(This may as well be filed under `pointless graph update', in fact.) First the good news: the amount of spam I'm getting (by an extraordinary leap let's assume that this is true of the amount of spam other people get, so that this is of any possible interest to other people) seems to be increasing only linearly (and not, for instance, exponentially).
And now the bad news: it's increasing at a rate a bit more than 1.1 (spams/day)/day, so that a year from now I should expect to be receiving 400 spams/day more than I am now:
Related news: Microsoft Windows viruses are still a minor pain in the arse, but nothing compared to fucking idiots who send `virus-warning' error messages to forged addresses:
(Another slightly surprising observation from the above is that there does not appear to be any significant `seasonal' component to the rate at which spam arrives in my inbox. That is, the average number of spams I get on a Monday is pretty close to the number I get on a Tuesday, Wednesday or indeed any other day of the week. This suggests that spammers, in aggregate, don't take any days off. Serves the fuckers right, quite frankly.)
Comments
Posted by Roy Badami, Tuesday, 13 July 2004 00:29 (link):
I have mixed feelings about the virus warning issue (and more generally about bounces to forged addresses).
There are plausible ways of filtering bounces so as to discard the spurious ones (eg by incoporating a cryptographic token into the envelope sender, or simply by keeping track of message IDs).
There is no plausible way of reliably discovering that a message you sent was silently dropped by an over-zealous spam filter or virus checker.
I'm really relunctant to condone relaxing the principle of reliable mail delivery, codified in RFC1123 and subsequently RFC2821, which states that every piece of mail accepted by the mail transport must be delivered or bounced.
E-mail black holes have traditionally been regarded as a Very Bad Thing, and I remain highly speptical that the short-term benefits of discarding this long-established principle outweigh the long term harm that will result from such a change...
Sadly e-mail is sufficiently fucked it may well be impossible to completely save it; I don't believe that it's not worth trying, however, and giving up on the principle of reliable mail delivery smacks of admitting defeat to me...
-roy
Posted by Chris Lightfoot, Tuesday, 13 July 2004 01:10 (link):
-- yes, that's how the above results were obtained! (You don't think I manually discriminated forged bounces from other sorts of spam, did you...?) I use this script, and these procmail rules:
Actually, although this works well enough in practice, it's strictly broken, because there's no requirement for a bounce message to quote the message-ID of the message which caused the bounce. But there are bigger bugs in SMTP, I suppose.
That's a fair point, but it doesn't explain why many of these bloody things don't send the bounce with a blank return-path, don't send it to the envelope sender of the mail, include the fucking virus in the mail, or commit any other number of bush-league errors.
Posted by Roy Badami, Tuesday, 13 July 2004 01:29 (link):
Agreed that many (most?) virus compaints are broken. Rejection should be done at the SMTP level where practical. And where it can't be, if anything is sent (which I'll admit is controversial) then it should be a well-formed bounce.
Which is why I now run ClamAV on my MTAs. I can reject most of the virus crap at the SMTP level, using 100% free software.
As for the problem that bounce analysis techniques aren't currently stictly valid; you're right. But given that most major well-behaved MTAs respond in a way that is amenable to such techniques, I think a reasonable way forward would be to mandate that bounces must contain the full headers of the original message. The impact of such a requirement would be small, given that most systems comply already...
-roy
Posted by edward, Friday, 16 July 2004 02:59 (link):
you chaps don't know you're born. my younger brother recently installed Kazaa on our parents' computer. I've been spending the week manually deleting Gator, GAIN, and other such pieces of satan.
hmmm - system performance down below 40% you say? must mean I'm due for another advert for Capital One to appear on my desktop. huzzah.
Posted by Tim Jackson, Tuesday, 20 July 2004 11:12 (link):
It's not a solution, and it's pretty clunky as these things go (I make no claims of efficiency whatsoever), but I've been maintaining an anti bogus-virus-warnings SpamAssassin ruleset for some time now. I don't have hard figures, but from the comments I've got and from my own mail logs, it's apparently helping to stop a substantial amount of "YOU SENT US A VIRUS!" junk.
Posted by Jack, Sunday, 29 August 2004 18:29 (link):
That is unusual. I haven't been monitoring these things for some time; when I used to run a relay honeypot, the traffic went way up at weekends. Perhaps that's characteristic of open relay spam - someone is more likely to notice that a misconfigured mailserver is being abused during working hours.
BTW, It's a fallacy to suppose that a spammer is 'working' just because he's sending out spam; they start up their spam-engines, and then they go for a few beers. Often they don't even set them up properly - I get a steady stream of spams with replacers in them, saying things like $FORGED_DATETIME (I made that one up, but you know what I mean).
Post a new comment.
Comments copyright (c) contributors and available under a Creative Commons License. See also the comments policy.