COMMENT
Written on AA173 whilst flying London to Raleigh-Durham, North Carolina, and dispatched from an open LAN at a friend's home.
From the first time I used email up to the present it has been one of my primary business tools. Not only does it afford me access to vast numbers of colleagues, it streamlines everything and puts time back into my life.
Well I guess it couldn't last forever! Perhaps it was all too good to be true? Sure enough, bit-by-bit, my email efficiency has been eroded year-on-year by the growing spam menace. It all started with an occasional spurious email but then the spammers got organised, automated and aggressive.
So my reaction was like everyone else - I got a spam filter. I nurtured and trained it until it became nearly 100 per cent effective. But then, after a few years, the spammers gained ground. The dark side of the force became more cunning. They innovated and got around my filter.
My solution? Concatenated filters - one with my ISP and one on my laptop! That worked a treat for about another two years but then in 2006 spam activity suddenly doubled. And in 2007 the growth has continued to the point where this week I find myself back to square one.
Spam is overwhelming me again. What is happening? Botnets, that's what. Millions of unprotected machines across the planet that are wide open to viral attack have been hijacked to create a distributed spam engine that is now estimated to be generating more than 70 per cent of all traffic on the net. And if the current rate of growth continues there is a distinct possibility that spam might bring the whole revolution to a grinding halt.
There are even wholesalers of botnets. Yes you can actually buy the capability to become more than an annoyance - you can become a part of the threat. Lately spammers have realised they can get around filters, and even multiple filters through sheer volume. If your filter is 97 per cent efficient, then the three per cent that gets through only has to be big enough, in volume terms, to be a real problem. And it is that volume that is the problem - it is slowing down the net and as a result we are all losing efficiency.
So what can be done? I favour the following:
- Shipping all new machines with firewalls and virus protection built in to reduce the number of systems which get turned into 'bots'.
- Network providers and ISPs can do a lot to isolate and render useless the bot generators - in short they can block their traffic at source or mid-stream.
- PC owners unknowingly supporting bot applications need to be identified, educated and protected.
- Governments may have to act, especially when their countries turn out to be a primary nest of bot trading.
- We have the ability to be able to track down and destroy individual viruses and other forms of malware enlisted by the dark side. We need the same for botnets and spam. In effect, the net needs an auto-immune system.
- We may have to take a look at our older applications and protocols and make some hard decisions regarding their continued existence and use.
- Finally, the base component and device industries producing the network hardware and software have a primary responsibility to take action. They have the keys to the kingdom, and whilst the growing inefficiency of the net generates inflated sales in the short term, the exponential rise of bot networks will ultimately overwhelm them too. And there is money to be made in solving the problem!
I don't think we have long to go before the situation becomes really critical. At the present rate of growth we may only have one or two years before it all goes badly wrong. In the mean time I have to dash, must comb through my spam filter to see if there are any false rejections...
Comments
There are 18 comments. Join the discussion
1. Neil Taggart
I favor the protocols approach, Peter. The root cause of spam is anonymity - the capability to send email anonymously, from multiple sources. Revised protocols could address this - if not by preventing it, then at least by providing traceable evidence.
Also, we need legislation that makes spoofing (in the sense of knowingly using someone else's email identity for antisocial behaviour) illegal, globally.
2. Derrick Smalls
I think about 80% of my email these days is spam. Concentrated filtering is the way to go. My ISP catches most and leaves it up there. But I still get enough through to give SpamBully or SpamBayes a work out. I still can't believe spammers can make money. They only cost money with clogging things up big time.
3. anonymous
Neil is correct, but does not go far enough. Until a new protocol replaces the current SMTP there will be no solution to this. Obviously a few large ISPs will have to ban SMTP on their networks for the replacement to catch on.
Until then, Peter, you need to dump your current email address, set up a new one and be careful about who you give it to. That's your only solution. Until SMTP is replaced, that is!
4. BillK
I have been swamped lately with re-directed spam. Both the from and to addresses are invalid and everybody in the world seems to be bouncing spam back and forth.
This seems to be a new way of getting round spam filters.
We better tell all the mail servers to do the Spam checks BEFORE deciding to bounce the email with an invalid address.
5. anonymous
Two points.
1. Not giving your address out doesn't work. I obtained a new .yahoo.co.uk email address recently, and didn't tell a soul. Within 3 days I was receiving spam from a .yahoo.fr address. Three guesses where they got it from...
2. The answer is to attack the root. All suggestions to date relate to bandages and aspirin for a broken leg. The answer is not to break it in the first place. Simply make e-mail a no-go area for advertising. Any company advertising via email gets prosecuted.
It doesn't matter who sent it, from where, spamming ultimately benefits the buyer of the adverts, so hit them. Hard.
