Are The Spammers Winning?

Category: Spam

It seems to be a given these days, as much as death and taxes -- spam (the email variety, not the canned meat product) is not going away. Back in 2004, Bill Gates predicted the death of spam in 2006. But today, studies show that 80-90% of all emails worldwide are junk email, and the tide is rising. What happened, and what can YOU do about spam?

Spam Spam Spam!

Spam is On The Rise

What about all the spam filters, the blacklists, the software and the ISPs who were supposed to lessen the amount of spam sent to your inbox? What about the state-of-the art Bayesian filtering that was supposed to eradicate spam? And what about CAN-SPAM, the U.S. legislation that was supposed to take a McGruffian bite out of spam? Postini, an online security firm, reported in November 2006 that 91% of all email was spam, and according to email security provider Ironport, the raw numbers are still going up.

  • 2006 - (June) 55 billion spams sent per day
  • 2006 - (December) 85 billion spams sent per day
  • 2007 - (February) 90 billion spams sent per day

I asked Anne Mitchell, CEO of the Institute for Spam and Internet Public Policy (ISIPP) if she thinks the spam tide is rising or falling, and she had this to say:

"That really depends on who you ask. If you ask the average end user, they'll probably tell you that they don't see as much spam any more. So, as far as they are concerned, it's getting better (or at least not getting worse). And if they never check their junk folder, they may *really* think it's gotten much better! :-) But ask a power user, or any of the tech folks at the ISPs or spam filtering companies, and they will tell you that it has not gotten any better. Of course it fluctuates, and sometimes it's a bit better, and sometimes it's a lot worse -- huge spam runs often come in waves. And then there's the cycle of escalation. The anti-spam technology gets tweaked and stems a flow of spam, then the spammers find a way to end run the newest tweaks, and it's lather, rinse, repeat."

I then asked Mitchell if she thought that any specific email providers were doing a better job than others at protecting our inboxes. She replied:

I'd say that the top email providers are all doing about the same by their customers in terms of keeping spam out of the inbox - where they differ is in their false positives (good mail being thrown out with spam), and in how responsive they are to fixing that problem. What's happening now is that in the name of protecting inboxes, email providers are doing a worse job in that they are blocking lots of legitimate email. Some providers are *notorious* for junking legitimate, wanted (even *paid for*) email. I'd say that AOL is the best in terms of having the least amount of baby in the spam bathwater.

Annual Spam Drop-off?

Some spam watchers claim to see a discernible decrease in spam volumes every January. Why? The most reasonable explanation is that there is an increase in new computers given as presents for the holidays in December. These new machines typically have better anti-spam and anti-malware protection, which helps to thwart one of the most potent tools of spammers: botnets.

Botnets are ad-hoc networks of PCs on the Internet that have been infected by malware and (often unknowingly) compromised by spammers. By using these "zombie computer" networks, they can send spam that's virtually untraceable. (See Secure Your Computer for more info.)

Why is Spam Increasing?

bayesian filters don't work Why has spam become more, not less, prevalent in recent years? One reason is that spammers have gotten craftier. A few years back, spam email filters relied on a comprehensive database that compared words in incoming emails to keywords in databases that were instantly flagged as spam. Examples include words and phrases related to prescription medications, loans, "body enhancement" products, and variations in spelling of words like "v1agra" and "pr0n". But spammers have been embedding their advertisements and messages into graphics, making the detection of specific words in a body of email text near impossible.

Another method spammers have devised is to circumvent the Bayesian filtering. Bayesian filtering relies on the probability that certain words appearing a certain number of times, are most likely spam, and therefore not passed through an email server to a user's inbox (or are dumped into that user's Junk Mail folder). Spammers have gotten around this by sending emails with nonsensical, though legitimate words in the body of the email. How many times have you seen a cryptic email in your inbox with a jumble of meaningless words? If you have, that's an example of spammers trying to get around a filter.

Recently, ISPs have been relying more and more on blacklist databases in the war on spam. There are lists on the internet that contain information on suspected spammers, including IP addresses and domain names. ISPs use these blacklists to reject any emails originating from those addresses. Strong preventative medicine, but it does not always ferret out the guilty spammers and sometimes prevents legitimate businesses and individuals from sending or receiving emails. It's a delicate dance waged between the legitimate sender and the spammers, and one that is constantly in motion; each side trying to keep one pace ahead of the other.

