back to article Nine in ten emails now spam

Nine in ten emails are now spam with an estimated 200bn junk mail messages a day clogging up the internet, according to a new report by networking and security giant Cisco. Drive-by download attacks - planting redirection scripts on legitimate sites that lead onto hacker controlled websites full of exploits - have become a …

COMMENTS

This topic is closed for new posts.
  1. Tom Chiverton
    Boffin

    IT fail

    "websites were loaded with iFrames, malicious scripts"

    An IFRAME is a HTML tag, not a (Java)Script, malicious or not. The one can be used to embed the other, however, which is no doubt what you meant to say

  2. The Fuzzy Wotnot
    Unhappy

    First of many reasons

    #1 . Yonks ago, having an email was like having a tarantula as a pet, quite rare, then the world and his dog wanted to get "da innerweb" and get one of them new fangled email thingys.

    #2. Quite a few people still think you keep an email like you keep a house address, for a very long time.

    #3. Most people use the same email, usually something obvious like first_name.surname@whatever.com, for everything, no matter what. Sooner or later it gets snagged by the ne'r do wells.

    Me, I change my email addresses every 6 months, the valuable ones are made up of random characters at one of 5 domains also with silly names. I maintain a list of exactly who has what one and when it needs changing. Touch wood I have had 2 spam emails in 18 months. Not perfect, but I have better things to do that wade through lists of cheap viagra pills and plastic nob pumps!

  3. Paolo
    Boffin

    Wow

    90% is a scarily high figure. Think of the processor power, bandwidth, electricity and ultimately money that's being wasted by ISPs filtering this crap. I'm amazed they haven't come up with something to stop this yet (or at least decided to really go for SPF and/or SenderID), they've spent enough years naval-gazing about it.

    Then again, I wonder how much total traffic does mail account for? Perhaps saving 90% of sod-all isn't worth the bother.

  4. 4a$$Monkey
    Coat

    spum-churning zombies

    "spum-churning zombies" is this a new term I'm not aware of or is it a typo? Frankly I'm not prepared to goggle it to find out!

    /mines the one without the spum on it!

  5. EvilJason

    We should stop going after spammers...

    We should stop trying to get the spammers there's to many and more pop up all the time....

    What we need to do is get the people behind the spam the places who buy it as advertising and name and shame them.

    Make it taboo to be associated with spam.

    Make the common person know who these companies are and give them so much bad press they will stop buying spam, which will leave only a majority of illegal stuff i.e. fake or bad meds, virus and trojans and scams and if that stuff is the majority of spam it will be easier to make spam illegal then we can find and arrest spammers, who will go underground still get payed to spam and then we can track them down for tax evasion.

    -Jason

  6. Joe
    Pirate

    more like 98%

    it's not 90% Cisco is wrong about that, it's more like 98%. We block more than 90% at the perimeter, another 50% of the stuff that gets through is junk, and another few % of that is marked as junk by the end user.

    Need more death sentences for spammers, scammers, 419ers and the like.

    I propose a pay-per-view event named "Spammer Island" where we can hunt them, use webcam controlled firearms and the paying public can watch us chase them down, bayonette them in a winner takes all sort of no holds barred blood fest where the blood comes from the spammers and all we win is cleaner mailboxes.

  7. Fred

    'Pairing' of email contacts, would this help??

    At present unwanted emails are filtered out.

    May i suggest the opposite approach? Filtering wanted emails in.

    If contacts email addresses were 'paired' like bluetooth devices, then a security code could be appended to the subject of emails sent.

    So basically, if any email, from any email address, does not contain a paired code then the email would be filtered out as spam.

    I know there are issues with such a method, but my own experiments with a simple auto-it script saw my junk email go to zero, and i actually got only those emails from those who participated!

    Just my 5 pence worth....

  8. Adrian Jooste

    ISP's look elsewhere

    Maybe the ISP's of the world should look into this problem instead of restricting Torrent bandwidth (See Virgin article)? Seems like it would be doing the online community a greater service and, as Paolo mentions, saving on all sorts of resources being squandered.