6. Simon
Sorry guys, but I think filtering is just plain dumb ! I live a virtually spam-free existence, and most of what I do get is curtesy of my ISP that won't let me remove their servers as a backup MX ! I recently took on handling mail for a club I'm in, and everyone is ecstatic about the lack of spam !
All the time I see broken systems put in by what can be most politely described as clueless f***wits !
Many ISPs now use strong filtering (Baby out with the bathwater), or send out 'confirmation' emails which greatly increase the volume of spam. AOL seems to be one of the worst offenders and seem to work on the basis that anyting not originating on their own servers is spam to be deleted !
Not giving away your address is no longer a protection. It will reduce the amount of spam, but spammers now have so much capacity available that they can simply use brute force attacks to get mail through to you.
At the moment, a combination of greylisting and rbl filtering is very effective. Sure the spammers will eventually work around greylisting (at significant 'expense' in terms of what their software must do whilst still remaining unnoticed on the bot machine), but by the time they send out a second delivery, the machine should have got itself onto blacklists. I do run a filter program, but it's set not to delete anything, just flag it.
Long term, I agree that better protocols are required, one such is described at http://en.wikipedia.org/wiki/Internet_Mail_2000. Trouble with that it the length of time it takes for things like that to catch on - just look at IPv6 for example, now people can 'solve' the address shortage with (broken) NAT devices, there just doesn't seem to be any drive to 'make it happen'. Similarly, any new mail protocol will have to co-exist with SMTP for decades - and as long as there is an SMTP gateway then the spam will continue !
7. anonymous
Microsoft Outlook's spam filter is remarkably good - make sure you download the latest office updates from the Microsoft website. Our ISP filters out most of the obvious spam but not the tricky stuff, the McAfee spamkiller next to useless (and often blocks legitimate e-mail), but Microsoft stops the spam almost every time - this is someone speaking who gets 200 spam a day because i have 5 different e-mail addresses all over the internet, runs 2 e-mail newsletters
8. Chris Gare
SPAM quantity has definitely taken a turn for the worse over the last few months. I do not want to change my email address as I want people to be able to find me! Like, you I am using two levels of detection but my life turned around when I started using CloudMark. I don't want to make this an advert but it works in a different way to 'traditional filters'. It uses its community of several million users to flag what mails are SPAM. I've only ever had a few false positives and only misses one or two SPAM of the 150 I get each day.
However, fundamentals do need to change otherwise we can all give give up this mechanism for communication - mobiles will be next. As we give up email, there will be more use of the mobile and users will be turning them off more and more and will be not so ready to answer when you call.
I've also had 'intersting' software problems recently: http://technologyinside.com/2007/02/20/will-i-live-through-browser-incompatibilities/
9. James Button
Basic solution - every forwarder/ISP to check source address to them is valid.
Government legislation requiring a small payment from sender to sendee, for each message declared to be spam, or 'malware' vehicle.
Transmitting organisation allowed to re-bill, with - say 10% increase (to cover costs) the organisation/source that sent them the message.
Payments to be made monthly, with any minimal amount (say less than $10) to be discarded/voided.
That way - the recipient of large numbers of 'bad' emails gets paid for their inconvenience.
The ISP delivering them will get lots of reports (to log, and analyse) about those messages
The source will get a large bill, providing the next leg in the delivery path has verified the id on the messages, in which case, they get to pay for the privilege of not having to check the id on messages they process.
(and - the ISP will , presumably be billing for bulk message sets, that they don not have to pass on to those clients that didn't get enough messages to claim for!
10. Richard
Simple: Guantanamo for Spammers!
Two measures would reduce spam:
1. Banks should remove credit card facilities from the companies promoted by spam: Apart from the "pump & dump" stock market scams, most spam relies on selling something via credit card payments.
2. Send convicted spammers to Guantanamo: Other Internet criminals would soon "get the message"!
11. Peter Cochrane
Neil = Not at all sure protocols will solve the rogue state problem....but certainly we are going to have to throw the legal system at it. Peter
12. Peter Cochrane
Derrick = It turns out that the illegal - ie criminal - spam activities turn out to be a global multi-billion $ business. The non criminal lot seem to do well too! Peter
13. Peter Cochrane
Anonymous London = I'm within an inch of transiting to a new email address! Peter
14. Peter Cochrane
Bill = It really is about sheer volume - and it is now massive. Peter
15. Peter Cochrane
Anonymous London = Tried it - found it poor - moved on and used a better one. Peter
16. Peter Cochrane
James = With BotNets your solution fails on the 1st line! Peter
17. Peter Cochrane
Richard = How about nailing body parts to a tree! Peter
18. Phil Carter
Turn it around and target the advertisers who use the spammers to promote their wares. Create the offence in the largest jurisdiction presumabaly the US of sending unwanted adverts and then prosecute them. You can always find them an advert without contact details is no advert at all ?