IT fail

"websites were loaded with iFrames, malicious scripts"

An IFRAME is a HTML tag, not a (Java)Script, malicious or not. The one can be used to embed the other, however, which is no doubt what you meant to say

First of many reasons

#1 . Yonks ago, having an email was like having a tarantula as a pet, quite rare, then the world and his dog wanted to get "da innerweb" and get one of them new fangled email thingys.

#2. Quite a few people still think you keep an email like you keep a house address, for a very long time.

#3. Most people use the same email, usually something obvious like first_name.surname@whatever.com, for everything, no matter what. Sooner or later it gets snagged by the ne'r do wells.

Me, I change my email addresses every 6 months, the valuable ones are made up of random characters at one of 5 domains also with silly names. I maintain a list of exactly who has what one and when it needs changing. Touch wood I have had 2 spam emails in 18 months. Not perfect, but I have better things to do that wade through lists of cheap viagra pills and plastic nob pumps!

Wow

90% is a scarily high figure. Think of the processor power, bandwidth, electricity and ultimately money that's being wasted by ISPs filtering this crap. I'm amazed they haven't come up with something to stop this yet (or at least decided to really go for SPF and/or SenderID), they've spent enough years naval-gazing about it.

Then again, I wonder how much total traffic does mail account for? Perhaps saving 90% of sod-all isn't worth the bother.

spum-churning zombies

"spum-churning zombies" is this a new term I'm not aware of or is it a typo? Frankly I'm not prepared to goggle it to find out!

/mines the one without the spum on it!

more like 98%

it's not 90% Cisco is wrong about that, it's more like 98%. We block more than 90% at the perimeter, another 50% of the stuff that gets through is junk, and another few % of that is marked as junk by the end user.

Need more death sentences for spammers, scammers, 419ers and the like.

I propose a pay-per-view event named "Spammer Island" where we can hunt them, use webcam controlled firearms and the paying public can watch us chase them down, bayonette them in a winner takes all sort of no holds barred blood fest where the blood comes from the spammers and all we win is cleaner mailboxes.

IFRAME vs iFrame

I'm amused by this article's use of the word "iFrame" -- capitalizing the F like that makes it look like some sort of Apple product.

@Sarah Bee

"Something which is rude and useless?"

Icon says it all.

Block the zombies

Said it before - when SPAM is identified coming from an ISP, that ISP should be given (say) 24 hours to kick the client off the network and bar them permanently (or until the user phones up to whinge). Failure to comply results in that ISP being blacklisted and dropping off the 'net.

Another security measure could be authenticated sender. Before passing a mail on, the receiving server checks that message header is valid (basically asking "Did you send this?" to the server mentioned). Should cut down on spoofed headers meaning it becomes easier to target and remove the miscreants.

Education has been tried and it has failed. It is time that proactive measures were taken and if that means kicking dumb-ass users of the 'net until they learn how to drive a PC, then so be it. Let them bleat like the sheep they are.

Re:ISP's look elsewhere

Indeed. If Virgin can block bittorrent, I can't see any reason why they can't/shouldn't stopping their customers from send spam (albeit inadvertently). Or for that matter receiving spam, after all if they are seeing a million messages containing the same virus ridden payload who is in a better position to identify and and prevent this?

Then again why should the ISPs be responsible for fixing Microsofts mistakes - okay the flaws in SMTP aren't the fault, but there is only one OS that is malware ridden. And before any claims that this is only because Windows is the OS used by 90% of desktop PCs - whose fault is this if it isn't Microsoft's (well okay perhaps the consumers).

Re: Re: spum-churning zombies

>> It's a typo. But I think we should find a use for 'spum' as it sounds both useless and rude.

>> Something which is rude and useless?

I suppose that would be the Paris Hilton angle?

@AC 15:13

"All it takes is for one sender unwilling or unable to participate and you'll never see mail from that person or organisation."

So what? Either they play the "secure-email" (or whatever you call it) ball, or they can G.T.F.

I have no problem with removing those who will not help stop SPAM.