  9. Sarah Bee (Written by Reg staff)

    Re: spum-churning zombies

    It's a typo. But I think we should find a use for 'spum' as it sounds both useless and rude. Something which is rude and useless?

  10. IGnatius T Foobar
    Linux

    IFRAME vs iFrame

    I'm amused by this article's use of the word "iFrame" -- capitalizing the F like that makes it look like some sort of Apple product.

  11. Anonymous Coward
    Paris Hilton

    @Sarah Bee

    "Something which is rude and useless?"

    Icon says it all.

  12. Mountford D

    The answer: Licence ISPs properly

    Let's face it: Anyone can set up as an ISP as long as they have enough dosh. All you need is about £1K a month payable to BT and you are an ISP under their wholesale scheme. Go into partnership with a spammer, recruit a few hundred spambots and you have a global spamnet. BT don't care as long as you pay them. If they get downstream complains, they'll simply pass it on to you as it's your responsibility to keep your users in check.

    Surely the answer is to regulate ISPs and make sure providers are bona fide. Also bandwidth and pipe providers like BT should make sure traffic flowing through their pipes is not effluent and cut off the ISP if nothing is done.

    ISPs are way too soft too. My mate's PC was turned into a spambot and all he had was a letter from his ISP telling him he had exceeded his quota and his machine could be sending out spam and he could be charged for usage. Big deal! His ISP obviously knew it was a spambot and should have therefore throttled his connection and terminated his contract if it wasn't fixed within a week. By the time I got round to have a look at it, he must have spammed the world several times over.

  13. Anonymous Coward
    Flame

    Block the zombies

    Said it before - when SPAM is identified coming from an ISP, that ISP should be given (say) 24 hours to kick the client off the network and bar them permanently (or until the user phones up to whinge). Failure to comply results in that ISP being blacklisted and dropping off the 'net.

    Another security measure could be authenticated sender. Before passing a mail on, the receiving server checks that message header is valid (basically asking "Did you send this?" to the server mentioned). Should cut down on spoofed headers meaning it becomes easier to target and remove the miscreants.

    Education has been tried and it has failed. It is time that proactive measures were taken and if that means kicking dumb-ass users of the 'net until they learn how to drive a PC, then so be it. Let them bleat like the sheep they are.

  14. Anonymous Coward
    Anonymous Coward

    @Fred

    Yet another FUSSP that is unworkable. All it takes is for one sender unwilling or unable to participate and you'll never see mail from that person or organisation. So you fall back on a classic "whitelist some and blacklist the rest" scenario, which is no different from what many people use already.

    I also agree with Joe that 90% is a bit of an underestimate. It was 90% about 5 years ago on the servers I manage and is nearer 99% now. One low-traffic server of mine that receives roughly 120 e-mails daily is the recipient of attempted spam deliveries every 10 seconds on average. That's 8640 a day out of 8760, or 98.63%.

  15. Dave

    Huh!

    I know that just by posting this I will get a deluge of crap, but in the last week to 10 days, the amount of spam to my two main mail boxes has dropped from 40 or more like 60+ a day to 2 or 3!! There was a drop when that ISP was taken of air, but not as substantial as this. I have not made any changes to my mail server or changed any spam rules. Has another ISP been taken down that anyone knows about? I've not seen any reports.

    Personally I hope it stays that way! but then with message rules I hardly saw the spam messages, just the overflowing Trash folder containing emails titled *** SPAM *** xxxcccvv ;)

  16. Jamie Kitson

    "clogging up the internet"

    Oh please! 90% of email might be spam, but what percentage of internet traffic is email?

    It's unlike the Register to be so sensationalist.

  17. Anonymous Coward
    Anonymous Coward

    ...and the dirty little secret that never gets mentioned...

    99.99999999999% of those spambots are Windows PCs. Why do articles about this abhorrent situation always neglect to mention this simple fact. If you really want to help stop spam, you first have to help the world to get rid of Windows. It is as simple as that.

  18. steogede
    Gates Horns

    Re:ISP's look elsewhere

    Indeed. If Virgin can block bittorrent, I can't see any reason why they can't/shouldn't stopping their customers from send spam (albeit inadvertently). Or for that matter receiving spam, after all if they are seeing a million messages containing the same virus ridden payload who is in a better position to identify and and prevent this?

