35 {{ upvoteCount | shortNum }}
35 {{ upvoteCount | shortNum }}

Decline in spam: Where are they going?

by Paul Myers
29 replies
A post from Terry Zink, one of the honchos fighting spam at Microsoft:

Spam Continues to Drop

Take a look at the comments. The ones there now (the first 6) are from very smart people on the front lines of this issue. Look at where their focus is. That should give you a good idea just how much damage this stuff does, and where the creeps are moving to.

If you don't think this has anything to do with running a business online as long as you're not spamming, you may need to give it a bit more thought.


Paul
#decline #spam
  • Profile picture of the author Andyhenry
    Thanks for sharing that Paul. It's interesting to see how people with the power to make wide-scale changes are looking at these things.

    Definitely the sort of thing we need to be abreast of because it's like being told that your delivery company has terrorists working for them - you might think it won't affect you but being able to change company ahead of time to be cautious might make all the difference.

    Andy
    Signature

    nothing to see here.

    {{ DiscussionBoard.errors[4524462].message }}
  • Profile picture of the author Paul Barrs
    Hmm. A very interesting read indeed.

    I won't try and ague as to whose POV is "right" or "more accurate", but as to the comment about spam "moving"... yup. On the money.

    I'm starting to see it more and more myself; especially yon Facebook.

    Fortunately there's a real simple answer.. you spam me... I DELETE you.

    Paul

    PS. As for those foreign language spam emails... have to admit I don't mind all of the Russian ones , LOL
    Signature
    **********
    It's Simple... I don't "sell" IM anymore, but still do lots of YouTube Videos
    **********
    {{ DiscussionBoard.errors[4524503].message }}
    • Profile picture of the author MIRENGE
      Originally Posted by Paul Barrs View Post

      Hmm. A very interesting read indeed.

      I won't try and ague as to whose POV is "right" or "more accurate", but as to the comment about spam "moving"... yup. On the money.

      I'm starting to see it more and more myself; especially yon Facebook.

      Fortunately there's a real simple answer.. you spam me... I DELETE you.

      Paul

      PS. As for those foreign language spam emails... have to admit I don't mind all of the Russian ones , LOL
      I totally agree with you that the answer is to delete the comments the moments you get them.
      Signature
      Interior design .... where beautiful homes is all we care.
      {{ DiscussionBoard.errors[4524881].message }}
  • Profile picture of the author ExRat
    Hi Paul,

    From comment #5 -

    Not to mention ongoing attempts to pollute other Internet services such as Facebook or Twitter.
    I'm almost as far from being an expert on these things as it's possible to get, but I'm always interested.

    From this perspective, I see the quoted comment as being a possible area for concern. I don't know how effective spam filters were historically on the free email services, but I reckon that due to the power of the filters along with the end-user's ability to recognise spam, the users (the spammer's targets) were in a slightly safer place when the focus was mainly on email.

    What I see now with the way that people are using these social sites (in general - carelessly and ignorantly, especially in terms of revealing data, general privacy and their desire/willingness to use third-party apps, combined with the young age of users plus the level/frequency of their activity) I reckon that this could be a problem area for some time.

    I also wonder about the 'mobile revolution' combined with social sites (accessing facebook via i-phone, for example) and whether this will contribute to increased carelessness due to the nature of mobile internet use (small screen, usage while distracted/on the move etc).

    In other words, if I were one of the bad guys, I would probably be looking to exploit this 'new opportunity.'
    Signature


    Roger Davis
    {{ DiscussionBoard.errors[4524569].message }}
  • Profile picture of the author Paul Myers
    Andy,
    It's interesting to see how people with the power to make wide-scale changes are looking at these things.
    Three of those gents definitely qualify. Terry Zink runs the team that has made huge improvements in Hotmail's handling of business-topic emails, among a whole raft of other things. Suresh is behind one of the biggest webmail systems in the world. And Chris has done enough corporate spam handling for most 20 postmasters. To describe these people as smart, experienced, or influential would be something of an understatement.

    I think the key observations for most of the folks here are the comments about how dangerous the smaller amounts of spam that get through really are. Especially the growth in spear-phishing. That's how several of the large ESPs that were compromised last year are said to have been breached.

    Paul,

    They're all accurate. That's part of the problem with the issue of abuse of systems online. As they all point out, the impacts can be wildly different on different systems. For example, on a small scale, the amount of spam that gets past my edge systems has more than doubled in the past year, due to 3 breaches that won't even show up as a blip on larger mail systems. My usage patterns are different.

