If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Gizmodo)   Good news everyone-- As of today only 67% on the mail arriving at your server is SPAM   (gizmodo.com) divider line 75
    More: Interesting, spam, servers  
•       •       •

4007 clicks; posted to Main » on 25 Jan 2013 at 4:52 AM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



75 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

Archived thread

First | « | 1 | 2 | » | Last | Show all
 
2013-01-25 10:57:52 AM
That's actually way better than the 90% that arrives through my mailbox.
 
2013-01-25 11:46:21 AM
It's true. Legitimate mail is no longer statistically noise.
 
2013-01-25 11:50:09 AM

Yankees Team Gynecologist: fusillade762: I don't get spam anymore because I don't use my primary email addy for anything online. I thought everyone had a secondary account for petitions and such.

It's a balancing act. If you shelter your "primary" address too much it's useless. I tried that approach and eventually the spam did come shortly after registering with a reputable site, albeit not as heavily as my condom address.

Then there's the likelihood that your address will end up with spammers because friends or family members get infected with spyware. Or because spammers just try every pre-@ username combination.


This, this, this.

There is only one proper response to spammers, and eventually our legislators will see their way clear to making it legal.* Until that blessed day, install heavy filters and make liberal use of the killfile key.

* Point-blank bullet to the head followed by feeding his desecrated body to wild dogs. Then repurpose all his computer equipment to spam filtering. His entire estate is liquidated and donated to schools; the spammer's family gets nothing.
 
2013-01-25 11:56:57 AM

Jon iz teh kewl: Snarcoleptic_Hoosier: And for those of us who actually WANT to increase our manhood while losing weight in our spare time, better filters = more misery.

snippy reply, but i'm sure all you have to do in Gmail, is click on Junk Mail and download to your hearts content Cialis and1000 gigs of lolitas


1000 gigs? But what am I going to do after Wednesday?
 
2013-01-25 12:47:40 PM

Mr. Coffee Nerves: Someday local teen sluts WILL want to party with me and my 0.5% m0rtgage and I'll never know.


Well, then, you won't need the Viagra you're not getting. So you're good.
 
2013-01-25 01:07:56 PM

wademh: They also maintain a 5 mb limit on attachment size which really sucks when you have to send around presentations for comment/editing.


To be fair, we do the same, though our limit is 15 and we use Sharepoint for collaborative work.

Email was never meant to be a file transfer tool and it still isn't very good as one. Your IT people shouldn't be changing the file attachment size, but they should be offering a collaborative platform (even if it's just the free version of Sharepoint) if you need that feature in your office.

Or just use file shares and send links.

Satanic_Hamster: Work uses Barracuda. To date, it's caught zero spam for me and 5-10 real emails a week. And it occasionally likes to wait a day or two to tell me I have something in my quarantine.


Then it's either horribly misconfigured or you get some really weird legitimate messages.

Barracuda's tool also has to be trained, though. It has some basic rules in place, but after that it learns what you do and don't want and over time adjusts its blocking policies to try and predict better what should and shouldn't be let through.

Also, I seriously doubt it doesn't catch anything. I hear people here who say that because they get 10 or 15 spams a day, but if you actually turned off the filter most of those people would be getting hundreds all of a sudden.
 
2013-01-25 01:16:20 PM
I get tons of spam, and it comes in cycles. Looks like someone trolls through my site, guesses a bunch of email addresses based on names or places, and sends each one of them spam for various types of bullshiat. I blacklist the company and a few keywords from the mail and wait for the next one.

I've managed to kill a fair amount of it using patterns (if it contains an .exe, "unsubscribe," or "you have received"), but I really need to set up a proper Bayesian filter.
 
2013-01-25 01:20:37 PM
Back in the day you could actually forward the email to p­o­st­m­as­tert[nospam-﹫-backwards]n­i­amo­d*com because it really came from there. My fave was responses from Afterburner:

Got 'em!
 
2013-01-25 01:32:22 PM

Vegan Meat Popsicle: Then it's either horribly misconfigured or you get some really weird legitimate messages.

Barracuda's tool also has to be trained, though. It has some basic rules in place, but after that it learns what you do and don't want and over time adjusts its blocking policies to try and predict better what should and shouldn't be let through.

