Almost a third of consumers admit responding to messages that might be spam emails. Some acted out of curiosity or by mistake but a puzzling 96 from a sample of 800 (12 per cent) said they clicked because they interested in the product or service advertised in junk mail messages. A survey by the Messaging Anti-Abuse Working …
How about those who click out of curiosity?
As a user of multiple OSs and browsers, some in Virtual Machines, I often go to "dodgy" looking sites to see what will happen -- surely I'm not the only person who does this?
seldom do i click
and i never say yes when the anti virus pops up asking do i want etc ...
But beware of unique URLs
I have occasionally looked at sites advertised in spam, but I'll never go to a URL that might identify me: I don't want the spammer to know that the message they sent reached a human being.
"technology, industry collaboration and public policy"
Thats all well and good.
I report Spam to SpamCop and if you look through their stats page ( http://www.spamcop.net/w3m?action=hoshame ) you'll see hosts that are still spewing spam after 465 days.
A lot of these machines are in china/asia and I know that my own server is constantly bombarded by connections from the dynamic IP pool at hinet.net who are trying to use my email server as a relay, not that they can and I tarpit them. But that has been going on for over 4 years.
But for some reason a lot of ISPs which show up in their list of hosts are obviously ignoring all the reports.
Which is probably why people don't report. What is the point of reporting spam (if the ISP will even accept munged reports) when often nothing is done. if after over 400 days T-mobile in Slovakia can't get off their arses and do anything then what is the average person supposed to do?
So brilliant, lets work with the industry, apart from the fact that a lot of the industry doesn't give a rats fart about spam. So ultimately this is one big fail.
not using filtering?
"around one in five (21 per cent) fail to use email filtering software or services."
possibly many of them have filtering via their isp and don't realise it (for viruses if not for dodgy links)
"800 ordinary computer users"
And there's your problem. In spite of near-on 20 years of common email use and constant best-practice messages from the industry, there are still induhvidials and n00bs out there who really do think "Hey, free Rolexes!"
IMHO replying to spam should be covered by the same legislation as sending it - i.e. make it a criminal offence with appropriate penalties, and make damn sure everyone knows it. Reply to spam and WE'LL COME AND GET YOU!
And yes, I know it's totally impractical and impossible to police etc, but joe.blow@kokomo won't know that. At the very least it might make him think before replying. "Uh-oh, I better not. The feds might be a-watchin."
800 ordinary computer users
Is anybody else constantly surprised at how stupid the users are?
SPAM HONEY POTS
Look why don't we set up spam honey pots with super distructive malware on them. You could have several different offers, free Rolexes, 12" penis, breast enlargement cream, etc. those that respond would have their computer's OS completely wiped, including the hidden windows restore partition. after a while that would pretty much get rid of stupid who click on spam in order to get a free Folex, 12 " dicks or big air bags without a trip to Bulgaria.
PARIS BECAUSE I'M SURE SHE CLICKS ON EVERYTHING
If I get spam in a temporary or unimportant account I sometimes reply because some of this stuff is actually quite entertaining. I'm intrigued by the Mystery of the Dyslexic King and his Totally Legit Lawyer of No Fixed Abode. It's more interesting than the (in my experience) more common watches and drugs.
Of course there's also the online casino whose domain was registered last week to an individual in Florida and which is hosted in China. If these things died out wouldn't the world be a slighly duller place?
Oh, you mean like that crap so many corporate IT departments use, that silently bins email from actual customers (making them that extra bit more friendly when contacted in person or over the phone) while letting all the replica watch and male-enhancer ads right through to the inbox?
And I can't even begin to fathom why the same morons replace .zip files of software sent to a customer with a friendly note that it might have been dangerous so we deleted it for you. If it looked so farging dangerous, couldn't they just delete instead of sending a "We are complete idiots" notice to a formerly happy customer? And maybe send me a note to say I'll just have to FedEx a bunch of floppies to the customer?
I must admit...
I must admit I peel the 'No Junk Mail" stickers off my mailbox when I move into a new place - I rather like free catalogues, if only to remind me why I don't bother going to their shops (the only ones I seriously read are those from the Variety Discount Stores - they occasionally have something cheap and nasty for a cheap and nasty price (as opposed to mainstream retail which charges $$$ for the same crap). I doubt I have ever bought enough from any one shop's catalogues to cover their printing costs though.