    A webhost that caters to marketers will have seen similar, if not as large, increases due to the breaches at several ESPs popular in this industry. Systems used by more typical online customers will have seen different changes due to other breaches. Some of them, for example, will have been pharma spam dropping and phishing efforts going through the roof.

    Targeted Facebook spam and phishing is already a big problem, and it's going to get huge unless Facebook gets some major league talent on board to ward off the worst of it. (They may have already, mind you. If not, they'd better. Google has some of the best in the business, and nothing would chase people from Facebook to Google+ faster than a major rash of serious ID theft and other data abuse originated through Facebook.)


    Paul
    Signature
    .
    Stop by Paul's Pub - my little hangout on Facebook.

    {{ DiscussionBoard.errors[4524637].message }}
  • Profile picture of the author Paul Myers
    Roger,

    For someone who doesn't pay a lot of attention to this, you've got a sharp eye for the trouble spots.


    Paul
    Signature
    .
    Stop by Paul's Pub - my little hangout on Facebook.

    {{ DiscussionBoard.errors[4524646].message }}
  • Profile picture of the author Richard Van
    From the amount of spam I'm currently seeing and the speed which it's increasing no matter what I do, I found Terry's report extremely surprising.

    Sadly like all things, you close off one tunnel and they just dig another, only further underground and harder to find and get rid of this time.

    If I could also clarify, I'm also not anything like an expert on these matters, I'm just reporting from a laymans perspective looking at his inbox.

    Incidentally, I avoid social sites like the plague. My loss in some regards, not in others.
    Signature

    Wibble, bark, my old man's a mushroom etc...

    {{ DiscussionBoard.errors[4524796].message }}
    • Profile picture of the author Alexa Smith
      Banned
      I'm very surprised indeed at Terry Zinc's characterisation there of single opt-in as a "shady way" of populating a list.
      {{ DiscussionBoard.errors[4524827].message }}
      • Profile picture of the author Paul Myers
        Alexa,
        I'm very surprised indeed at Terry Zinc's characterisation there of single opt-in as a "shady way" of populating a list.
        Why? It's quite often a doorway to trouble. Between forged subscriptions (of which I've been on the receiving end of literally thousands over the years), sneaky subscriber acquisition processes, and just plain typos, it's a recipe for problems for many senders and recipients both.

        Very few people in the spam-fighting community consider non-confirmed opt-in to be anything but questionable at best.

        On the flip side, if you can manage the list without generating complaints from the folks receiving your mail, you won't have much trouble at most sites over it.


        Paul
        Signature
        .
        Stop by Paul's Pub - my little hangout on Facebook.

        {{ DiscussionBoard.errors[4524856].message }}
        • Profile picture of the author Alexa Smith
          Banned
          Originally Posted by Paul Myers View Post

          Alexa, Why? It's quite often a doorway to trouble.
          So people seem to say, yes. And Aweber obviously think so because they really do encourage people to use confirmed opt-in, even though they allow single as well. I think it's just that my own experience is different enough for all this still to surprise me. It really takes me aback for that to be described as "shady"!

          I have 5 single opt-in lists (and nothing in my business is "shady"!) and 3 confirmed opt-in. I judge/guess which to start according to the niche, and with hindsight I actually wish I had 7 single opt-in and only 1 confirmed, because they've been entirely trouble-free and they're bigger lists.

          But if I ever started a list in the "IM advice" market or anything similar, I'd certainly make it confirmed opt-in. And that's perhaps the "assumed context" of at least some of the comments one sees on this subject. :confused:
          {{ DiscussionBoard.errors[4525128].message }}
  • Profile picture of the author Paul Myers
    Alexa,

    The niche definitely matters. As does the promise made when they subscribe.

    For example, simple opt-in is a huge problem with what the spam-fighting crowd means when they talk about co-registration. For them, the term generally refers to sites that offer something in return for an email address and include "We can share your address with our marketing partners," or similar language, in the terms of service.

    Chris,
    Spammers are just using other routes. They know that email is less important than it used to be. They're turning to social networks.
    I wouldn't say it's less important. It seems they're focusing on higher return, lower- volume pitches via email. Phishing and the like.

    As far as social networks... Yuck. I had to drop a friend from my "Following" list on Twitter because he was posting so often that he dominated the stream. 60 or more posts, every day. Half about stuff I can't imagine anyone being interested in, the other half promotions.