Also, I seriously doubt it doesn't catch anything. I hear people here who say that because they get 10 or 15 spams a day, but if you actually turned off the filter most of those people would be getting hundreds all of a sudden.


I'm sure it's catching things at the server level; just referring to the manually approval Quarantine filter. White list doesn't work on it. Dunno it of it's due to configuration issues with either Lotus or Blackberry.

I do a lot of ordering for office site and I try to get everyone to send a quote first or a confirmation when I order for my records. A lot of businesses (Grainger!) like to load up their order confirmation emails with a pantsload of images, which is what usually sets it off.
 
2013-01-25 01:36:30 PM
On my mail server, with Spamhaus blacklists and SpamAssassin, a lot of spam gets dropped and/or moved to the spam folder.

But I still get enough in my inbox that usually, when automated scams start going around, I'll get 2-3 variations of the same thing around the same time. (E.g. three slight variations on "changelog enclosed" with bodies that say "here's a link, use IE to view it"). Lately there's been a lot of "Russian $TERM_FOR_FEMALES want to $SEX_ACT for you" where the variables cycle through a few different values.
 
2013-01-25 01:38:58 PM

Swoop1809: Gmails spam filters are so good I actually get more spam on my physical mailbox than i do in my in box. It's gotten to the point where I check my mail once a week since the majority of the time it's just adverts and insurance company spam


I get a decent amount of junk physical mail, but it's still mostly legit.

A couple months ago I got a hilarious one; a brochure for penis pumps, billed as "the only ED treatment approved by Medicare!" (I'm 39). Mrs. Anomaly denies signing me up.
 
2013-01-25 01:47:14 PM
Fark Rye For Many Whores: Kids these days I tells ya, they don't appreciate how much spam used to get through to the end user.

I sat behind a nearly impenetrable wall of Eudora filters.
 
2013-01-25 01:50:15 PM
Huh, that number is is actually spot-on for my server. Fortunately only about 1 spam/month/user actually makes it inside.

--------------------- Postfix Begin ------------------------

203 *Warning: Pre-queue content-filter connection overload

14.551M Bytes accepted 15,258,003
15.361M Bytes delivered 16,107,218
======== ================================================

439 Accepted 32.47%
913 Rejected 67.53%
-------- ------------------------------------------------
1352 Total 100.00%
======== ================================================

437 Reject relay denied 47.86%
11 Reject HELO/EHLO 1.20%
27 Reject unknown user 2.96%
8 Reject sender address 0.88%
430 Reject RBL 47.10%
-------- ------------------------------------------------
913 Total Rejects 100.00%
======== ================================================
 
2013-01-25 02:10:36 PM
Why can't we just return spam to the sender? Something I've wondered about for a long time!
 
2013-01-25 02:14:57 PM
Awhile back, an older (and not very tech-savvy) friend asked me to help him with his spam problem. His inbox was about 99% spam, and a new spam email was coming in about every 20 seconds. Turns out he hadn't switched on his filter, and instead of tagging the messages as spam in his email client, he was actually responding to the spammers, asking them to stop.

I warned him not to do that, showed him what to do and engaged the filter, and the firehose immediately stopped. I think now he gets one every few days now.
 
2013-01-25 02:38:37 PM

RobotSpider: wademh: Vegan Meat Popsicle: wademh: On my work email, they manage to filter out 50% of my legitimate email and somehow think that improves efficiency.

Do you not have the ability to mark things as spam/not spam or whitelist certain senders or domains?

Not as a user. They don't send things through at all. They also maintain a 5 mb limit on attachment size which really sucks when you have to send around presentations for comment/editing. I miss having quality IT support.

Speaking as a "quality" IT person, PLEASE STOP USING EMAIL AS A FILESHARE! That 10MB spreadsheet they sent you that you changed font on and forwarded back is now taking up 20MB. Learn how to use a shared network location, at least, and better yet, a version-control management system. I know "drive-space is cheap", but if you add bandwidth and messaging-backup and archiving infrastructure, it adds up to a really expensive, very inefficient file-store. TMYK


It's a question of efficiency when working with people outside the company. I've worked in places where we did not have such limits. I was easily managed because IT was run to help workers, not to save pennies. There are indeed far better ways to share documents for collaborative work but not when you are doing things with new collaborators using any old system and unknown firewalls.

