Re: Why is there so much hype behind Image spam
On Sunday 16 July 2006 06:00, John Andersen wrote: > On Saturday 15 July 2006 08:49 pm, jdow wrote: > > Somehow I figure a better than 1200:1 scoring ratio is a pretty lopsided > > win for SpamAssassin. > > And yet, in spite of your statistics, there is more spam than ever. > Some estimates are that in excess of 95% of all email is spam. > I think this is hype personally. I take 100k emails per day. About 30k of them are spam. Detection rates are in the 90%. (We do get some false positives, mostly far east languages. Chinese, Japanese, Korean). We reject a lot of mail, invalid addresses, sender & recipient. Those are easy. If I count each rejection, we MIGHT get up to 45-50% email spam. But that would be a lie because each email rejected, often gets rejected multiple times. (Obvious from IP, Sender & Recipient being the same). I do know that the AV detection totals dropped to only 1/3'rd of it's previous total when I did two things. 1. Verify addresses at the receiving MTA (Postfix). 2. Reject inbound email from my own domain. Including in SMTP headers. (Yes this breaks forwarding). Tanstaffl. (sp?) > If it didn't pay, no one would do it. Clearly spammers are succeeding. > > Spamassassin and Razor haven't made a dent in the amount of spam, > they just mask the problem. Further, I still pay for the bandwidth. > Reject more. Don't accept email fro non-existent addresses. Often people get annoyed because you won't accept mail from unverified addresses. Often some big organisations even refuse to send from a valid return path (Go figure. Apparently email is 'important' to them up till it leaves their servers, then suddenly not any more). BUt rejecting this way cuts down 2/3's Viruses & spam. Because they use harvested addresses. And the churn is obviously enough to reject a large percentage without too much trouble... Hamish. pgp8TheJOmlCc.pgp Description: PGP signature
Re: Why is there so much hype behind Image spam
Shane Williams <[EMAIL PROTECTED]> wrote on 07/17/2006 09:39:47 AM: > On Sun, 16 Jul 2006, John Andersen wrote: > > > On Sunday 16 July 2006 06:35 am, Shane Williams wrote: > >> I never realized SpamAssassin was started back in 1994. What version > >> number was that? I'd say it was definitely ahead of its time, since I > >> almost never got email spam until around 1996-1997 > > > > The comment was off-hand and not researched. > > That was kind of my point. > > > One of my earliest > > ISPs recommended Spamassassin when it was just a bunch of scripts > > written by some woman who's name escapes me. Since I haven't > > been with that ISP since the Pleistocene I just inserted 10 years > > as an approximation. > > And since you're also confusing SA with SpamBouncer, the reasonable > conclusion here is that you have no idea what you're talking about. > :-D As for the image spam, like the article says: "Spammers are foiling SOME security software by sending junk emails containing nothing but images, according to experts." SA definitly isn't one of those that's being foiled. I think the last image spam I saw was Mr. Wiggly. I assume there are other newer ones out there, but thanks to SA, I haven't seen any. Andy
Re: Why is there so much hype behind Image spam
Shane Williams wrote: On Sun, 16 Jul 2006, John Andersen wrote: On Sunday 16 July 2006 06:35 am, Shane Williams wrote: I never realized SpamAssassin was started back in 1994. What version number was that? I'd say it was definitely ahead of its time, since I almost never got email spam until around 1996-1997 The comment was off-hand and not researched. That was kind of my point. One of my earliest ISPs recommended Spamassassin when it was just a bunch of scripts written by some woman who's name escapes me. Since I haven't been with that ISP since the Pleistocene I just inserted 10 years as an approximation. And since you're also confusing SA with SpamBouncer, the reasonable conclusion here is that you have no idea what you're talking about. Judging from all my list mail today, everyone is in a cranky mood this morning. Must be the heat ;^) -- Three years now I've asked Google why they don't have a logo change for Memorial Day. Why do they choose to do logos for other non-international holidays, but nothing for Veterans? Maybe they forgot who made that choice possible.