And the CAN-SPAM Act of 2003 has failed miserably. Spammers have no interest in doing anything to HELP the Feds find and punish them, so they simply ignored the regulations -- as did most legitimate email senders. Enforcement of CAN-SPAM has been weak and sporadic at best, so most people consider it more of a dud than the anti-spam nuke that was hoped for.

What Can You Do To Stop Spam?

The war on spam is not simply a battle being waged between spammers, ISPs, Microsoft and other software companies. It is a battle that involves all of us. As everyday email users, we can all be vigilant to keep our inboxes free from junk mail. The first step is to make sure your anti-spam, anti-virus and firewall protection is adequate. Keeping your email address private is also a key factor. Entering an e-mail address into any kind of online forum or website exposes that address to discovery by spambots that harvest e-mail addresses. One good strategy is to get a free e-mail account from a webmail provider (such as Yahoo or Gmail) and use that e-mail address for all website forms and public correspondence.

And finally, NEVER buy anything from a spammer. Spammers are in business to make money, not because they like to annoy people. I believe that if nobody bought products advertised by spammers, the spam problem would go away (or at least be drastically reduced) within weeks.

Who's Winning the Spam War?

So... are the spammers winning? There's more spam now than ever before, and it seems to be trending ever higher. End users tend to see less of the annoying stuff in their inboxes, but more LEGITIMATE email than ever is NOT being delivered. So for now I'd say YES... the spammers are winning, or at the very least not losing. That doesn't mean, though, that I've lost hope, or that we should give up. Perhaps Bill Gates jumped the gun when he predicted the demise of spam a few years ago, but with a concerted effort from all of us, we can definitely hasten the day.

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 16 Oct 2007


For Fun: Buy Bob a Snickers.

Prev Article:
Vista to XP Downgrade

The Top Twenty
Next Article:
HP OfficeJet Pro L7780

Most recent comments on "Are The Spammers Winning?"

Posted by:

Dirk B.
17 Oct 2007

Since you mentioned false positives, my experience with Hotmail has been terrible. So many emails that I *wanted* end up in the junk folder -- or they never arrive at all. I have to ask people to resend them to another address, and they come right in. Spam filters are doing more harm than good sometimes.


Posted by:

Richard
18 Oct 2007

One trick I use is disposable email addresses eg Spamgourmet and use that on places that are of unknown trust. If trustworthy I can whitelist the sender else after a couple of emails anything further gets "eaten". Also gmail's filter seems pretty good too.


Posted by:

Leo
24 Oct 2007

I have to disagree with Anne: based both on the reports I get from people regularly, and on my own direct experience as an admin on a large-ish discussion list, AOL and Hotmail are consistently the worst at delivering email that their customers have actually requested. They're also both horrific to deal with if you're a sender trying to find out why your email isn't getting through. -- Leo Notenboom (http://ask-leo.com)


Posted by:

Rhonda Lea Kirk
24 Oct 2007

IMO, GMail is--hands-down--the best at distinguishing spam from legitimate mail. Every now and again, it will fail to filter spam, but it has never put any of my "good" mail in the spam bin.


Posted by:

Philip Hosmer
24 Oct 2007

Spam is the same as "junk snail mail" but the delete button is more handy. Open the mail on line, select all, de-select what you want to read and trash the rest. Then download the ones you want. I want to be able to "train" Gmail & Yahoo to junk the mail that I tell it to so I do not have to do it when it downloads to my computer


Posted by:

Laura H
24 Oct 2007

Why in God's name would anyone buy something from a spammer? I can't believe they really do make money from this. What to buy a bridge?

EDITOR'S NOTE: You should see some of the fancy houses that spammers live in... Education is key.


Posted by:

Rick
24 Oct 2007

I am afraid that as long as bandwidth remains FREE, and the Internet remains fairly unclogged, then the SPAM problem will only become worse and worse.

If somehow the entire Internet backbone could actually charge ISPs some ridiculously low micro-cents per MBs of traffic, then the costs would eventually get passed back to the SPAMmers and this nonsense would fade away. Yeah - it's a real unpopular idea, but don't dismiss it too quickly.