IT has a choice. Is it to help people do their jobs or to make their own jobs easier?
Systems run under short sighted finance guys worry about the IT budget at the expense of overall productivity with predictable consequences.
 
2013-01-25 02:40:16 PM

bratface: Why can't we just return spam to the sender? Something I've wondered about for a long time!


Because the sender often makes the email appear to come from somewhere other than where it did, so if you "return to sender" you're just going to be sending the spam to the poor soul whose email address the spammer decided to list as the message sender.

Besides, if the response did get back to the spammer, all that does is confirm that the message was sent to an address that is 1) real, 2) monitored and 3) monitored by someone who reads / responds to spam messages, at which point your address is never getting off that spammers list.

Until such time as real anti-spam legislation is enacted (and not some soft-hearted slap on the wrist like over_and_done suggests above, but something with teeth) the only way to respond to spam is to mark it as junk in your client / webmail program, to help the filters learn, delete it, and move on with your life.

Spam isn't going to stop, and if you get too worked up over it, the terrorists spammers win.
 
2013-01-25 02:41:03 PM
The bad news:

a) As others have noted, this "drop" is often seasonal, and there do tend to be spikes when a new variant of a Russian botnet comes online.

b) Email spam is in part dropping because spammers are moving on to the New Hotness--forum spamming (much as they moved from Usenet spam to email spam when effective filtering at the server level started on Usenet--by then, though, they'd wrecked it so much that it's now pretty much been wrecked for its original purpose).

As ISPs are FINALLY doing steps to restrict SMTP servers from being run on consumer-level broadband (pretty much spammers evolved from using open SMTP servers to setting up SMTP servers on zombied boxes--this was about the time that the spam problem and the malware problem merged to being effectively one and the same) the spammers have moved on to attacking Wikis, Drupal sites, Wordpress blogs, and pretty much any other web forum where people can post.

(On a smallish amateur-radio Drupal site I manage, I've not only had to block the entire country of China outright but have basically had to install a "warden" program called ZB Block (which has some more robust tools for blocking spammers on PHP-based forums than a traditional .htaccess file) IN ADDITION to honeypots on the input forms and the use of no less than two dedicated Drupal plugins specifically focusing on live-time reporting and blocking of Known Offenders and using just about every blocklist known to man on the Troll filter. We've not gotten any spam, and I've not (yet) had major issues with false positives...but I can only imagine how, say, Wikipedia and really well-known sites must be getting hit, if a rather niche amateur radio site is getting literally thousands of attempts a day to spam the forums and/or metadata on the site.)

c) The New Hotness among spamgangs--other than forum spamming--is the outright compromise of email, social networking, and even online gaming accounts to spew spam (again showing that the spam problem HAS in fact just become a subset of the malware problem at this point). Yahoo in particular has had issues with this so spammers can hit Yahoogroups, but Gmail has as well (it's part of why they've introduced two-factor authentication); Facebook and Twitter account compromises for purposes of spam-spewing are also becoming increasingly common (and MySpace had a severe problem with this) and WoW and other MMORPG accounts have been compromised specifically to spam for gold-farmers and the usual Dubious Cock Drug Merchants.

d) Good luck actually getting at the spammers, seeing as most of the major spam gangs are quite literally part of the Russian mob and have been for some time.

Sanford Wallace was probably the last really major spammer busted who DIDN'T have Russian mob connections, and he pretty much went through the entire spam evolution--from junk faxes (which he is personally responsible for getting them banned) to Usenet spam (which got AGIS.net largely shunned from the rest of Usenet) to email spam (which got him sued by AOL and Compuserve, setting the first precedents for suing for spam damages and court orders prohibiting spamming) to Messenger spam (which resulted in the general lockdown of Windows Messenger) to adware-type malware (yes, he was one of the first big embracers of badware to spam) to forum spamming to social-network spamming (first MySpace--he got sued and MySpace won a court order and settlement very remarkably similar to the Compuserve precedent--and then Facebook, where he FINALLY got sent to prison for just about as long as he's been spamming); literally about the only thing he DIDN'T get into before he finally got Sent To Farking Prison was SIP spamming and SMS spam, and I think that's just because he didn't get the chance yet.

