Re: [mailop] Historical spam loads - was Re: Google rate-limiting more aggressively than usual?

[Michael Rathbun via mailop]

On Sun, 19 Nov 2023 19:02:04 + (GMT), Andrew C Aitchison via mailop
 wrote:

>That is a surprise to hear. Reading this list has given me the impression
>that the spam volume is worse now than it was then. Spamming is a much bigger
>business now and the internet is faster, so I would have thought spammers
>would be sending more messages, even compared to the increase in legitimate
>email.

"Better" can be an elastic concept.

On the one hand, from the script that ran this morning, I see that only 4.2%
of the SMTP dialogs registered in the logs qualified as "not hostile".  These
were communications that were consensual -- multicast from lists like this
one, broadcasts from sources that users had given permission to, and various
unicast messages from sources known and unknown.

The rest were relay attempts, false authorization attempts (often laughably
inept), messages to "sudden death" spamtraps, messages to "Nadine" and all of
the contact addresses that briefly appeared on http://www.honet.com/Nadine,
and a vast array of spammed addresses both valid and never valid.  A
significant percentage of these offenders are immediately identified by the
Spamhaus advisory lists, and other such public services.  There were also the
usual attempts to wake up resident malware.

>If they are sending comparatively fewer messages I can only imagine
>that is because their strike rate is better, which is *more* worrying.
>What have I misunderstood ?

Compared to what we were trying to deal with back in, say, 1997, the volume of
unsolicited broadcast email has gone up by several orders of magnitude. Simply
based on raw volume numbers, the spammers won the war over a decade ago.  From
the standpoint of my users, things are much as they were back around 2005 --
volumes up, detection and suppression also up commensurately.

>> but I wouldn't be at all surprised if some sites still have a 90%+
>> spam burden.

Much of the current evolution of intake evaluation strategies is governed by
the numbers describing what percentage of a major provider's resources are
consumed by messages that nobody will ever see, but which must be evaluated,
tested, examined, classified, and eventually stored/delivered to an account
that is never accessed.  

Expect upheavals for some cohorts of mail senders.

mdr
-- 
The hits just keep on coming for poor "Nadine". See the sad tale 
of email lists gone horribly wrong at 
F - IWAA #2157 GEVNP

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Historical spam loads - was Re: Google rate-limiting more aggressively than usual?

[Bill Cole via mailop]

On 2023-11-19 at 14:02:04 UTC-0500 (Sun, 19 Nov 2023 19:02:04 + 
(GMT))

Andrew C Aitchison via mailop 
is rumored to have said:


On Sun, 19 Nov 2023, Bill Cole via mailop wrote:


On 2023-11-19 at 06:59:37 UTC-0500 (Sun, 19 Nov 2023 12:59:37 +0100)
Alessandro Vesely via mailop 
is rumored to have said:

I don't think someone can drop almost all mail and still call itself 
a mail server.


Were you running a mail system in the early-mid 2000s?

At that time, I tracked the performance of a mid-sized spam control 
system for a business that handled around a million inbound SMTP 
sessions per day. The proportion of mail we rejected as spam was 
persistently over 90%, and at times broke 98%. We never had a 
significant FP problem.


Although the server I ran at that time did listen to the whole 
internet,

our MX pointed at a service that spared me from much of that spam,
though I was aware of it and knew the folks stopping it for me.


The state of email is better today,


That is a surprise to hear. Reading this list has given me the 
impression
that the spam volume is worse now than it was then. Spamming is a much 
bigger
business now and the internet is faster, so I would have thought 
spammers
would be sending more messages, even compared to the increase in 
legitimate

email.

If they are sending comparatively fewer messages I can only imagine
that is because their strike rate is better, which is *more* worrying.
What have I misunderstood ?


The biggest contributor to the reduction in spam:ham ratio from what 
I've seen is a decline in the volume of blatant spambots operating on 
compromised personal devices. Right behind that would be how much more 
B2C marketing mail people are eager to receive. Years of nominally 
legitimate businesses sending bulk mail with marginally acceptable 
practices have conditioned people to accepting more mail as "ham" today 
than they did 15-20 years ago.



