[linux-elitists] Spam trends (was Re: CC considered harmful (was ...))
Karsten M. Self
Mon Feb 23 14:46:45 PST 2004
on Mon, Feb 23, 2004 at 10:28:08AM -0600, Jesse Meyer (firstname.lastname@example.org) wrote:
> On Mon, 23 Feb 2004, Karsten M. Self wrote:
> > Email is verging on marginally useful as it is, and not just for
> > nontechnical people. In foreseable time (a few years), it's going to
> > take, literally, hours to download just spam, at current rates of spam
> > increase.
> > [...]
> > 2. 3496 spams in the past 28 days. Doubling time ~6 months. 9.3 KiB
> > per spam. 4.4 KiB/s effective download rate, or about 3m53s per
> > MiB. I see 4 hours download time in six doubling periods -- three
> > years.
> What evidence do you have to predict that its a linear increase, and
> will always be a linear increase?
Various independent and incomplete stats of spam over time.
My own archives have been eaten by a number of circumstances. I note
that I received 50% more spam in the past 28 days than I did in all of
2000 or 2001 (there's a post to the effect of spam volumes I made back
Several sites track spam stats. General concensus is it's 60% of all
mail messages by count (not bitrate traffic), doubling every 6-7 months
currently, with some pretty significant short-term variances. There are
a few plots of mail received by otherwise inactive mail accounts you can
find. Brightmail is probably the most commonly quoted source of spam
Measuring spam is a pretty dark science. The major spammers are few in
number (Spamhaus tracks ~200 major spammers, with perhaps 10-20% of them
accounting for a majority of spam). Different accounts have
significantly different spam profiles, and many accounts are now
shielded by at least _some_ spam countermeasures which may influence raw
There is also the question of metrics:
- Exposure profile of a given account -- age, public accessibility,
"guessability" in dictionary attacks, harvesting by various means
(viruses, malware, site registrations, dumb "friends").
- Spam delivered to a typical mailbox.
- Spam delivery attempts to a given domain (including multiple
deliveries and dictionary attacks).
- Spam as a volume of all Interent traffic (bitrate).
- Influence of firewalling, DNSBLs, filtering, challenge response,
LART, and other countermeasures on spam.
I was involved in a thread on news.admin.net-abuse.email Dec/Jan on good
sampling methods. My own incidental experience monitoring a number of
accounts and domains over the years is that gross trends for
established, well-known accounts is generally similar. My theory being
that a few spammers account for the bulk of traffic, and share email
lists. Specific volume may differ, but gross trends (smoothed
peaks/valleys) were uniform over several domains monitored.
Karsten M. Self <email@example.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
The black hat community is drooling over the possibility of a secure
execution environment that would allow applications to run in a
secure area which cannot be attached to via debuggers.
- Jason Spence, on Palladium aka NGCSB aka "Trusted Computing"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20040223/76db68c4/attachment.pgp
More information about the linux-elitists