And frankly, Sanford Wallace was downright clumsy compared to the sophistication of modern spammers, who not only use malware to spam from, but use the same malware packages to actually host the spammy sites (via "fast flux" networks that sometimes change DNS as frequently as every five seconds).

e) Another increasing trend re spamming is the return of really abusive telemarketing via SIP-based VoIP networks (usually termed as "SIP spam" or "SIPping" by antispam and telecom experts)--and it turns out it's using a lot of the same techniques as email spam in the days of open SMTP servers and explicitly takes advantage of the fact a lot of SIP-based VoIP networks don't have much in the way of authentication. (The FCC and FTC are actively soliciting solutions to this--some of the solutions in experimental trials in Europe are remarkably similar to how Gmail et al block spam, including Bayesian filtering and RBLs of "spammy SIP providers".)

f) Another increasing trend re spamming is the increasing targeting of smartphones--not just via SMS spamming, but actual malware (some of which is meant to basically allow sending and/or receiving of spam) and stuff that borders on badware (in particular, some ad providers for Android apps--Airpush, I'm looking at you in particular). Expect to see a LOT more of this, and don't expect even the walled garden of iPhones will be safe.
 
2013-01-25 03:00:03 PM

Jorn the Younger: bratface: Why can't we just return spam to the sender? Something I've wondered about for a long time!

Because the sender often makes the email appear to come from somewhere other than where it did, so if you "return to sender" you're just going to be sending the spam to the poor soul whose email address the spammer decided to list as the message sender.

Besides, if the response did get back to the spammer, all that does is confirm that the message was sent to an address that is 1) real, 2) monitored and 3) monitored by someone who reads / responds to spam messages, at which point your address is never getting off that spammers list.

Until such time as real anti-spam legislation is enacted (and not some soft-hearted slap on the wrist like over_and_done suggests above, but something with teeth) the only way to respond to spam is to mark it as junk in your client / webmail program, to help the filters learn, delete it, and move on with your life.

Spam isn't going to stop, and if you get too worked up over it, the terrorists spammers win.



Jorn, Yes I know all that, but you would think with all the advances that there SHOULD be a way to turn the tables on them!
 
2013-01-25 03:32:16 PM
I'm getting a kick since I think it's time I changed my "clean" address. It's been starting to get spam.
It's the one I use for banks, bookings and so on.

I have my "official" one for friends and semi-private things like brand-name software registrations.

I also have a trash one for all other registrations (and "hey! Why don't you give me your email?!")
 
2013-01-25 03:33:54 PM

bratface: Jorn the Younger: bratface: Why can't we just return spam to the sender? Something I've wondered about for a long time!

Because the sender often makes the email appear to come from somewhere other than where it did, so if you "return to sender" you're just going to be sending the spam to the poor soul whose email address the spammer decided to list as the message sender.

Besides, if the response did get back to the spammer, all that does is confirm that the message was sent to an address that is 1) real, 2) monitored and 3) monitored by someone who reads / responds to spam messages, at which point your address is never getting off that spammers list.

Until such time as real anti-spam legislation is enacted (and not some soft-hearted slap on the wrist like over_and_done suggests above, but something with teeth) the only way to respond to spam is to mark it as junk in your client / webmail program, to help the filters learn, delete it, and move on with your life.

Spam isn't going to stop, and if you get too worked up over it, the terrorists spammers win.


Jorn, Yes I know all that, but you would think with all the advances that there SHOULD be a way to turn the tables on them!


tl;dr explanation: Most spammers are smart enough to be behind the proverbial Seven Proxies, some of which they actually make themselves via malware.

...except (as I explained above) spammers have evolved in that the primary method of spam-spewage involves the following:

a) Spammers getting malware installed on people's computers (often without their knowledge, and more frequently via "drive-by downloads" delivered in some cases via ads purchased through shell companies from banner ad companies--Flash and Java are also increasingly used for these sorts of pushing malware to people unawares) and send spam through thousands of similarly compromised computers via botnets (sometimes controlled via IRC, sometimes controlled other ways) with the person being unaware that their computer has been "zombied".