    I felt like I was having breakfast next to a bunch of bloody Vikings.


    Paul
    Signature
    .
    Stop by Paul's Pub - my little hangout on Facebook.

    {{ DiscussionBoard.errors[4525239].message }}
  • Profile picture of the author John Taylor
    For me the most telling point was from Chris Lewis
    (comment #4) where he says:

    The battle isn't ending, it's changing shape. Due to
    the nature of how it's changing, I predict rougher
    times ahead.

    Yes, maybe spam is declining in quantity. However,
    the spammers have learned and developed the
    systems they use and the channels they attack.

    More sophisticated spammers = more sophisticated
    spam.

    John
    Signature
    John's Internet Marketing News, Views & Reviews: John Taylor Online
    {{ DiscussionBoard.errors[4525271].message }}
    • Profile picture of the author JohnMcCabe
      Even if spam is declining as Terry Zink asserts, a close look at his graph shows that it's still a huge problem and likely to get worse due to the increasing sophistication of the major spammers.

      If you look at the scales (the y axes), you can see that even after the decline, spam outnumbers legit messages by better than 6:1. And a portion of those 'legit' messages have to be those spear-phishing attacks.
      {{ DiscussionBoard.errors[4525662].message }}
      • Profile picture of the author Paul Myers
        John,

        Those are scales, not exact numbers. Spam outnumbers legitimate email by more than 6:1. It's probably closer to 16:1, if it's even that low. At one point it was pushing 19:1, but that was before they shut down a couple of the big botnets.

        The spear-phishing mails are a tiny fraction of the spam. Very small numbers. Phishing attempts not so small, but still relatively minor in terms of volume. The problem there is the damage when people fall for them.


        Paul
        Signature
        .
        Stop by Paul's Pub - my little hangout on Facebook.

        {{ DiscussionBoard.errors[4525800].message }}
  • Profile picture of the author kaper7
    spam is just annoying and it doesn't work anyway. I just don't see people buying a product from someone that spams them. I just delete my spams on contact.

    It's good that spammers are finally getting the message1
    Signature
    Think Tank >>> Devise Wealth Mastermind <<<

    * FREE e-Book *5 Principles for Becoming Wealthy



    {{ DiscussionBoard.errors[4525678].message }}
    • Profile picture of the author ExRat
      Hi Paul,

      I felt like I was having breakfast next to a bunch of bloody Vikings.
      Having a typical Viking breakfast?

      Lobster Thermidor a Crevette with a mornay sauce served in a Provencale manner with shallots and aubergines garnished with truffle pate, brandy and with a fried egg on top and spam
      Hi John,

      If you look at the scales (the y axes), you can see that even after the decline, spam outnumbers legit messages by better than 6:1.
      I may be wrong, but I think that you've misunderstood that (admittedly) confusing graph. The way I read it, the spam (red) line only relates to the left y axis.

      Also, the figures on that left y axis are not representative because they are 35,000 x X number, although that's a seperate issue.

      Therefore, I believe (but I may be wrong) that the 6:1 thing is incorrect.

      (Edit - I see Paul beat me to it.)
      Signature


      Roger Davis
      {{ DiscussionBoard.errors[4525821].message }}
  • Profile picture of the author kindsvater
    Microsoft said a few years ago spam would be eliminated by now.

    The statement "It almost looks like the battle against spam is almost over. What's still left to do?"

    Is absurd. It's laughable. It's plain lunacy.

    I wonder if the stats are because Microsoft's ability to define and catch spam are poor?

    For instance, many spammers are trying to poison the spam filters by including significant amounts of "legitimate" text, even long news articles, as part of their email.

    From my experience I would say spam continues to increase.

    .
    Signature
    {{ DiscussionBoard.errors[4526071].message }}
    • Profile picture of the author Paul Myers
      Brian,
      I wonder if the stats are because Microsoft's ability to define and catch spam are poor?
      Nope. The metrics I've seen all point to a significant reduction in total spam attempts. That includes blocked connections and mail that's rejected prior to delivery.

      I'd be willing to bet that the total that gets through filters into your mailbox has increased though, and for the same reason mine has.


      Paul
      Signature
      .
      Stop by Paul's Pub - my little hangout on Facebook.