    Then again why should the ISPs be responsible for fixing Microsofts mistakes - okay the flaws in SMTP aren't the fault, but there is only one OS that is malware ridden. And before any claims that this is only because Windows is the OS used by 90% of desktop PCs - whose fault is this if it isn't Microsoft's (well okay perhaps the consumers).

    Re: Re: spum-churning zombies

    >> It's a typo. But I think we should find a use for 'spum' as it sounds both useless and rude.

    >> Something which is rude and useless?

    I suppose that would be the Paris Hilton angle?

  19. Anonymous Coward
    Flame

    @AC 15:13

    "All it takes is for one sender unwilling or unable to participate and you'll never see mail from that person or organisation."

    So what? Either they play the "secure-email" (or whatever you call it) ball, or they can G.T.F.

    I have no problem with removing those who will not help stop SPAM.

  20. Sabahattin Gucukoglu

    NAT Boxes Should Port 25 Block By Default

    How about we get a load of NAT box makers to block port 25 by default? Saves the ISP and gives the customer choice. Just an idea I can't believe I haven't had before ... though ISPs should be taking more care. And anyway a load of WinDrone boxes are hooked straight into the net.

    I need some more spam. Do you mind?

    Readers, please leave this alone. Non-human harvesters only! Use this trap: erhi@yamta.org

    There. Now, what will happen? When will I get my first spam?

    Cheers,

    Sabahattin

  21. E

    Fox gaurding the hens

    Isn't Cisco largely responsible for enabling this spam?

  22. Mike

    Natboxes blocking SMTP

    That would work for about 4 hours, and then the zombies would start re-opening it with uPnP. Just as they would start "authenticating" the emails as "paired", based on your Outlook address book.

    Well, OK, maybe not _yours_, but the vast majority of folks who host zombies would be Outlook Express users (with the preview pane enabled, yet), would only accept "paired email" if it was completely transparent to them, and if they use a NatBox at all, would have uPnP enabled.

  23. Christian Vest Hansen

    @Jason

    "What we need to do is get the people behind the spam the places who buy it as advertising and name and shame them."

    Careful now. Let's take a thought experiment: imagine we live in a world where every company who's product s advertised for with spam will get summarily punished. Now, if you really didn't like some company, you could send out some billion spam messages advertising products from that company, and have the government smack them around a bit with a large fine.

    No, we need to keep the heat on the spammers, like we do today but regretably/preferably even more so. And we need the ISPs to somehow facilitate that their spam-churning customers get a stern talking-to.

  24. RW
    Boffin

    Billion & spum

    Is that "bn" 10^9 or 10^12?

    "Billion" has different connotations is different countries, you know.

    Since it's Cisco, I'm putting my money on 10^9, but I'd like confirmation.

    If you enter population numbers and turn the crank a couple of times, some interesting figures emerge. Canada turns out to be far and away the single worst offender, cranking out 282 spams per person per annum. Turkey is next worse at 259.

    Further: South Korea, 135; US, 114; Russia, 113; UK, 95, Germany, 70; Brazil, 46; India, 6.

    As for "spum", sounds like a synonym for "santorum", q.v. (Actually, qui Wikit)

  25. David
    Stop

    Block outgoing SMTP

    ISPs should block outgoing connections to SMTP servers (except their own) by default. That'd make it much harder to hide the source of the spam, and they could configure their own SMTP servers to block too much mail from a single client.

  26. Trix
    Boffin

    Stop it at the source

    As others are suggesting, ISPs should block access to port 25 from their consumer networks (including consumer networks sold to businesses with static addresses), and enforce authentication before submitting email. That cuts out all the bots right there (bots don't have an auth mechanism!)

    As for those morons who spam us with their "home business" setup, as soon as an ISP sees unusual traffic levels from an account, disable it. Simple.

