitable. as it is, there has to be enough people biting on these things to make it profitable. otherwise the spammers would have no incentive to continue.
    • MistressRoninS, on 10/12/2007, -0/+5Motivator I agree, but from my pov the issue is most of the time the crap in spam is pointless and non-purchasable overnight website crap with bad English translations or penis enlargement schemes. My answer to spam is a junk hotmail account, used for all the subscribing to any sites that send spam to subscribers. Sometimes you have to subscribe to sites to do things and its easier to just make a hotmail for that junk. Otherwise gmail is really the best filter I have ever seen.
    • Novagenesis, on 10/12/2007, -0/+9Spam is cheap. You can set up and send millions of spam for under 100 dollars. Even less if you use illegal botnets.

      The problem is enforcement? The government is trying a LOT less to enforce anti-spam laws than RIAA is trying to enforce copyright laws.

      RIAA is pushing for jail time for people who download the new Metallica cd.
      Govt is pushing for fines for companies who -get caught- sending spam. Woowoo, big deal. Some companies do illegal things because they make profit off those things -after- paying the fines.
    • yodaj007, on 10/12/2007, -0/+2@MistressRoninS

      Check out http://www.SpamGourmet.com. I've been using it for about a year and a half now. It's great.
    • x1479, on 10/12/2007, -0/+0Agreed but probably won't happen. Its just the way things are. And I think the cost is so small its possible that a spammer could just generate revenue simply through advertising and hits on the site that their email links to. Spammers may be finding most of their rewards, for their very low cost business, by advertising instead of direct purchasing.

      @yodaj007
      Spam gourmet is a good one, but lots of others out there:

      http://www.google.com/search?as_q=temporary%20email

    • Phearce, on 10/12/2007, -0/+1How would you define "profit". It costs virtually nothing to send out a million spams. If *one* person replies, you'll likely break even. That's if your goal is actual real-world money. If you're trying to spread a concept like a stock symbol as anonymoustroll mentions above, then one person reading the spam counts towards your goal.
  • dpcdomino, on 10/12/2007, -0/+10I cannot image the dolts that actually purchase items off spam emails. Maybe they really have a small penis?
    • colifis, on 10/12/2007, -0/+3What if I really did want a penis enlargement? Where would I even begin? Oh the choices would be endless ......
    • gcauthon, on 10/12/2007, -0/+2And an even smaller brain.
    • isthisnametaken, on 10/12/2007, -0/+5I used to think the same thing about telemarketers. I mean nobody really buys that stuff right?

      Then I became a telemarketer one summer and found out 3% of the calls made are sales. I am sure the number isnt that high for spam, but I bet its worth sending out all those emails.

      I'm not a telemarketer anymore, dont digg me down for that! :)
  • icexe, on 10/12/2007, -0/+5the problem isn't spam, it's the idiots who respond to spam. if spammers weren't hooking potential suckers by the boatload from these messages, they would be out of business in no time.
    • Araya213, on 10/12/2007, -0/+5And for crying out loud, please don't reply to spam telling them to quit sending you stuff. That just lets them know that it's an active account that gets checked, then they sell the address to all their buddies.
    • GabrielS, on 10/12/2007, -0/+2Regardless of the response to spam, the transportation of the messages is unnecessary internet traffic. All of that is received into a users inbox or at least downloaded for processing by spam filters.
    • gcauthon, on 10/12/2007, -0/+3Spammers don't sell their own products, so that argument doesn't make any sense. As long as there are small startup businesses that believe spammers could possibly market their wares effectively, there will be spam. Everyone who uses mass marketing thinks their product is different and there are people out there who will buy it. Even if every single spam campaign goes dry for the next 10 years, the next company to come along will still think that they're somehow different.
  • adenansu, on 10/12/2007, -4/+15i loved my gmail account, because google filtered out all the crap for me. but about 2 months ago, i started getting 2-300 spams a day, and maybe 10-20 that slip through and hit my inbox.

    now i'm getting around 500-600 a day, more and more making their way into the inbox. gmail users, please don't just delete those spams in your inbox! report them as spam to help the filters out!
    • Grimdotdotdot, on 10/12/2007, -5/+2Although your comment involved a sensible suggestion, you'll find yourself getting dugg down: This is Digg, man - people here don't let you knock Google...
    • ArmyOfFun, on 10/12/2007, -11/+4I bury anyone who is incapable of using their shift key.
  • daltonvoss, on 10/12/2007, -0/+2Responding to spam is part of the problem, but stock pumpers for instance don't care if you respond. All they want is for you to see the ticker symbol. White lists are the only sure fire way. But that is not reasonable for most situations.
    • Hoovooloo, on 10/12/2007, -0/+3I don't know. Responding negatively to spam (filling out complaints on the companies' websites) worked very well for Blue Frog, and they got hammered by angry spammers. Unfortunately, Okopipi, which was supposed to be the unstoppable open source replacement, has kind of died off (though it may be starting again, so anyone with coding experience should take a look and try to help).
    • Grimdotdotdot, on 10/12/2007, -0/+3If I can find them, I should be legally allowed to chop their hands off.
      That will sort the problem out.
  • To0n1, on 10/12/2007, -0/+3My work's filtering system does a fairly good job of removing spam before it hits my actual inbox. Even then, however, I'm still getting at least 20 - 30% of my daily inbox mail consisting of spam - stock pumpers, etc.