And that could of course be particular to the SMB mailboxes of my users. 
Maybe non-business mailboxes are seeing more garbage, but my 
junk-catchers at GMail, Yahoo, Outlook.com, iCloud, and GMX haven't seen 
it. (They suffer from the flaw of having absolutely zero legit exposure 
to commercial entities, so they are not 'typical' freemail accounts.) 
The volume of junk hitting those mailboxes (both Inbox and "spam folder" 
delivery) has dropped over the past few years.



--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Historical spam loads - was Re: Google rate-limiting more aggressively than usual?

[Andrew C Aitchison via mailop]

On Sun, 19 Nov 2023, Bill Cole via mailop wrote:


On 2023-11-19 at 06:59:37 UTC-0500 (Sun, 19 Nov 2023 12:59:37 +0100)
Alessandro Vesely via mailop 
is rumored to have said:

I don't think someone can drop almost all mail and still call itself a mail 
server.


Were you running a mail system in the early-mid 2000s?

At that time, I tracked the performance of a mid-sized spam control system 
for a business that handled around a million inbound SMTP sessions per day. 
The proportion of mail we rejected as spam was persistently over 90%, and at 
times broke 98%. We never had a significant FP problem.


Although the server I ran at that time did listen to the whole internet,
our MX pointed at a service that spared me from much of that spam,
though I was aware of it and knew the folks stopping it for me.


The state of email is better today,


That is a surprise to hear. Reading this list has given me the impression
that the spam volume is worse now than it was then. Spamming is a much bigger
business now and the internet is faster, so I would have thought spammers
would be sending more messages, even compared to the increase in legitimate
email.

If they are sending comparatively fewer messages I can only imagine
that is because their strike rate is better, which is *more* worrying.
What have I misunderstood ?


but I wouldn't be at all surprised if some sites still have a 90%+
spam burden.


--
Andrew C. Aitchison  Kendal, UK
   and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Google rate-limiting more aggressively than usual?

[Bill Cole via mailop]

On 2023-11-19 at 06:59:37 UTC-0500 (Sun, 19 Nov 2023 12:59:37 +0100)
Alessandro Vesely via mailop 
is rumored to have said:

I don't think someone can drop almost all mail and still call itself a 
mail server.


Were you running a mail system in the early-mid 2000s?

At that time, I tracked the performance of a mid-sized spam control 
system for a business that handled around a million inbound SMTP 
sessions per day. The proportion of mail we rejected as spam was 
persistently over 90%, and at times broke 98%. We never had a 
significant FP problem.


The state of email is better today, but I wouldn't be at all surprised 
if some sites still have a 90%+ spam burden.


--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Google rate-limiting more aggressively than usual?

[Alessandro Vesely via mailop]

On Sun 19/Nov/2023 00:15:58 +0100 Philip Paeps via mailop wrote:

On 2023-11-18 18:59:53 (+0800), Alessandro Vesely via mailop wrote:

On Fri 17/Nov/2023 15:37:58 +0100 Philip Paeps via mailop wrote:
We do all the things in the Bulk Sender Guidelines (except DMARC because we 
don't want to frustrate our users ability to use third-party mailing lists 
that don't mitigate it).


If you publish p=none you're enabling DMARC without causing any trouble 
whatsoever to any list.


The last time I looked into this (admittedly several years ago now), I still 
found a non-zero number of sites that would drop all email from domains with a 
DMARC record, regardless of the contents of that record.



I don't think someone can drop almost all mail and still call itself a mail 
server.

Even with all the distemper DMARC brought to mailing lists, it is still the 
path to securing email.  Boycotting it is not a good idea.



In addition you can enable reporting, which may occasionally provide some 
insight.


I'm not convinced that insight would be actionable though.  I know I have users 
who won't use the smtp.FreeBSD.org relay.  Knowing who they are won't 
necessarily get me any closer to reducing their number. ;-)



Confirmation of which DKIM signatures are verified is good to know.  I miss the 
analogue feature for ARC.


If you also send aggregate reports, those are an interesting read as well.



BTW, this list itself has p=quarantine and rewrites your From: anyway.

Not that enabling DMARC would free you from UnsolicitedRateLimitError.  I've 
been receiving those since April this year, although I never send bulk email 
yet have all stuff in those guidelines, including DMARC.


Yeah ... Google does what Google does.  Unfortunately, users don't shout at 
Google.



Shouting wouldn't solve problems either.


Best
Ale
--





___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop