I gave up worrying about the source and start looking into solutions.
Currently, my gmail and yahoo accounts are swamped with spam yet my personal servers, which used to overflow with spam, are virtually spam free at the moment.
All I did was switch on SPF and include couple of DNBLS's organized from most aggressive spam blocking to least.
The use of spamcannibal and barracudacentral was only after profiling (1 week period) which DNSBL's blocked the most incoming spam not covered by the others.
I set the spam to be REJECTED, not BOUNCE. Technically bounce is the proper way to do it but bounce emails actually get into your server and then your server starts trying to deliver them and your email queue gets clogged. Then they spoof return addresses so you're actually involved as part of the spam by bouncing it and people that can't read headers properly report *YOUR* server for spamming.
REJECT deflects it right off your server, no harm, no foul.
Then, I blocked China.
[edited by: incrediBILL at 11:42 pm (utc) on Mar 18, 2010]
Significant. I suspect that sites in different areas have different problems. For me blocking Brazil killed 80% of my problems.
My gmail filters about 99.9% of the spam headed my way. I see one or two every couple days get through. That is pretty impressive.
Nothing bad about that! Meanwhile, I like to see what is filtered, who filtered, and did I have a say in filtering it. Just something to think about (run my own mail server and deal with it personally).
edit: I'm 99.9% free, too... just suggesting China is not the only spam source we look at.
|just suggesting China is not the only spam source we look at |
Neither was I but the DNSBLs seemed to catch all the other crud, just not my China spam for some reason so I took drastic measures.
I'm still puzzled why the ISPs don't attempt to filter out C&C traffic in the first place which would effectively disable all the existing botnets.
Perhaps if they display they could do that they would then be held legally responsible?
Don't think that will happen. ISPs want that "carrier" exclusion which protects them from liability.
|ISPs want that "carrier" exclusion which protects them from liability. |
They already filter out ports, throttle p2p traffic and delete known spam email so that ship has sailed.
The only way you're going to stop spam is stiff fines against the companies who allow their marketers to use the tactic. In cases where no clear path between the one sending the spam and the entity paying for it exist, impose stiff minimum jail terms for the one sending the spam. This will serve as incentive to keep records of correspondence with their employers or increase the risk to a level that will make their services cost-ineffective for the advertisers.
|The only way you're going to stop spam is stiff fines against the companies who allow their marketers to use the tactic |
Then you could cause your competitors a lot of grief by spamming people for them. Send a few million emails, notify the authorities and whammo your top competitors have a big headache on their hands.
Not yet, that's why we have so many conversations on this forum. :)
Query: if ISPs are responsible for getting rid of spam, how soon after forcing same to do that will they be made responsible for collecting tariffs for text, music, and vids the same way pubs pay license fees for juke boxes? Beware what is asked... it just might happen!
|if ISPs are responsible for getting rid of spam |
It's not a matter of responsibility, spam can easily use a major amount of an ISPs bandwidth, server space, CPUs, etc.
I knew a guy who ran a dial-up service years ago that had their email servers so over-spammed they had to physically move clients to a new domain name and close the old server just to get rid of the traffic which was running about 10mbps.
Saving 10mbps in bandwidth is 10mbps additional bandwidth you don't have to buy.
Imagine the same kind of volume except millions of customers like a Comcast instead of just thousands like the little dial-up provider.
Here's a prime example:
Note that in these graphs Google claims there are about 50+ spams per person per day.
Google doesn't just zap them, they download each spam and quarantine it.
Do the math of the bandwidth and storage capacity required, it's staggering and we all pay for it.
If you don't think you pay for it:
- if you're an AdWords advertiser, you're paying for Google to process and host all that garbage for free for others.
- if you're an AdSense publisher, that money wasted on spam could possibly be in your revenue share
Instead, it's all wasted on crap.
The only way you'll ever stop spam is if CC companies block CC sales to companies known to make their money from spamming, or if the government fines people for buying from spammers.
Imagine seeing this on your CC bill after buying from a spammer:
"$35 spam abatement tax"
You would probably stop buying from spammers real quick.
There's a difference between controlling usage... and being responsible for controlling same as regards ISPs.
I think we are talking about the same thing but from different directions. I look at ISPs as the ever flowing, no restriction pipe under the carrier rule. Google's advertising is an adjunct of that flow. How much google spam is there? Pretty sure: NONE. (Unless you have charts and graphs of google spam via google...)
Spam is spam. And the malware, too.
My yahoo account get lots of spam, but yahoo seems to do a good job at filtering it away from my inbox. All my spam has come from me putting my email address in to some website, or publishing my address on a website.
I think that 99% of spam is actually coming from zombie PCs. Viruses is really getting out of hand. Half of my machines are zombies which no antivirus vendor has yet to find any infected file. So I'm blocking the emails being sent at my modem.
To stop spam, we really need to stop these zombie machines.
Block port 25 on your modem, and view your modem logs, I bet at least 50% of domestic houses that use the internet have at least one zombie machine.