    One would think that the SEC could impose some sort of fine on those companies for sending out unsolicited mail, but then again, I don't even know if those stocks are listed on any US exchange. I don't even bother to look.

    My roommate also had an idea - these Stock spammers are generally trying to get people to invest in the stock (or at least that's the obvious goal). What if one were to bet against the stock? I wonder if anyone has any research on which would make more money, following the spam and investing in those companies, or actively going against.
    • nicepants, on 10/12/2007, -0/+4The way to catch these criminals would be to watch who starts selling these pumped stocks. Eventually you'll find a pattern. Person A always seems to sell 5,000 shares of a pumped stock the day he sends out the spam for it. Throw em in jail and let them get "pumped" by their cellmate for 20 to life.
  • br0ken1128, on 10/12/2007, -0/+9I work for a fairly large ISP and one thing we recently implemented that DRASTICALLY reduced the number of junk messages coming in to our system was greylisting.

    We noticed a reduction of about 6 million messages per day making their way to our customers inboxes and so far we've only fielded a couple of complaints where customers weren't getting things they expected, which is caused by sending mail servers not following RFC, in those cases we just white list what we need to, well worth it!

    Maintaining the occasional white list entry sure as hell beats trying to keep our queues from being clogged with spam.

    We have greylisting and rbl checks at the front end, then we have spamassassin+clamav in the middle, if it makes it through all those checks then it gets delivered...

    http://en.wikipedia.org/wiki/Greylisting
    • GabrielS, on 10/12/2007, -0/+7We don't use greylisting, but RBL has been great. We've pretty much blocked all traffic from China, but that's the source of 85% of our spam. Unprotected Chinese servers are the new Vietnamese crack whores.
  • totalnet, on 10/12/2007, -0/+5And what's with these spams just have 4 numbers in the message? Are they trying to fool the spam filters?
    • b166er01, on 10/12/2007, -2/+1maybe they're hidden codes for embedded cia agents!

      and yeah i just recently started to get those, wtf are they?
    • halik, on 10/12/2007, -0/+1I got 4 of those this week alone... don't have a clue wtf those are. I figured it was a virus email that got the attachment stripped at some point.
  • donjaime, on 10/12/2007, -0/+4What pisses me off the most is the damn SMS text message spam I get. It costs me 10 cents per message!!
    • halik, on 10/12/2007, -0/+2I've never seen anyone get SMS spam.. that's jsut odd.
  • Smiff2, on 10/12/2007, -0/+0for anyone whose ISP lets them write their own filters in regular expresions:
    i just found adding this kills nearly all my spam:
    * "Produced By Microsoft MimeOLE" drop
    (means: if that string appears anywhere in header, delete the mail)

    i guess because modt spam is coming from compromised Windows PCs? you might lose some mail coming from legit MimeOLE users (i don't think Outlook used normally, tags with that line?) but if you have a serious prob that even blacklists arent fully solving you could try it.. legit mail stills seems to be coming through. YMMV

    and of course:
    X-Sender-Verification-Failed "would not reach" drop
    etc... not all ISPs give you this much control though.
    • bryhhh, on 10/12/2007, -0/+2I just tried that on my deleted items folder. All the spam I'd deleted was caught by the rule, but all my genuine mail that I'd deleted was also caught.
  • JCinDE, on 10/12/2007, -0/+7Spam will not stop until we replace email with a more modern system that supports instant challenge/response authentication. The current problem is that you hand off an email to an SMTP server and that server handles delivering it. SMTP is outdated. The replacement for email should involve a direct connection between the sender and the recipient's trusted server.
  • PrincessZelda, on 10/12/2007, -0/+2So a company that makes it's entire living off spam is preaching that spam is on a drastic rise.... Am I supposed to be in shock?
  • krazykid, on 10/12/2007, -0/+2Note for SpamAssassin users/admins. You may want to run "sa-update" on your spamassassin server ("sa-update -D" will show you what it's doing). This will update SpamAssassin's rules. Also upgrading to the newer version helps too.

    I was starting to drown in spam again a couple of months ago. I upgraded SpamAssassin and ran sa-update, and things are peachy-keen again. I guess the occasional update of the SpamAssassin rules are important.
  • krazykid, on 10/12/2007, -0/+2Also sendmail admins may want to look into the "greet_pause" feature. This delays the sending of the SMTP greeting from your mail server. The RFC states that the server has some amount of time before sending out the initial server greeting. Since a lot of spammers are interested in slamming your server with spam and moving on, they just start sending the spam once the connection is made.