It would also encourage better use of compression techniques for streamed files, etc. by everyone on the web. After all, bandwidth is truly not infinite. If left unchecked then eventually the SPAMmers and Bots and VOIP and Streamers and All COULD someday create complete gridlock.


Posted by:

David
24 Oct 2007

Rick's suggestion to charge will not work as most spammers use other peoples computers (spambots) so they would not get hit. Only the victims would.

I also disagree about AOL. I use a gmail account for public sites and it handles it well, though I do have to check the junk once in awhile. One issue is that people have been told not to unsubscribe as that was a spammers trick to validate your email address. So instead they mark legitimate newsletters and things as spam. Then spam filters start to block subscriptions, etc.

Blacklists are a terrible idea because many email servers host hundreds of domains. Block the IP address and you block everything. Secondly, the use of spambots means its not even an email server in the first place and the IP address will vary, making it meaningless. I've had a terrible time with some ISPs that use black lists for whole IP ranges from other ISPs, blocking thousands of domains. Dumb idea.

Some ISPs have the nasty habit of simply deleting anything they consider spam. Combine that with a blacklist and you lose mail. If you don't have junk mail access with your ISP, consider what they're doing with it.

In my books, the whole spam problem arose because ISPs didn't consider it their job to deal with spam, until it became an issue for them. They left it to their customers to deal with.

The same thing has since happened with computers. Buy a computer and it typically comes with lame security. The XP firewall does not prevent outgoing so easily allows your computer to be a spybot. Front line defenses like AV are typically 30 day trials that expire. People simply don't get that you HAVE to secure your computer.

As for viewing spam messages online, then deleting them. May save you from downloading them, but as soon as you open the email and the images download from the spammers site, they know they got a view and what IP the file went to. Even text messages sometimes have invisible graphics just for this purpose. If you can avoid it, delete your spam from the subject line. If its not from someone you know...

Finally, if you have an email address on a web site you are inviting spam. Spammers spider the web for email addresses and sell them. Use an image file, script encrypt the email address, but never post it as plain text. Or consider it a throwaway account.


Posted by:

kcwriter
24 Oct 2007

Yahoo is the worst with spam. Google has been the best. I NEVER get spam in my main box with google. I don't know how they do it. But @ Yahoo, I get letters from people wanting to transfer money to me, notices of winning some lottery I never entered, porn solicitation, etc. EVERYDAY! Delete, delete, delete is my spam guard.


Posted by:

C.J.
25 Oct 2007

Following up on Laura H's comment on who would buy from a spammer - that question/comment is off-base, sorta like asking who buys from those darn info-commercials..it's about the numbers. For every 10000 spam emails, someone is going to 'bite'. Same for the Nigerian scam, ask enough people and someone will fall for it. The problem comes from sending out millions of emails, just to get a few takers. The more eyeballs viewing/reading - the better the odds of 'sealing the deal'


Posted by:

Numps
26 Oct 2007

It just amazes me that the major ISPs have not found a way to stop spam. If, as noted in the article, better than 90% of all email is spam, then by finding a way to prevent it they would be able to save 90% of their handling costs — servers, bandwidth, personnel and the rest.


Posted by:

Linda K
04 Nov 2007

A good place for spammers to get your email address is from emails your friends send out. They forward an email to everyone in their address book and every one gets a copy of all the addresses the email gets sent to. (Go look at the headers on one of your emails from a friend). I can't get it through to some of my friends to send my emails as a BCC (blind carbon copy) so my address doesn't get sent to everyone in the world so I have 2 emails. One I use for my friends so if they forget to BCC me I get all my spam at that address. The other one I use for other stuff. It's funny - I get almost NO spam at that address but 200 to 300 every day in my friend's email address. Some of my friends don't know how to clean up an email before the forward it ( for the 5th or sixth time). I could cull 50 to 100 address just from one of these emails if I were a spammer.


Posted by:

Stu Berg
07 Nov 2007

If you shut down the websites that use spammers, the spammers will have no business. With no business, they will not survive. That is what KnujOn is doing. Please check it out here: http://www.knujon.com/

We should all be forwarding our spam to KnujOn so we can eliminate spammers.


Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.


Article information: AskBobRankin -- Are The Spammers Winning? (Posted: 16 Oct 2007)
Source: http://askbobrankin.com/are_the_spammers_winning.html
Copyright © 2005 - Bob Rankin - All Rights Reserved