Yep, heavy spam recently, mostly of the scraped content/image-over-the-top variety.

Definitely seen an upsurge. I wonder if it's a result of Conficker finally kicking in.

Definitely more. At one point I wasn't even getting a quarantine message every day at work, now the messages are daily and back to their old levels. One or two are even getting through a pretty tough firewall.

At home spam is on auto delete but four or five a day are now getting past the filters.

Must not be exposed the same way... my inbound spam is basically 10-15 messages per WEEK and virtually all of that is caught by my filters. Check the junk folder every once in a while to see if good inbound got caught...but that has rarely happened. Whether this is due to clean living or hardened access is a good question. :)

Everybody in my office who has been here more than 3 years gets spam daily. That was down to a laptop user letting their machine, containing the full company address book, get infected. More recent recruits get little or none.

I have three active personal addresses, one is in the public domain for voluntary work that I do and gets spammed. One is for personal business use (ecommerce confirmations etc) and one is private for family and the closest of friends only. The last two get no spam at all.

Unless you do something really dumb like creating mailto links on your site (which I did in my early days, and ended up closing that email account when it hit 100 per day) then the thing that puts your address into the wild is most likely to be emailing somebody who has an infected machine.

I'm not talking just personal accounts. I monitor the postmaster and abuse accounts for the mail server. I have filtering set up and spam gets marked and sent along. The markers just make it much easier to parse and push to the appropriate jail cell (mailbox directory) for quick review. I always see some spam in there but nowhere near the amount as of late.

For the past three days now I have been seeing a lot more spam and this is around 100 Email addresses. It is spam bots filling out forms, I know how to stop it but takes a while to get round all the forms.

I get a lot of "Christmas Spam" lately. Emails with the subject "Merry Christmas", "Christmas is Viagra time" and "Christmas present for you".

Are spammers preparing for the holiday season early this year or are this leftovers from last season?

coopster, as more and more hosts and isps popup it's logical to see more spam especially on servers with heavy traffic.

In the past it was easier to setup ip ranges or isps who do not follow the basic rules and block them. Now spammers can switch dns quickly (within minutes), compromise systems and servers at a geometric rate, coordinate attacks using botnets etc. and at the same time it becomes harder for administrators to detect and eliminate the root.

Also lots of hosts do not care or do not understand the consequences of securing systems and/or upgrading their s/w. Perhaps, if ever, they place regulations where the host should be held accountable for the actions of his clients we may see a change.

Just the past week I must sent out, at least 10 complaint emails to various hosts/isps for email spam or hack attempts against servers. I really doubt anything is done. In fact the other thread you referenced, reads among other things:

....a nonprofit antispam research group....

a non-profit organization (who collects spam evidence) vs the commercial power of hosts and spammers. Its really hard to get positive results like this.

I had an e-mail from Postini this morning saying that this year has seen a major increase in spam, with many spammers reverting to old tactics, such as images in emails. I don`t worry too much, the Google/Postini system is pretty good.

dc

The spammers rely on the path of least resistance... With today's machines being so capable it becomes diminishing returns to eradicate spam... the spigot is full on and by the time IT folks can see it the damage is already done... and they have moved off to another location.

What would stop spam in its tracks is end-user education. If idiots did not reply/pay this business plan would not work.

Well, you read it here on WW first, but this report confirms Coopster's & others' initial report:

Spam now accounts for 90.4 percent of all e-mail, according to a report released Monday from security vendor Symantec. This means that 1 out of every 1.1 e-mails is junk. The report also notes that spam shot up 5.1 percent just from April to May.

[news.cnet.com...]

I found this especially disturbing:

"Spammers using better-known and thus more widely trusted Web sites to host malware is reminiscent of the spammers who rely on well-known Web mail and social networking environments to host spam content," said Paul Wood, Symantec's MessageLabs Intelligence senior analyst. "The trustworthy older domains can be compromised through SQL injection attacks while newer sites are more likely to be flagged as suspicious--a temporary site set up with the sole purpose of distributing spam and malware--and thus faster to get shut down."

What would stop spam in its tracks is end-user education.