    The greet_pause feature delays your server's initial greeting by the amount of time you specify. If the machine connecting to your server doesn't wait for your initial greeting and starts to send data over, sendmail will reject the connection and create log entries saying so. Since legit mail servers follow the protocol, this isn't an issue for them.

    The following line will delay your greeting by 30 seconds, you'll need to put it in your sendmail.mc file and re-build your sendmail.cf:

    FEATURE(`greet_pause', `30000')

    For more info, look at: http://www.sendmail.org/doc/sendmail-current/cf/README
    and search for greet_pause.
  • Sh09un, on 10/12/2007, -1/+0 We are currently running a Barracuda Spam Firewall appliance and it actually does perform very well at removing spam. If your business doesn't mind spending the money I would recommend the product. However I would plan on purchasing the high level support (around $3000 a year) as the support that comes with the box is in my experience absolutely horrible. Which is sad because the bad support somewhat ruins a good product.
  • wmpp, on 10/12/2007, -0/+1I too was dealing with an increase in spam. Since setting up a Mailscanner/Spamassassin/ClamAV (mailscanner.info) gateway, the problem has gone away. It took some doing, but was *WELL WORTH* the time.

    There's a nice howto below for the interested:

    http://www.howtoforge.com/postfix_antispam_mailscanner_clamav_ubuntu
  • geofffox, on 10/12/2007, -0/+1To me, one of the biggest implications of increased spam was I had to turn off catch-all for mail. I was getting ten times as much mail for bogus addresses in my domain than for real addresses. Even so, correctly addressed personal spam is outrunning legit mail by 3 or 4:1.

    If you are using Thunderbird and find its spam filtering less than perfect, you might want to consider changing its junk threshold. I did and immediately saw greatly improved results.

    Tools:options:config editor. I changed mail.adaptivefilters.junk_threshold to 15. That 'lowers' the guard against false positives. However, as a practical matter, on my well trained system false positives are still negligible. I'll probably lower the threshold even more.
  • Eldorian, on 10/12/2007, -0/+1Here's a goofy question...

    Let's say some moron gets one of these stock emails and immediately upon receiving buys some of the stock for a few bucks.

    Could he make the same amount of profit the as the spammers if he was one of the first ones to buy into it?

    I don't fully understand how the stock market works, and can really care less - it was just something I was wondering what would happen.
  • anagami, on 07/02/2008, -0/+1as with life, it's better to use a whitelist instead of a blacklist
  • deanypop, on 10/12/2007, -0/+1Why not just license computing? That way, you can't buy, say, any machine over a teraflop without a license... Wanna use an old clunker? fine! Wanna buy an upgradable machine, and hack it into a hotrod? fine! But, if you don't want to learn how to safely* use the technology, you're limited to cells and PDAs (or soon will be).

    One of the problems with regulating spam has been on focusing on email as the issue - but now IM spam, blog spam, and the like are all rising up to confound things. Instead of the hassle, just regulate ONE thing - a person's right to use computers. Then, once everyone using them is (moderately) computer savvy, firewalls will get turned on and viral infections will be greatly reduced.

    Just chewing on a thought, but seriously, why license guns and cars for safety reasons, and NOT do the same thing for computers? Especially since we're only going to get more* dependent on them over time. :/
    • ApeInago, on 10/12/2007, -0/+1like free speech, you have to take the good with the bad...

    • Surreal, on 10/12/2007, -0/+1If by bad you mean, the fact that people can parade around despite the very act being considered a "hate crime" I agree, but other than that. I don't agree about implementations of free speech being bad.
  • Plastic3D, on 10/12/2007, -0/+1I've had it up to here with these spammers... anybody get these spams today?
    Starting with the most recent:

    "
    temperatures
    very nice
    shanna check this
    most popular software bundles including Microsoft Office 2007, etc..
    most popular software bundles including Microsoft Office 2007, etc..
    prestige replicas
    prestige replicas
    were
    meredith check this
    penelope check this
    mary check this
    lucia check this
    Modified Wednesday Sept EDT
    Full of health? Then Dont Click!
    Stop fighting
    Dirk Check this
    Tara Check this
    sued thousands usage
    APR home loan calculator
    Home value
    Carlo check this
    excruciatingly
    smiteth him and the daughter of thine he saith
    the challenge
    Drag a Rating component onto the page
    Notice of loan pre-approval Wed, etc.
    Done or What
    tigerBL
    be climate
    Joy check this
    ready for the heathen, his oxen. And with my strenght is me
    Featured MCITP
    Click here to learn more
    New Universal Instant Messenger
    fashion
    offering loans at low rates
    Tania check this
    Our store is your cureall!
    Never thought that so small member exists
    Donny check this
    stan check this
    "
    etc...

    I want to take these people and smash their heads over and over on the concrete!!!

    Anyone have a creative way of stopping these chumps?
    • dlindenhammer, on 10/12/2007, -0/+0I got a ton of the "check this" ones. such a nuisance.
  •  

    Login or register to add a comment

    Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.


© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.