Re: Why is there so much hype behind Image spam
On Sun, 16 Jul 2006, John Andersen wrote: On Sunday 16 July 2006 06:35 am, Shane Williams wrote: I never realized SpamAssassin was started back in 1994. What version number was that? I'd say it was definitely ahead of its time, since I almost never got email spam until around 1996-1997 The comment was off-hand and not researched. That was kind of my point. One of my earliest ISPs recommended Spamassassin when it was just a bunch of scripts written by some woman who's name escapes me. Since I haven't been with that ISP since the Pleistocene I just inserted 10 years as an approximation. And since you're also confusing SA with SpamBouncer, the reasonable conclusion here is that you have no idea what you're talking about. -- Public key #7BBC68D9 at| Shane Williams http://pgp.mit.edu/| System Admin - UT iSchool =--+--- All syllogisms contain three lines | [EMAIL PROTECTED] Therefore this is not a syllogism | www.ischool.utexas.edu/~shanew
RE: Why is there so much hype behind Image spam
Title: RE: Why is there so much hype behind Image spam > -Original Message- > From: Bart Schaefer [mailto:[EMAIL PROTECTED]] > Sent: Sunday, July 16, 2006 11:06 PM > To: users@spamassassin.apache.org > Subject: Re: Why is there so much hype behind Image spam > > > On 7/16/06, John Andersen <[EMAIL PROTECTED]> wrote: > > The comment was off-hand and not researched. One of my earliest > > ISPs recommended Spamassassin when it was just a bunch of scripts > > written by some woman who's name escapes me. > > I suspect you're thinking of SpamBouncer. Catherine A. Hampton. > Other than possibly being a source of inspiration, SpamBouncer has > nothing to do with SpamAssassin. > Except Catherine has helped the spamassassin project more then people will ever no. May not be direct, but her help has definetly been great. Projects sharing knowledge help us all. I would say spammers are a far second to a well tuned SA setup. Frankly, I think we are kicking their ass. Image spam, bah! They are filled with numerous other flags. Chris Santerre SysAdmin and SARE/URIBL ninja http://www.uribl.com http://www.rulesemporium.com
Re: Why is there so much hype behind Image spam
Bart Schaefer writes: > On 7/16/06, John Andersen <[EMAIL PROTECTED]> wrote: > > The comment was off-hand and not researched. One of my earliest > > ISPs recommended Spamassassin when it was just a bunch of scripts > > written by some woman who's name escapes me. > > I suspect you're thinking of SpamBouncer. Catherine A. Hampton. > Other than possibly being a source of inspiration, SpamBouncer has > nothing to do with SpamAssassin. Yep -- SpamBouncer is a totally independent project. SpamAssassin started in 2001, 5 years ago. --j.
Re: Why is there so much hype behind Image spam
On 7/16/06, John Andersen <[EMAIL PROTECTED]> wrote: The comment was off-hand and not researched. One of my earliest ISPs recommended Spamassassin when it was just a bunch of scripts written by some woman who's name escapes me. I suspect you're thinking of SpamBouncer. Catherine A. Hampton. Other than possibly being a source of inspiration, SpamBouncer has nothing to do with SpamAssassin.
Re: Why is there so much hype behind Image spam
John Andersen wrote: The comment was off-hand and not researched. One of my earliest ISPs recommended Spamassassin when it was just a bunch of scripts written by some woman who's name escapes me. That must have been Justine. ;)
Re: Why is there so much hype behind Image spam
On Sunday 16 July 2006 06:44 am, Faisal N Jawdat wrote: > On Jul 16, 2006, at 1:00 AM, John Andersen wrote: > > And yet, in spite of your statistics, there is more spam than ever. > > Some estimates are that in excess of 95% of all email is spam. > > I'm unconvinced of this -- my spam load has leveled off at 200 per > day. On the order of 1 per week makes it into my inbox. Well perhaps not 95% any more. http://www.messagelabs.com/portal/server.pt/gateway/PTARGS_0_5882_246_454_-454_43/http;/0120-0176-CTC1;8080/publishedcontent/publish/_dotcom_libraries_en/images/threat_watch/threat_statistics/spam_intercepts_may_2006_large_6.jpg -- _ John Andersen pgpt4IjDqOkCM.pgp Description: signature
Re: Why is there so much hype behind Image spam
On Sunday 16 July 2006 06:35 am, Shane Williams wrote: > I never realized SpamAssassin was started back in 1994. What version > number was that? I'd say it was definitely ahead of its time, since I > almost never got email spam until around 1996-1997 The comment was off-hand and not researched. One of my earliest ISPs recommended Spamassassin when it was just a bunch of scripts written by some woman who's name escapes me. Since I haven't been with that ISP since the Pleistocene I just inserted 10 years as an approximation. -- _ John Andersen pgpT5qkRV4Vva.pgp Description: signature
Re: Why is there so much hype behind Image spam