Seth Godin describes the internet as being in an eternal September. Every year there's another crop of people who know nothing about stopping spam, the kind of people who fall for all the usual scams, who fail to install antivirus and who post their email addresses online without a second thought. The need for awareness is ongoing.

I had struggled with SPAM the first 2-3 weeks of the month. Had one employee who was getting a SPAM email about every 90 seconds - so much that we couldn't keep her box cleared. (She exceeded 50Mb one night between quitting time and reporting the next morning!) Ended up having to really tighten down SpamAssassin and risk throwing some legit mail out with the garbage.

Was really a waste of everyone's time and resources... including the spammers.

Was really a waste of everyone's time and resources... including the spammers.

Don't kid yourself. Spammers are automated. Think they check logs... or even keep them (well, they probably do, but check them?)? Spam is a numbers game. The more numbers they put out the more potential chumps they find. They use the shotgun approach. Bound to hit something!

Put things in perspective: When we are born we are blank (experience). Parents raise us to a point. Schooling helps a bit. But when we get into the world we are adolescent idiots subject to the same old scams which have been going on since Methuselah was a pup because we don't have experience. HOWEVER, we (as a species) do have a leg up called RECORDED HISTORY and the ability to learn from it (which is why virus scanning programs work most of the time). But every second of every day there are x-number of new email accounts for new folks, some not yet fully cooked, and it only takes one reply for the spammer to win... automated.

Sadly, in IT, Internet, or even sandlot baseball, the newbies get taken because the other side does work from historically proven strategies to fleece the uneducated. That's why spam and cons and other sleight-of-hand take your valuables continues to work.

Education is the cure. The question is when to start the education? At birth? Hasn't worked so far, the snake oil medicine men are still in business....

</rant off>

True enough tangor, but there is an investment of time and energy to stay a step ahead of the spam filters...

Has any country really tried education? Sure, there are a number of government and private websites out there that set out to educate people about spam and phishing. But the two I know of have Alexa ranks of around 300,00 and 1 million, and Compete stats of 250 000 and unranked respectively. They're not exactly getting the attention they deserve.

I don't know how much online safety and spam avoidance gets taught at school. But there are certainly plenty of people going online who are a few years out of school, and don't plan on going back. I imagine the best way to reach most people would be through a major advertising campaign: print, TV, radio, the whole shebang. I can't say I've seen any such thing in the UK, at least not on a large scale.

There is a government web site but of course if you know to look you probably don't need it anyway.

That's the trouble with the web, its great for finding what you are looking for but if you don't know the extent of your ignorence in the first place then you won't be looking.

Has any country really tried education?

The thing is, there will always be chumps out there no matter how much you try and educate them. My brother is a perfect example.

Really clever bloke. Seriously clever bloke actually. Won't run anti-virus on his Windows machine as it slows it down and he doesn't surf that much anyway. Yet he knows how much damage a virus can do because he's had them trash his computers before. He's so irked that "that damn Bill Gates doesn't make secure enough operating systems" that he's switched to Linux now.

He's also a great one for clicking on links in e-mails. He knows about phishing and he knows the risks, yet if his "bank" sends him an e-mail, he will click on it. He did find it "slightly odd" last time that the website crashed as soon as he'd entered his details. Five days later and his bank account was wiped out.

Honestly, I despair sometimes.

Welcome to WebmasterWorld, Noodle.

>Seriously clever bloke actually.

eh! and he clicks on links in e-mails?

>He's so irked that "that damn Bill Gates doesn't make secure enough operating systems"

With all due respect, users that don't protect their machines are prime culprits. Send an e-mail to someone with a trojan, or harvester, and it'll pick up your address. That, on top of proving an e-mail address by clicking on a link in an e-mail, not to mention the phishing aspect.

I'm sure you encourage him to mend his ways. :)

Back OT, there have been a few rogue e-mails getting through my multi-layer filtering this month. Normally, the vast majority are nuked before they get to my inbox. I've tried to investigate how they are getting through and have not yet found the solution. But, it's so few at the moment i'm not overly concerned.

One that did concern me was addressed to an e-mail that is only used to log on to an account. I have yet to button down how that got picked up. There's a chance it was random, of course, but that's unlikely, given the address I use.