As for email SPAM, my real-name account is going on 5-years without getting on a list (basic precautions work!). However people have recently been sending my internet fun-time alter-ego account (I'm laxer with this one) requests for bank details. Guys!, LaeMi doesn't have a bank account: Only the hand up her sock-end does!
I visit some spam links. If i believe its an exploit attempt or a phish page in a sandbox. And see what it does.
But what surprised me was when I was fixing a clients computer. And say she replied to a phish
"Hello, please can you remove me from your email list as I am not with your bank. Thank You (Her Name)"
I nearly fell on the floor laughing.
Is it just coincidence that today's Nemi is about her wondering
who the blazes buys stuff that is spamtized?
Upon eliminating spam
I've always thought that the most effective method of eliminating spam would be to target the companies that advertised via unsolicited spam, rather than the spammers or botnet writers. Take away the profit and you take away the problem. Who's going to write a spambot if there's no spam to send?
I'm not running protection and I'm proud
As a user of mail software that resolutely treats almost all content as plain text, validates every image, ignores ALL external links and shows real URL's however well hidden, I feel confident disabling the malware sniffers my antivirus vendor keeps piggybacking onto updates.
Anyone want to bet this survey was carefully worded to not distinguish infection magnets from those of us that simply don't need thebloatware products from the studies sponsors?
As anyone who's been in IT for a more than 10 minutes will know, the carpet baggers of email marketing are still trying to peddle their wares.
What they do not make clear is that most email marketing is indistinguishable from spam.
There is an awful lot of people who just don't know or care about spam... nothing to do with me they think.
The very weak laws around it do not help and the attitude of fellow IT folk sometimes can be less than useful...
Even if someone DID once say they wanted email, that doesn't mean they wont consider it spam in future, nor does it give websites free-reign to send as much as they like.
Its not all down to n00bs and idiot users... a consistent message from the industry would help...rather than "Its spam, if it is not me trying to sell you something, because you came to my site once and could not proceed without creating yet another login with you email adddress"............
If the industry was consistent then sites like spamhole would not exist.
I was looking to buy a product for which I received a spam email. I would not follow any links or purchase the product from the company advertised in the spam.
I don't report spam, perhaps I should but it rarely gets into my inbox anyway, my filters catch at least 99% of spam and direct it to my trash folder. I do scan the subject lines before emptying my trash folder in case of false positives.
What is worse is when a spam operation uses your email address as sender, I had to telnet into an email account once just to delete the many thousands of bounces in there. Thunderbird just wouldn't download them all.
Calm down, it;s only a survey
I get the distinct impression that a lot of these ordinary users may not actually know what SPAM is - or means. Part of the problem is that "unsolicited" is quite a long word, and also the meaning of SPAM is not widely discussed, it's just referred to with no explanation attached.
I get a fair amount of ADVERTISING, but it's all stuff I have signed up for - some of it is even useful. If the ordinary users associate all advertising emails that are directed to them as SPAM, then this statistic looks a lot more realistic.
As it is, this is merely a survey of what people think, and almost certainly therefore, bears no recognisable relationship to what actually happens or what they do. Even worse: the survey was created, performed, analysed and publicised by a group with the self-proclaimed aim of "focusing on preserving electronic messaging from online exploits and abuse". So they're hardly likely to say there isn't a problem, now. Are they?
I Know Someone With A Masters' Degree That...
...fell for a "Microsoft Lottery" scam.
At my insistence, he changed his email (but not before getting a response, asking for bank details).
All it takes is naive people, and there's still a rich vein of them out there...
Only complete idiots...
Let's face it, only a complete idiot would respond to a spam email. After all, you're going to trust someone or some organization that already breaks the rules by spamming to provide you what they claim they will...
Sadly, the world is full of idiots. If we can't do that much to stop them hurtling around in large motorised metal boxes, often under the influence of drink or drugs and frequently without bothering to take the legally required test ,we have no chance of stopping them logging on to a computer and trying to buy fake V1ogr0!
@AC 15:50 GMT
Exactly. You know what would stop spam? BLOCK THE ADDRESSES WHO SEND IT. Why doesn't anyone want to do that?
Opposite viewpoint here
Interesting, because a group at UCSD claims exactly the opposite:
Mine's the one with the SOLID GOLD ROLEX in the pocket...
I say we take off and UDP the entire site from orbit.
We run our own mail server - with about half a dozen regular users. We get around 2500 IP connections to the server per hour, 24 hours per day, 365 days per year. We average around 20-30 real emails per 24 hours.
Luckily we run Spam Assassin, use tar pitting, black lists, white lists, spam traps, etc, etc and, on average, only a handful of the crap gets through. You can't stop the signal Mal - but the signal turns out to be spam from Russia most of the time. It's not going to stop until the UDP is deployed on a regular basis against the offending providers.
"IMHO replying to spam should be covered by the same legislation as sending it"
Your wish is granted! I take it you are USA-an, with the Feds reference? Your stupid CanSpam act means the damn spammers can continue 'till you ask them nicely to stop. What a brilliant idea! Doesn't it really eliminate spam? There again, most other jurisdictions are similar. Opt-in is a much more effective rule.
Popular culture problem
TV and Movies almost NEVER relate to IT stories or concepts in ANY realistic way.
Perhaps if they did, more people would get a clue.
Even TV news reports on the "latest virus" get the details either wrong OR don't explain how to avoid the problem in the first place. They just love to sensationalize it. "We're all gunna die"
I know TV and Movies don't like New Media, but you'd think they would be interested in educating people?
Oh well, rinse and repeat...
The 12% figure is surprisingly low if it is "have you ever responded to a spam". Surely almost everyone has in one way or another. I've been using internet email for (can't remember - 15 years?) and lived through the "invention" of spam so we were all on a learning curve, surely most users go through that learning curve 'though rather more rapidly!
Add the inability of many users to identify the difference between spam and something they signed up to. The 12% figure will be misunderstood by spammers and they will find it encouraging. More useful figures would be: what % of users have made a successful purchase initiated by spam and what % have been ripped off in one way or another. I think both figures would be closer to one in a million - sadly still enough to justify sending a million spams.
I may be a cynic (Ed - yes!) but the 12% figure will be "helpful" to spam filter vendors, or to "independent" researchers wanting to sell their report to those companies.
Re origin of spam - China features high so, given the great firewall of china, we know their government has tight control of internet activity and by allowing this traffic to pass they are effectively sanctioning the activities of chinese spammers.
shut them out
Can there not be collusion among the big ISPs used by regular idiots to immediately block access from their network to any spamvertised link? Given most spam is fraud to either take your money/credit card details or install malware, is this not a reasonable protection to offer their users? If the likes of AOL were quick off the mark stopping access to pretend drug/rolex sites, spammer profits would drop like a stone and reduce the motivation for these attacks. It would mean employing a trivially small amount of staff to maintain a blocklist, which would be more than offset by the savings in support staff dealing with barely literate customers with pwned machines.
Stupidity needs to be made more painful
that is all
The Society For Exceeding Long Overengineered Titles For Reports That Could Be Shortened Considerably Had Anyone Bothered To Spend More Than Five Seconds On The Toilet Starting At Angelina Jolie In A Magazine would officially like to endorse and approve the title of the report mentioned in this article.
"A Look at Consumers' Awareness of Email Security and Practices or 'Of Course I Never Reply to Spam, Except Sometimes" is considered acceptably long and over-engineered to qualify for a special award.
Some people don't need it.
Although it isn't as popular as some email services, gmail is pretty damn popular. Not only is gmail popular with users itself, my own website, my ISP (Sky) and my university have all moved to gmail powered systems. The system has such good spam filter (with built in reporting), I get spam through to my inbox less than once a month and I don't think I've ever noticed a valid email get marked as spam (I occasionally check the spam bin every 3 weeks or so) At the moment, gmail blocks around 900 spam emails a month from my inbox.
If gmail can do such a good job, there doesn't really need to be anything left on the client end. Just so you know, gmail supports email forwarding, pop3, imap, over 7gb space and can collect email from other pop services.
What about the credit card companies...
Spammers must make their money via credit card transactions, they can't be anonymous to the credit card companies. What's to stop a law enforcement agency from buying spamvertised viagra and then getting the details of the money trail back to the seller? I'll tell you why, the credit card companies want the business and the law enforcers are not interested. Makes you wonder who the criminals really are!