      {{ DiscussionBoard.errors[4526107].message }}
      • Profile picture of the author Richard Van
        Originally Posted by Paul Myers View Post

        I'd be willing to bet that the total that gets through filters into your mailbox has increased though, and for the same reason mine has.


        Paul
        Paul,

        I'm not arguing, I'm just trying to understand it.

        How can spam be decreasing if the filters to your inbox are supposed to be getting better but the spam to the mail box has increased?

        Also what do you mean by "for the same reason mine has".

        Sorry, I just want to understand that.
        Signature

        Wibble, bark, my old man's a mushroom etc...

        {{ DiscussionBoard.errors[4526258].message }}
        • Profile picture of the author Paul Myers
          Richard,

          If botnet A tries to send 200,000 emails and 185,000 of them are blocked, that's 2 separate numbers: Attempts (200,000) and deliveries (15,000). If they improve their technique, using snowshoeing, for example, and get to 40% delivery, they can increase the total to the inbox by 100% and still only make 75,000 attempts.

          Most people won't be seeing the same streams of inbound spam. It varies wildly, so providers look at overall impact on the infrastructure, along with their own data, when designing or upgrading their mail systems.

          Snowshoeing, in simple terms, is the use of a lot of IP addresses each sending small amounts of spam. Spreads the weight across more space. Hence the name.
          Also what do you mean by "for the same reason mine has".
          Over 50% of the spam that now makes it past my edge filters is the result of breaches at a couple of ESPs. For example, I got over 400 copies of the "Uniform traffic ticket" spams yesterday. 7 runs of the same spam, with one copy for each subscription I had at those services. I'm betting Brian gets a fair amount from the same source botnets, resulting from the same breaches.

          People in a different industry, or who use the net in more typical fashion, would be unlikely to experience much, if any, of that specific increase.


          Paul
          Signature
          .
          Stop by Paul's Pub - my little hangout on Facebook.

          {{ DiscussionBoard.errors[4526364].message }}
          • Profile picture of the author Richard Van
            Thanks Paul,

            That gives me a much better understanding of how it works. I also now understand better why I get so many of the same spam messages. I've also been getting a lot of the speeding fine and USP deliveries of late, all the same and I didn't know why I got so many, I now understand why. I certainly didn't get 400 hundred but at least 20 a day, normally in batches of 5 or 6 at the same time.

            Thanks for explaining that to me, it's something I need to educate myself on more.
            Signature

            Wibble, bark, my old man's a mushroom etc...

            {{ DiscussionBoard.errors[4526449].message }}
  • Profile picture of the author JohnMcCabe
    I thought I knew how to read a normalized chart. Looking at the end point on the right, the spam line hits at around 4500 looking at the left scale. The legit line hits at about 725 on the right hand scale, or about 1/6 of the spam number.

    I understand that both numbers are actually a multiple (or fraction) of the actual number. I took this little tidbit from Wikipedia:

    In another usage in statistics, normalization refers to the division of multiple sets of data by a common variable in order to negate that variable's effect on the data, thus allowing underlying characteristics of the data sets to be compared: this allows data on different scales to be compared, by bringing them to a common scale. In terms of levels of measurement, these ratios only make sense for ratio measurements (where ratios of measurements are meaningful), not interval measurements (where only distances are meaningful, but not ratios).
    If I'm missing something (and that is a distinct possibility), please show me where I went wrong...

    Edit: I wasn't sure that the spear-phishing attempts were even counted in with the spam, as it sounded like those were evading traditional means of identifying phishing emails.
    {{ DiscussionBoard.errors[4526881].message }}
  • Profile picture of the author Tom Brownsword
    Fascinating read, Paul. Thanks.

    Based on my professional experience, don't ignore the threat posed by spear phishing emails. They are not going to go away any time soon because they are very effective. Thanks for "highlighting" this point, Paul; I think it's one of the most valuable bits of info in this thread.

    Don't open email attachments if you weren't expecting them (even if it looks like it came from your spouse or best friend). Don't click on links, either, if you don't have to.

    Be a bit paranoid. It helps.

    Learn how to read email headers so that you can tell who really sent the email.

    If you're in a situation where you can send and receive digitally signed email, do so (obviously not for an email list!).