On Sat, 15 Jul 2006, John Andersen wrote: > On Saturday 15 July 2006 08:49 pm, jdow wrote: > > Somehow I figure a better than 1200:1 scoring ratio is a pretty lopsided > > win for SpamAssassin. > > And yet, in spite of your statistics, there is more spam than ever. > Some estimates are that in excess of 95% of all email is spam. > > If it didn't pay, no one would do it. Clearly spammers are succeeding. I've always been of the opinion that spam will continue to be a problem until spammers start dying for spamming. Then the risk/benefit equation changes. -- John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- 8 days until The 37th anniversary of Apollo 11 landing on the Moon
Re: Why is there so much hype behind Image spam
On Jul 16, 2006, at 1:00 AM, John Andersen wrote: And yet, in spite of your statistics, there is more spam than ever. Some estimates are that in excess of 95% of all email is spam. I'm unconvinced of this -- my spam load has leveled off at 200 per day. On the order of 1 per week makes it into my inbox. The latter is due to SA plus some additional code for better white-listing (which I'm planning to release as soon as I solve a couple issues). The former is entirely out of my control (and note that my email address is all over the place). I suspect one or both of the following are true: 1. the volume of spam is linearly related to the number of email addresses out there. the volume of ham is not: the amount of ham is related to the amount of ham *sent* which follows an exponential distribution. an increase in the number of users does not result in an proportional increase of the amount of ham, but does result in a proportional increase in the amount of spam. 2. spam will (or may have already) hit an economic equilibrium. you could look at this as a supply and demand problem: spam "demand" is the amount of people who are actually willing to buy things they get offers for in spam. spam "supply" is the number of sellers who are willing to sell things via spam. sending 200m messages still costs money (albeit very little of it), and sending 800m messages to get the same number of buys doesn't make sense for the spammer. whether or not we have SA, Razor, etc., there comes a point where it isn't worth spammers at large to send additional spam. spam filtering increases the average cost of a sale to the seller, so the marginal revenue of a spam run has to be higher for the mailing to be worth it. -faisal
Re: Why is there so much hype behind Image spam
On Sat, 15 Jul 2006, John Andersen wrote: On Saturday 15 July 2006 03:08 am, Loren Wilton wrote: and if spammers weren't so incompetent in general it would be even harder than it is. An odd comment, especially for a project like Spamassassin which has had to run full out for the last dozen years just to remain in a dismal second place compared to spammers. I never realized SpamAssassin was started back in 1994. What version number was that? I'd say it was definitely ahead of its time, since I almost never got email spam until around 1996-1997 (usenet, on the other hand...). In fact, I'm starting to wonder if the whole spam scourge occured because of SpamAssassin. ^_^ -- Public key #7BBC68D9 at| Shane Williams http://pgp.mit.edu/| System Admin - UT iSchool =--+--- All syllogisms contain three lines | [EMAIL PROTECTED] Therefore this is not a syllogism | www.ischool.utexas.edu/~shanew
Re: Why is there so much hype behind Image spam
From: "John Andersen" <[EMAIL PROTECTED]> And yet, in spite of your statistics, there is more spam than ever. Some estimates are that in excess of 95% of all email is spam. They're trying harder. We ARE keeping it out of user's mailboxes. I consider that a win. I consider it a real win that they have to work harder to create zombie nets and send millions of emails to get maybe thousands through. They seem to be getting fewer through for more effort. So the users see a win. The only other way to really stop spam is not socially acceptable. But I do think it would be fun if a bounty was placed on the head (not necessarily with the body attached) of the top spammers and zombie net owners. Declare them in season and fair game. More seriously getting them off the street is about the only real way to end the spam. If THAT is your "win" then SpamAssassin is not going to make you happy, ever. Learn a WHOLE lot more about networking, the fine details of things like DNS, and mail handling, and so forth. Then start tracking down the physical locations of these people and turn them in. Or simply let an "excitable person with a gun" know where they are. One way or another take them away from computers. This will be a life long undertaking. As you kill one head of the hydra another grows to replace it. But that is the other kind of win that is possible. (And for what it is worth the spammers that hit MY mailboxes seem to be taking a vacation that began a little before the weekend before the Fourth of July and continues. Slow days used to be about 200 spams a day with 180 being a REALLY slow day after some spammer was caught and jailed. Normal days were 250 to 285. Worst case was around 350. Now I am seeing slightly more than half those numbers for some reason. I wonder if I have gotten on some spammer's blacklists for turning them in to our kind of black lists. If that is true I cannot say I am unhappy. "Tickled pink" is a closer description. Oh, and no, I don't want or need your spam. /dev/null it yourself.) {^_^}
