Feeds

back to article Honeynet research lifts the lid on spam trends

Stats from the one billion spam messages blocked by Project Honey Pot over the last five years provide an insight into junk mail trends and spamming practices. The Honey Pot project was formed by a community of web administrators as an alliance against online fraud and abuse back in 2004. The group now numbers 40,000 members in …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

In other words SPAM follows the PC on/off pattern

In other words SPAM follows the general household PC on/off pattern in the developed world. Not surprising as most of the SPAM is now delivered by zombies on household PCs.

If we sum-up the totals at 12 is the "ON" maximum with all of EU, Brasil and the US East Coast online and belching junk. From there onwards, EU starts to drop off.

Similarly, in a household which is likely to have a zombie PC that PC is least likely to be used on Christmas. The people who have them always on or who are antisocial enough to need one on Christmas tend to have their AV in order (or not use Microsoft).

0
0

Spam a fact of life

It's an unfortunate side effect of internet usage but spam will be with us always. Even if you could kill one source another will rear it's ugly head soon enough. All you can hope to do is contain it using spam filters. Much like P2P it's a hydra that keeps regenerating. There is much too much revenue available to spammers for it to ever be stopped. I am not even sure taxing emails would prevent it since most spam comes from unsecured computers and not from the spammers themselves.

0
0
Paris Hilton

Sanitised 'net?

It seems to me that the report will imply we waste our tax-dollars tax-pounds tax-euros and tax-yen tax-roubles tax-xxx by chasing after the event and by being in perpetual catch-up with criminality taking the lead.

It does no good, fosters a security industry that costs a fortune, has damage that costs a fortune (UK's NHS for example), makes the web/net an insecure place to be.

All the above (admittedly speculative) suggests it is time to move on to sanitation and if the perps get in a good does of chlorination to boot.

Why stick with an "any content is ok" principle when it is fine and fantastic for pure science and pure research. The truth be told is obvious.

How much will it cost not to sanitise and maintain sanitised a web/net and what would be the hidden costs compared to sanitising and maintaining sanitised?

0
0
Bronze badge
Stop

But I want to be a good Samaritan

I wish there was an anti-spam system that would combine computer analysis of the easy sort (such as regular expressions searching for websites or email addresses) with my human understanding of what sort of scam the spammer is trying to pull. It would be a kind of semi-automated high-accuracy complaint system.

Just a few examples of the kinds of problems such a system could address:

A human can recognize a phishing scam and confirm a warning to the phished company and a copy to a legal authority and to network admins who might want to cut the access.

A human can distinguish between a real reply-to email address (used by 419 scammers and some sex scammers), trash addresses, actual accounts created for spamming, and possibly even recognize some kinds of joe jobs.

A human can understand complicated scams like fake merchandise or stock scams and help notify the appropriate companies that might want to protect the values of their brands and merchandise. (Pfizer, I'm talking to you!)

Remember the spammer can't obfuscate from humans, since the suckers are human, too. However, there are a lot more potential good Samaritans than people who are so stupid as to send money to a spammer.

Stop sign for the spammers.

0
1
Unhappy

@the good Samaritan

You're working under the assumption that service providers give a rat's arse about abuse reports. They don't on the whole. Some outfits start out white-hat and disconnect infected users who are spewing spam (not "SPAM" @AC 15/12 20:59, that's a trademark of Hormel Foods inc. that refers to luncheon meat). They soon realize, however, that said subscribers just go off to another network where they can carry on unhindered by silly, petty things like Acceptable Use Policies because the abuse desk simply ignores (or, in some cases, refuses) spam reports.

0
0
Grenade

Re: @the good Samaritan

If an SP does nothing about spam, go to those who peer with it (those directly connected to the offending network(s)). If they don't, go to *their* peers…

0
0
Bronze badge

Spam persists. Everyone will deal with it.

The only way SPAM will die out is when it proves to be unprofitable. Until then, we will all have to deal with the consequences.

Oh well, live and learn.

0
0
Boffin

a possible solution...

Buy redeemable tokens from Veisign or Amazon costing 10th of a cent and send one with each email. Your email client accepts these tokens and redeems them automatically. Only accept emails that contain these redeemable tokens. If mail is important attach a more expensive token. If Verisign / Amazon start overcharging then use another company (PayPal - yuk, Google?)

0
1
Bronze badge
Boffin

You might be an anti spam kook if ...

http://www.rhyolite.com/anti-spam/you-might-be.html#e-postage

"The FUSSP assumes that your attention is so important that strangers will pay money to send you mail."

FUSSP: Final and Ultimate Solution to the Spam Problem

0
0
Bronze badge

Is it all hacking, what happened to physical enhancement product ads?

"Attract men with large breasts"

(No thank you)

0
0
Bronze badge
Boffin

partial solutions

I use the spamhaus DNSBL on my server. This rejects typically 3000 spams a week according to my weekly automated reports. Spamassassin in reject mode (scores > 10) gets rid of a further 200.

In filter mode, I use more agressive DNSBLs (including one I compile myself) and a lower Spamassassin threshhold score ( > 7.0). I get about 300 spams per week in my spam folder, where I check one line per email (sender and subject) twice a week for false positives, and I get about 1 FP per month there.

About 20 spam emails a week make it through to my inbox.

Many commercial email rejection/filtering services provide their customers with similar or slightly better performance here than I achieve myself.

To be able to improve upon this various incremental improvements in existing standards and software based approaches are possible including:

a. ISPs to implement standards such as automated activation of RFC2369 headers when someone clicks a "this is spam" button (based on subscriber regret). This would be better than AOL making these headers invisible and bouncing an anonymised and untraceable complaint to an abuse handler unable to remove the confirmed opt in with subscriber regret.

b. Better means of identifying IP addresses which should not be sending email directly across administrative or contractual boundaries in the first place, such that an ISP can mark all addresses other than their own mailservers unsuited by default with domain owners publishing CSV records ( http://www.bbiw.net/CSV/draft-ietf-marid-csv-dna-01.txt ).

c. DNS and email server software and services making implementation of standards such as those above and DomainKeys a lot easier.

0
0
Silver badge
FAIL

Spam....

... is a social problem with attempts to nail it being a technical solution (that doesn't mean they're not worthwhile at reducing inbox pollution, but they won't solve the issue)

We know for the most part who the spammers are and where they're operating from.

The issue is cross-jurisdictional enforcement issues and a WILL to prosecute, along with a marked unwillingness of supposed "spam hating ISPs" to eat their own dogfood and filter OUTBOUND mail.

From a technical point of view, hijacked enduser PCs sending spam could/should be easily dealt with. From a legal point of view, making ISPs liable for what comes out of their networks would provide a strong incentive to make it so.

FAIL: because right now the only ones who care about spam are a bunch of "crazed network admins" and a few complaining end users.

0
0
This topic is closed for new posts.