(And this sort of thing is becoming more and more sophisticated--and no longer restricted to Windows boxes; proof-of-concept is apparently being worked on re Android phones, and already exists in the case of MacOS X.)

b) Spammers encouraging people via social engineering to install malware on their machines, thus "zombifying" the computer and adding it to a botnet with the person being none the wiser. (Increasingly common, especially in so-called "spear phishing" where 0-day customised attacks are sometimes sent to specific groups of people.)

c) Spammers outright compromising people's Gmail/Hotmail/Yahoo/other webmail accounts and/or their Facebook/Twitter/Pinterest/etc. accounts to spew spam, more often than not from a zombified computer acting as a proxy server OR a proper proxy server used illicitly. (This really IS becoming the new hotness, unfortunately.)

Two other reasons, too, that tracking is more difficult that I DIDN'T mention:

a) In general, if a zombified computer isn't spewing the spam directly, it's often being used as a proxy server for spammers; spammers also like to send spam (especially forum spam) via insecure web proxies (generally only meant for small businesses but improperly configured so they're open to the world)--anymore, most spam is sent pretty much exclusively through either compromised computers or a malconfigured proxy (or Tor, as I'll note below), and it's an even-odd shot whether the proxy servers being abused have logging capability at all. Without some way to log proxy connections, there's no way to trace where the stuff is coming from without the assistance of an ISP.

Some of these are not typical Apache servers, either; one of the big sources of proxy abuse I've seen is via spammers using Glype proxies in particular, which more often than not don't have logging capabilities enabled.

b) A trend I've noticed with forum spamming (and probably a non-negligible factor in regards to spam sent via compromised webmail accounts) is the increasing use of Tor as a proxy for spam--it's become a serious enough issue with forum spamming, in fact, that a lot of the general "blocking packages" available for PHP-based web forums explicitly include some sort of filter blocking Tor exit nodes. (And even with the spammers who've tried their damndest to hit the ham radio site, we've seen the occasional Tor exit node flagged as a source of attempted metadata spamming. Wikipedia pretty much blocks Tor outright because of cases of some of their longer-term nasties loving the use of Tor as an essentially untraceable proxy service.)

The cases where MODERN spam botnets have been shut down usually have involved literally months of investigation--usually including not only reverse engineering of malware distributed to zombify computers AND the "control heads" for botnets, but overt social engineering at spammer forums where time on botnets is sold by the millions of messages per hour. Even THEN, usually the best that can be done is to shut down primary botnet control servers; the actual authors of the botnet programs tend to be deep in Russia (or other ex-USSR countries with a large Russian expat presence) and have been almost invariably linked to Russian mob groups that tend to be quite well politically connected.

These chucklefarks are pretty much the big known perpetrators of all manner of spamming on the Internet, and with a lot of these (particularly the Russian and Ukranian top ten) there are such links to organised crime that it becomes a literal Interpol matter--except that even Russian law enforcement really doesn't want to go after them for multiple reasons. (Yes, there's a reason a LOT of web forum operators now block all of Russia and Ukraine, if not the entirety of the ex-USSR, outright.)
 
2013-01-25 04:11:53 PM

Jorn the Younger: Until such time as real anti-spam legislation is enacted (and not some soft-hearted slap on the wrist like over_and_done suggests above, but something with teeth)


Your newsletter, I would like to subscribe to it.

...and then train my Bayesian filters to accept it, of course.
 
ZAZ [TotalFark]
2013-01-25 04:40:25 PM
Lately there's been a lot of "Russian $TERM_FOR_FEMALES want to $SEX_ACT for you" where the variables cycle through a few different values.

A few years ago there was a phase when a lot of spam had variables unexpanded. I would see a literal "$RANDOM_NUMBER" in the subject line.

Funny how all the girls in Russia are 26 +/- 1 year old. 14 is the hottest age on forums, 26 is the hottest in email.
 
2013-01-25 04:54:08 PM
I've had the same email address for 16 years. A couple of years ago, I was getting about 120-150 spams a day, most of them caught by my filters, but that was the total not being rejected by the mail server at the border. Nowadays, I get about 40 a day. So yeah, it seems like spam volume is down in general, without taking filters into account at all.
 
2013-01-25 11:14:23 PM

ZAZ: A few years ago there was a phase when a lot of spam had variables unexpanded. I would see a literal "$RANDOM_NUMBER" in the subject line.


That's hilarious.
 
Displayed 25 of 75 comments

First | « | 1 | 2 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »






Report