Billion & spum

Is that "bn" 10^9 or 10^12?

"Billion" has different connotations is different countries, you know.

Since it's Cisco, I'm putting my money on 10^9, but I'd like confirmation.

If you enter population numbers and turn the crank a couple of times, some interesting figures emerge. Canada turns out to be far and away the single worst offender, cranking out 282 spams per person per annum. Turkey is next worse at 259.

Further: South Korea, 135; US, 114; Russia, 113; UK, 95, Germany, 70; Brazil, 46; India, 6.

As for "spum", sounds like a synonym for "santorum", q.v. (Actually, qui Wikit)

Block outgoing SMTP

ISPs should block outgoing connections to SMTP servers (except their own) by default. That'd make it much harder to hide the source of the spam, and they could configure their own SMTP servers to block too much mail from a single client.

Stop it at the source

As others are suggesting, ISPs should block access to port 25 from their consumer networks (including consumer networks sold to businesses with static addresses), and enforce authentication before submitting email. That cuts out all the bots right there (bots don't have an auth mechanism!)

As for those morons who spam us with their "home business" setup, as soon as an ISP sees unusual traffic levels from an account, disable it. Simple.

SPF is handy for us corporate mail senders. It doesn't cost anything, there's nothing easier than whacking in a wee TXT record in your DNS, and I really don't see why the majority of organisations aren't using it already. Also, organisations should do simple things like have proper forward and reverse DNS entries for their mail servers, and use properly formatted emails!

Some of the measures I could take (such as blocking mail from servers that use non-existent HELO server names), or (more severe), blocking mail from hosts that have dynamic-appearing rDNS names (CPE-123-456-789-111.isp.com) are useless because of lazy admins. I don't *care* if "CPE-123-456-789-111.isp.com" is a valid rDNS name that belongs to a business - it still looks like some home machine that's been compromised by a bot. What's wrong with an rDNS that looks like a real server? "mail.example.com" seems so quaint these days.

@Stop it at the source

Can I just second his comments.

Why not block at the source? Also - there should be easier ways for mail exchangers to drop messages that look like spam (due to invalid addresses) - incorrect DNS/ID's.

My work mail hardly gets any spam (which is good) but my home e-mail fits with that figure above. The annoying thing is they have spam filtering at the server but there were too many false positives - so now let it come through and filter on my home PC using virus scanning, whitelists and rules.

The downside is that I get a fair few megabytes of e-mail coming down which takes a while on my internet ADSL link.

My home PC is firewalled for some outbound ports with only my mail client actually being allowed to send mail. I also have spyware tools running in resident to avoid the things getting on in the first place. I've (touch wood) had no spybots/spambots on my machine. (There's been plenty of attempts though).

Users need education on securing their own PC's and networks - after all broadband has effectively given them things like DMZ's, firewalls, DHCP addresses that hardly change, 24x7x365 online.

Re: Re: spum-churning zombies

"It's a typo. But I think we should find a use for 'spum' as it sounds both useless and rude. Something which is rude and useless?"

From Mr.K's Dictionary of New Wørds

spum, n, derived from the words spite and bum, a commenter or a comment that is rude. ex. "Three spums were today sent to Moderatrix' dungeon to be thought a lesson.".

Almost no canned meat for me!

I have simple advice to block SPAM.

1 - Create a gmail address

2 - Get your ISP to forward your email to the gmail address.

3 - Retrieve your email from gmail using POP3 or IMAP (Outlook Express, Outlook, Thunderbird, etc.)

4 - Optional: Create obscure second address at ISP and forward to that from gmail if you need multiple POP clients using 'leave message on server for x days' or you get some weird auth fault with gmail over POP3, or you have problems getting SMTP to quote your original email as the source.

Virtually no SPAM, very few false positives.

Downside? Google reads your mail.

Score: Last 30 days: 230 SPAM, 1051 Legit from 10 year old address. (Disclaimer: Spamassassin might have eaten some before they got to Gmail, not entirely sure.)