Surprise! We Won the War on Spam.
Print
Comment
Email
RSS
Twitter
Surprise! We Won the War on Spam.
Despite continued hysteria, unwanted e-mail is largely a thing of the past.
By Mark Gimein
Posted Tuesday, November 10, 2009 - 4:04pm
Remember when we all were going to drown in a sea of offers for male enhancement pills and messages from mysterious bureaucrats with tales of millions hidden in Swiss bank accounts? “Holy mackerel, the Internet is falling!” the cry went out, and the annoyance of junk e-mail messages was built up into an international scourge, costing untold billions in lost time spent hitting the delete key.
In the grip of spam hysteria, Virginia passed a law under which one mass mailer, Jeremy Jaynes, was sentenced in 2007 to nine years in prison. That sentence, and the entire underlying statute, was eventually overturned, but several people have been sentenced to prison under a similar federal anti-spam law, including one, Edward Davidson, who escaped after two months and killed himself and his family. In addition, courts have meted out civil penalties, including one last year for $837 million.
These kinds of punishments have failed to diminish the volume of spam in any meaningful way, in part probably because most spam is sent from servers outside the United States. (The biggest source these days may be Brazil.) The overall volume of spam fell about a year ago when one of the world's biggest gateways was shut down, but it has since recovered nicely. It's now as high as ever, though the number of spam messages with images—which clog up bandwidth and can be used to imitate messages from sources like banks—has dropped. Computer security companies such as McAfee (MFE) continue to bang the drum on spam, regularly marking new records for the total spam sent.
So the amount of junk e-mail out there hasn't fallen, but since the peak of the furor two years ago, there's been one huge change when it comes to spam: For many ordinary e-mail users, it has ceased to matter. For this conclusion I rely mainly on a focus group of one, myself—but I'm a pretty good test case. I use a number of e-mail addresses so I can easily sort different kinds of communications. Several of them are easily available to anyone who bothers to look at my Web site or blogs, or to robots that search the Web for addresses. (I don't bother with extra spaces or the other tricks that folks use to fake out web crawlers.) My e-mail is also available in the contact information for several domains I've registered, a common source of addresses for spammers.
E-mails sent to any of my addresses all get forwarded to a Gmail account. In addition, I still occasionally check a Yahoo (YHOO) e-mail account that I've had for eight years, which I stopped using as my primary address several years ago in part because of the incessant flow of spam. These days that account still gets a fair amount of spam, but virtually all of it gets routed directly to the junk-mail folder. My Gmail account, too, gets an average of half a dozen spam messages a day, but again, hardly any of them ever get past Google's junk filters. I do get plenty of legitimate but semi-irritating messages from various services that I signed up for at one time or another that leave me wondering, “Why the heck did I sign up for that?” But almost always they include an “unsubscribe” link of some sort, and 95 percent of the time those links work.
Google (GOOG) and Yahoo have gotten very, very good at filtering out spam, but just as important, they've also gotten really good at delivering legitimate e-mail. Simply blocking all spam is easy enough—one way of eliminating junk mail, for instance, is just not to deliver any mail at all. The consulting company M86 Security, for example, says that its spam-fighting rules block 99.5 percent of the spam on its test servers. What's bothered me a lot more than spam over the last year, though, are overaggressive filters that send legitimate messages to junk folders to be read a week later or never.
Comments
You Eloi should pay more attention
If you don't see it, it must no longer be a problem. Of course.
Really, you may want to raise the level of your thought process a little higher up the food chain. Even a baby eventually masters the abstract thought process necessary to realize that things they cannot see still do exist.
We Morlocks are taking care of things. Don't worry.
Surprise! The war is far from won!
We noticed this wrong-heade article and posted a rebuttal "Email's Not Dead, Neither is Spam" at http://www.circleid.com/posts/20091113_email_not_dead_neither_is_spam/
best regards,
Neil SchwartzmanExecutive DirectorCAUCE: The Coalition Against Unsolicited Commercial Emailhttp://cauce.org
Can you possibly be serious?
This is unfortunately a lengthy excerpt:
"So the amount of junk e-mail out there hasn't fallen, but since the peak of the furor two years ago, there's been one huge change when it comes to spam: For many ordinary e-mail users, it has ceased to matter. For this conclusion I rely mainly on a focus group of one, myself—but I'm a pretty good test case."
Spam continues to be a growing criminal activity. Huge resources are expended to fight it, though clearly not enough, but spam continues to grow. Your test case is not a good one. You may have closed your eyes to the problem, but for those of us whose eyes are still open you sound pretty silly making statements such as those. Your supporting evidence also fails to persuade.
pull my other leg...
...it plays Jingle Bells.
Some who have written other puff pieces have pointed out how some of the biggest spammers have been shut down.
An earlier comment talked about stopping people who buy them. Not a bad sentiment, but you'll always be pursuing different people *after* the fact.
Spammers continue to make money because they aren't paid on commission only. They are paid without regard to sales. Spammers are compensated for sales on top of the original payment.
Pursuing & halting spammers who have sent spam makes their clients find someone else.
Follow the money.
If the spammers have no money coming in, they have no business.
"Make things simple, not simpler." -Erasmus
-- GO AFTER THE PEOPLE WHO HIRE THE SPAMMERS --
Is that simple?
Facebook just went after and pursued the spammer with a claim they'll never receive, but the hope was it would cause enough pain to not only deter them, but anyone following behind them to stop.
They would have been heroes had they forced the spammer to indicate who hired them and published that as well. Followed, of course, by going after those guys.
Several years ago, I conducted a little test at an office I worked in:
I plugged a spare phone into an outlet which wasn't being used and probably wouldn't for a long, long time -- prewired panels for every potential employee. I posted a reponse to a mortgage refinance spam, making up some of the information, followed by the special phone number. To do this, you don't indicate your mortgage is $2M. Make it $200,000-$300,000 so it's someone who has money, and needs to reduce their debt load.
Within an hour or two, there were plenty of calls, all within a reasonable distance from the address info. "I'm sorry, but this phone is on the DNC." "But he told me this phone number was clean." (hangup) Someone else called and asked, "Who is this?" "Why?" "I want to know, who is this?" "Who are you calling for?" This guy was about ready to blow a gasket because he knew something seemed out of sorts.
We told him it was a TV Sweeps story and was an experiment.
By that time, someone had done a reverse phone number lookup and we explained we knew who he was.
He hang up...quickly.
As far as email being routed to s gMail account, there's a nice little thing about gMail:
You can tell where a message came from by putting a plus sign (+) with text after the userid:
AndyHardy@gmail.com means nothing without doing some work on the headers.
AndyHardy+YahooAH2334@gmail.com makes it easier to see where it came from.
The problem is some email systems do not follow standards. A plus sign is a valid character, but a lot of software doesn't conform to standards and will choke.
What a lot of people do who have a domain & email system handy is to create random numbers for the account & record it to see where it came from. This means someone else might have bought it from someone else, but that's where the headers help. You know who & where the email address was collected and the headers will either be forged or show where it finally came from.
Some lawmakers have said it would be a good thing, but they'd need to collect a lot of evidence. Trust me, those who are responsible for dealing with spam for the domains they administer, have a *lot* of evidence. They share it with each other and work to reduce spam as much as possible without screwing around with their users' real email.
You want evidence?
Poke around here: http://www.spamhaus.org/
Go here: http://www.spamhaus.org/rokso/index.lasso
ROKSO: Register of Known Spam Operations
and start looking around that list.
Near the bottom:
which takes you here: http://www.spamhaus.org/statistics/spammers.lasso
Look at #1: Canadian Pharmacy
Now, you can say it's in the Ukraine and can't be shut down, but look at the resources:
http://tinyurl.com/ygyhgyx
There are more than enough resources to determine what they are using in the US. Or: let staffs know where to get info to block them.
I do not believe the gov't should have choice to block domains. Either kill'em or reveal their resources.
The "Cyber Czar" has made it known his first priority is to get gov't information online, where evryone can access it. My challenge (in a forthcoming Op-Ed piece - aiming for the NYTimes) is to show just how the resources can be used and go after the people who are paying the spammers. Tell me that wouldn't show how efficient his office can be!
Not quite yet
Gmail's filter remains "too good". For unsolicited email from a gmail account, I must use a gmail address to reply as my responses from other addresses on my own domain are filtered out as spam by gmail. I have found no way to get gmail to change that other than every person who writes me must add my specific address that I am going to use to respond to their filter. Kind of a tedious filtering mechanism. I don't doubt that google is constantly trying to upgrade their filters, but where business is concerned, gmail's filters are a problem.
Of couse spam is a problem and when I check my filters on my server, I am receiving several spam per minute on some email accounts. So, technology may be mitigating the problem, but the problem doesn't seem to be going away. It just depends on how important that email was that you missed in the spam folder as to how good technology seems.
What about cost?
Sure, spam is largely gone as a problem for individuals because companies are spending millions and millions in hardware and software to fight it. I run an IT department for a non-profit organization and I would love to take my annual anti-spam budget and put it into mission related activities to help people, but we have to pay for anti-spam services just to keep it from roaring back into our staff's lives. A weekly report shows that over 50% of the emails directed to our domain are spam.
Most of the staff where I work would agree with you because our outsourced anti-spam service does an excellent job. Our staff don't get much spam in their inboxes anymore. But just because a problem can be made invisible doesn't mean it is gone. We've just shifted the issue higher up the IT food chain so that end users don't see it, but it is still there costing companies money and time.
Spam
The solution to spam was always brutally simple, stop responding to it. Spam continues because enough people answer, if that stopped then spam would stop tomorrow.