Re: Why is there so much hype behind Image spam
On Saturday 15 July 2006 08:49 pm, jdow wrote: > Somehow I figure a better than 1200:1 scoring ratio is a pretty lopsided > win for SpamAssassin. And yet, in spite of your statistics, there is more spam than ever. Some estimates are that in excess of 95% of all email is spam. If it didn't pay, no one would do it. Clearly spammers are succeeding. Spamassassin and Razor haven't made a dent in the amount of spam, they just mask the problem. Further, I still pay for the bandwidth. We are all running around with our ears covered so as not to hear the din. Yet the din is still there, and growing. -- _ John Andersen pgpQDxwHSBBvZ.pgp Description: signature
Re: Why is there so much hype behind Image spam
From: "John Andersen" <[EMAIL PROTECTED]> On Saturday 15 July 2006 03:08 am, Loren Wilton wrote: and if spammers weren't so incompetent in general it would be even harder than it is. An odd comment, especially for a project like Spamassassin which has had to run full out for the last dozen years just to remain in a dismal second place compared to spammers. Dismal second place? First, where are you coming from? Are you a large ISP using global everything and have to be lenient and rely on signatures and BLs for most of the good stuff? Even that gives on the other of a 10:1 ratio for killed spam to escaped spam. And what do you figure would be better than dismal second place given that the miss to kill ratio even on a poorly configured out of the box SA runs better than 1:1 and probably better than 3:1? SA is forcing the spammers to be more creative and mangle their message ever more to get it across. The mangling is counter productive. It telegraphs "This is spam, delete it" to the recipient even without decoding the words. The image only trick is a relatively new one and modestly effective. But all image/no message in itself is good spamsign. Random words in the message are Bayes food. They make Bayes work better. On the whole I'd say I am winning. I have 7 escaped spams out of roughly 8500 spams total. Two of those were plain empty. The rest were new formats. (An electronics parts based 419, for example.) They are all unique in one way or another. Bayes actually adapted to catching them. Somehow I figure a better than 1200:1 scoring ratio is a pretty lopsided win for SpamAssassin. (I have NO other spam filtering involved, not even grey listing, which is the other really good tool.) Are you trolling? {^_^}
Re: Why is there so much hype behind Image spam
Subject: Re: Why is there so much hype behind Image spam Date: Saturday 15 July 2006 08:15 pm From: John Andersen <[EMAIL PROTECTED]> To: spamassassin-users@incubator.apache.org On Saturday 15 July 2006 03:08 am, Loren Wilton wrote: > and if spammers weren't so > incompetent in general it would be even harder than it is. An odd comment, especially for a project like Spamassassin which has had to run full out for the last dozen years just to remain in a dismal second place compared to spammers. The comment reminds me of Vipul's comment that spam would be eradicated. http://vipul.net/ -- _ John Andersen pgpDxQEugHoCJ.pgp Description: signature
Re: Re: Why is there so much hype behind Image spam
I'd have said the tools were the spammers and the image spams their implements - but that'd just be semantics :-} On Sat, 15 Jul 2006 04:08:51 -0700, "Loren Wilton" <[EMAIL PROTECTED]> wrote: >> marketing.. or should I expect a huge deluge of Image spam this weekend > >Maybe. Who knows. > >Image spam has been increasing drastically in the last few months. It is >much harder to detect than normal spams, and if spammers weren't so >incompetent in general it would be even harder than it is. > >Since spammers want to get their message through no matter what, and since >most anti-spam solutions have become moderately good with network tests, it >is only logical that they try to find some new way around the system. Image >spams seems to be this year's tool. > >Loren
Re: Why is there so much hype behind Image spam
marketing.. or should I expect a huge deluge of Image spam this weekend Maybe. Who knows. Image spam has been increasing drastically in the last few months. It is much harder to detect than normal spams, and if spammers weren't so incompetent in general it would be even harder than it is. Since spammers want to get their message through no matter what, and since most anti-spam solutions have become moderately good with network tests, it is only logical that they try to find some new way around the system. Image spams seems to be this year's tool. Loren