[linux-elitists] Spam trends (was Re: CC considered harmful (was ...))

Karsten M. Self kmself@ix.netcom.com
Mon Feb 23 14:46:45 PST 2004


on Mon, Feb 23, 2004 at 10:28:08AM -0600, Jesse Meyer (meyer@btinet.net) wrote:
> On Mon, 23 Feb 2004, Karsten M. Self wrote:
> 
> > Email is verging on marginally useful as it is, and not just for
> > nontechnical people.  In foreseable time (a few years), it's going to
> > take, literally, hours to download just spam, at current rates of spam
> > increase[2].
> >
> > [...]
> > 
> > 2.  3496 spams in the past 28 days.  Doubling time ~6 months.  9.3 KiB
> >     per spam.  4.4 KiB/s effective download rate, or about 3m53s per
> >     MiB.  I see 4 hours download time in six doubling periods -- three
> >     years.
> 
> What evidence do you have to predict that its a linear increase, and 
> will always be a linear increase?

Various independent and incomplete stats of spam over time.

My own archives have been eaten by a number of circumstances.  I note
that I received 50% more spam in the past 28 days than I did in all of
2000 or 2001 (there's a post to the effect of spam volumes I made back
then).

Several sites track spam stats.  General concensus is it's 60% of all
mail messages by count (not bitrate traffic), doubling every 6-7 months
currently, with some pretty significant short-term variances.  There are
a few plots of mail received by otherwise inactive mail accounts you can
find.  Brightmail is probably the most commonly quoted source of spam
volume stats.

Measuring spam is a pretty dark science.  The major spammers are few in
number (Spamhaus tracks ~200 major spammers, with perhaps 10-20% of them
accounting for a majority of spam).  Different accounts have
significantly different spam profiles, and many accounts are now
shielded by at least _some_ spam countermeasures which may influence raw
stats.  

There is also the question of metrics:  

  - Exposure profile of a given account -- age, public accessibility,
    "guessability" in dictionary attacks, harvesting by various means
    (viruses, malware, site registrations, dumb "friends").

  - Spam delivered to a typical mailbox.

  - Spam delivery attempts to a given domain (including multiple
    deliveries and dictionary attacks).

  - Spam as a volume of all Interent traffic (bitrate).

  - Influence of firewalling, DNSBLs, filtering, challenge response,
    LART, and other countermeasures on spam.
  
I was involved in a thread on news.admin.net-abuse.email Dec/Jan on good
sampling methods.  My own incidental experience monitoring a number of
accounts and domains over the years is that gross trends for
established, well-known accounts is generally similar.  My theory being
that a few spammers account for the bulk of traffic, and share email
lists.  Specific volume may differ, but gross trends (smoothed
peaks/valleys) were uniform over several domains monitored.


Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    The black hat community is drooling over the possibility of a secure
    execution environment that would allow applications to run in a
    secure area which cannot be attached to via debuggers.
    - Jason Spence, on Palladium aka NGCSB aka "Trusted Computing"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20040223/76db68c4/attachment.pgp 


More information about the linux-elitists mailing list