    SPF is handy for us corporate mail senders. It doesn't cost anything, there's nothing easier than whacking in a wee TXT record in your DNS, and I really don't see why the majority of organisations aren't using it already. Also, organisations should do simple things like have proper forward and reverse DNS entries for their mail servers, and use properly formatted emails!

    Some of the measures I could take (such as blocking mail from servers that use non-existent HELO server names), or (more severe), blocking mail from hosts that have dynamic-appearing rDNS names (CPE-123-456-789-111.isp.com) are useless because of lazy admins. I don't *care* if "CPE-123-456-789-111.isp.com" is a valid rDNS name that belongs to a business - it still looks like some home machine that's been compromised by a bot. What's wrong with an rDNS that looks like a real server? "mail.example.com" seems so quaint these days.

  27. Erik Aamot

    not from my ISP

    since this past spring/summer .. less than 10% of my e-mail from 2 long standing addresses is spam .. some days zero on one account or the other

    att.yahoo.com mailservers .. meaning AT&T / Yahoo! DSL is doing something right on thier end

    i download directly with OE 6 , no filtering by me on Yahoo! webside nor in my email client

    ISP's are the only ones that can control this .. and the ones that really suffer on bandwidth costs and therefore competitiveness if they don't learn to identify and blackhole spam

    have only had trouble recieving email from one person on a flaky ISP in Germany and no problem with legit commercial email I have opted into from legit businesses

    no problem replying 'to all' with 40+ addresses either ..

  28. jake Silver badge

    Questionable stats.

    A lot of the spam that my systems drop are sent through servers in China and Taiwan (25-30% any given week). Yet the report doesn't mention either ...

    Where, exactly, are cisco boxen manufactured these days? I honestly don't know ...

    ::shrugs::

    Note that I'm not talking "origin", here ... I'm talking the actual spamming machines.

  29. Anonymous Coward
    Thumb Up

    @Stop it at the source

    Can I just second his comments.

    Why not block at the source? Also - there should be easier ways for mail exchangers to drop messages that look like spam (due to invalid addresses) - incorrect DNS/ID's.

    My work mail hardly gets any spam (which is good) but my home e-mail fits with that figure above. The annoying thing is they have spam filtering at the server but there were too many false positives - so now let it come through and filter on my home PC using virus scanning, whitelists and rules.

    The downside is that I get a fair few megabytes of e-mail coming down which takes a while on my internet ADSL link.

    My home PC is firewalled for some outbound ports with only my mail client actually being allowed to send mail. I also have spyware tools running in resident to avoid the things getting on in the first place. I've (touch wood) had no spybots/spambots on my machine. (There's been plenty of attempts though).

    Users need education on securing their own PC's and networks - after all broadband has effectively given them things like DMZ's, firewalls, DHCP addresses that hardly change, 24x7x365 online.

  30. mr.K
    Boffin

    Re: Re: spum-churning zombies

    "It's a typo. But I think we should find a use for 'spum' as it sounds both useless and rude. Something which is rude and useless?"

    From Mr.K's Dictionary of New Wørds

    spum, n, derived from the words spite and bum, a commenter or a comment that is rude. ex. "Three spums were today sent to Moderatrix' dungeon to be thought a lesson.".

  31. Sarah Bee (Written by Reg staff)

    Re: Re: spum-churning zombies

    I approve this message. Typos notwithstanding.

  32. Michael Kean
    Happy

    Almost no canned meat for me!

    I have simple advice to block SPAM.

    1 - Create a gmail address

    2 - Get your ISP to forward your email to the gmail address.

    3 - Retrieve your email from gmail using POP3 or IMAP (Outlook Express, Outlook, Thunderbird, etc.)

    4 - Optional: Create obscure second address at ISP and forward to that from gmail if you need multiple POP clients using 'leave message on server for x days' or you get some weird auth fault with gmail over POP3, or you have problems getting SMTP to quote your original email as the source.

    Virtually no SPAM, very few false positives.

    Downside? Google reads your mail.

    Score: Last 30 days: 230 SPAM, 1051 Legit from 10 year old address. (Disclaimer: Spamassassin might have eaten some before they got to Gmail, not entirely sure.)

This topic is closed for new posts.

Other stories you might like