    Stay safe. Every minute you waste fighting an intrusion or virus is a minute you can't use to make money and provide value to customers.
    Signature

    Tom Brownsword, CISSP®, GCIA, ITILv3
    Certified Computer Security Pro
    http://ProtectorSupport.com
    http://BusinessActionSteps.com
    ------------------------------

    {{ DiscussionBoard.errors[4529233].message }}
    • Profile picture of the author Paul Myers
      John,

      Something about that doesn't fit. If you look at the range around Feb/Mar 2008, reading it that way indicates a ratio in the neighborhood of 70:1, spam to ham. Either that or I've been looking at this computer for too long.

      I don't believe the problem has ever been quite that bad as a general state.

      If I'm missing something, feel free to apply the ClueByFour.


      Paul
      Signature
      .
      Stop by Paul's Pub - my little hangout on Facebook.

      {{ DiscussionBoard.errors[4534864].message }}
      • Profile picture of the author Paul Myers
        Richard,
        I didn't know why I got so many, I now understand why. I certainly didn't get 400 hundred but at least 20 a day, normally in batches of 5 or 6 at the same time.
        I would guess you had 6 to 8 subscriptions that were delivered through the affected ESPs then. Just one example of how the spam load can vary so wildly on an individual basis.

        I get a lot more spam than most people. For one thing, I've used the same primary email address for 13 years. I also used to be regularly list-bombed in retaliation for spam-fighting activities. That got me on a ton of lists that got shared around and are probably still being shared or fed into botnets. Another factor is that my main address is on a LOT of computers and in a lot of addressbooks around the world. That gives me a very different profile for exposure than most people.

        A lot of people in this industry share many of those factors. We also have similar needs in filtering. For example, almost anyone can benefit from using the SBL/XBL lists from Spamhaus to block incoming connections, as those have extremely low false positive rates. We're less well-advised to use things like URIBLs, since they tend to have higher false positive rates for users in this demographic, and the cost of losing customer email is higher than the cost of the spam that might get through because of not using them.

        A URIBL is a blocklist that includes URLs/URIs that have been included in enough spams reported to the list maintainers to exceed the list's threshold. Emails containing those URLs will be blocked or get a higher spam score at sites using these lists. The listings usually expire automatically after some period, most commonly ranging from 1 to 7 days.

        It's not uncommon for the domain in a big product launch to end up on one of these lists (the SURBL, usually) as a result of complaints.

        Tip of the iceberg.


        Paul
        Signature
        .
        Stop by Paul's Pub - my little hangout on Facebook.

        {{ DiscussionBoard.errors[4535024].message }}
  • Profile picture of the author Michael Mayo
    I've received over 900 spam emails today alone.
    support 1
    support 2...

    Citation NY
    Citation CA...

    Damn, I get around pretty quick in my car. I received the citations(over 300) in one day...lol

    Paul, Thanks for the thread and the link.

    Have a Great Day!
    Michael
    {{ DiscussionBoard.errors[4535052].message }}
    • Profile picture of the author JohnMcCabe
      Originally Posted by Paul Myers View Post

      John,

      Something about that doesn't fit. If you look at the range around Feb/Mar 2008, reading it that way indicates a ratio in the neighborhood of 70:1, spam to ham. Either that or I've been looking at this computer for too long.

      I don't believe the problem has ever been quite that bad as a general state.

      If I'm missing something, feel free to apply the ClueByFour.


      Paul
      Paul, in that range I see the same thing you do. So apparently I'm missing something or there's something in the chart that didn't come through right. I'm betting it's me. It's been awhile since I had to normalize statistical samples...

      Originally Posted by Michael Mayo View Post

      I've received over 900 spam emails today alone.

      Have a Great Day!
      Michael
      Slacker!

      Last time one of my accounts got mail bombed, we were getting ~25k per hour. The host shut me down, but I managed to get them to put the site back online sans email capability. That was almost six years ago, and that address is still running a couple of thousand a day (most of which are blackholed immediately).
      {{ DiscussionBoard.errors[4535108].message }}
  • Profile picture of the author Kevin_Hutto
    Ultimately spammers just want to reach a real person and get some sort of response. Nowadays there are more channels than before, so the numbers will/should start to skew away from email - which for years was the primary channel that they could reach a target...

    With new channels opening up every year, email spam might become less of a focus(for spammers) as there are "easier" ways for the spammers to achieve the same goals. Lots of smart people have been fighting email spam for a long time, so it is not as easy as it once was - but I imagine that the spammers are finding life much easier in these newer channels. Very similar to IM in some ways.
    {{ DiscussionBoard.errors[4535219].message }}

Trending Topics