When I built the email system for Sutton a couple of years ago spam was an issue but not nearly as bad as it is today. From day one we have been using the Barracuda Spam Firewall 400 to filter all emails coming into our network. A great feature of the Barracuda is that it can be configured to send a nightly statistics report. Going over the archives, the amount of spam coming into our network has grown by over 535% in one year.
Here’s a graph of the last 4 weeks of email activity:
A year ago, November 20th, 2005, we averaged about 80,000 messages a day. About 73% was spam, 0.4% was viruses and the rest was considered good. As of yesterday, we averaged about 430,000 messages, 96.7% was considered spam, 0.28% were viruses and the rest was considered good.
The increase hasn’t gone unnoticed by our user base and a recent string of requests asking to “fix the spam problem” got me started on a solution or at least an answer. Fortunately (for me), The increase in spam hasn’t been localized to our network. It’s being felt on a global scale. This article, at Help Net Security is a great primer to the recent increase. It’s fairly long read so I’ll summarize it for you:
- Two huge Botnets are responsible
- These two Botnets are the result of two Trojans: SpamThru and Warezov
- There are tens of thousands of variants of this malware, allowing it to slip past anti-virus filters
- The amount of spam will likely increase
- The full report can be found here: http://www.messagelabs.com/Threat_Watch
I’m curious, if any of you have spam statistics to share, please do so in the comments.
Personally, I applaud Telus for blocking outgoing SMTP from their home DSL network. If other ISPs followed their lead the amount of spam would drop significantly. It might not stop grandma from getting an email virus but at least it’ll stop her from spamming everybody else. :)
But blocking outgoing SMTP is a double edged sword. It does solve the spam issue, but on the other hand it prevents legitimate users from sending out emails using their SMTP server of choice.
This is a huge problem at my company. Most of our employees are financial auditors who spend most of their time working in the field. They usually use the internet connection at the company they are visiting, or get access at the hotel.
We have a fairly simple setup of POP3 + SMTP servers. The laptops we provide for the auditors are configured by the IT dept. and not all the field employees know how to change SMTP server they are using.
Every time they arrive at a location where outgoing SMTP is blocked their email essentially breaks, and then they spend hours on the phone with the help-desk troubleshooting and trying to come up with workaround solutions.
I’m also suffering from this problem, as I am forced to use 3 different SMTP servers at all times - one for my home ISP, one for work, and one for the university. Fortunately I use KMail which allows me to choose which server I want to use from a pull-down menu as I compose the message. I can’t imagine how annoying this must be for Outlook users.
There is simply no elegant solution to this problem. Which really suggests that this approach is flawed, because it punishes legitimate users.
We used to have that problem as well. I set up our authenticated SMTP server so that it listens on ports 21 (FTP) and 23 (Telnet). This has worked quite well. I haven’t had any problems or service reports back.
I run qmail so it’s pretty easy for me to run another qmail-smtp process that listens on those other ports. ISPs like Telus would never block Telnet or FTP and spammers can’t use those ports to send out emails from zombie machines.
Plus every email client I’ve seen has the ability to set the SMTP port of the outgoing server.
That is a good idea, but once again - it is a solution to a problem created by another solution. Not the ideal situation.
Furthermore not everyone has a full control over the SMTP server. Sometimes company policy or uncooperative IT department may insist on using the standard SMTP port…
[...] MostlyGeek: Have you been getting a lot spam? Read this [...]
@Luke:
True, it is a solution to a problem created by another solution. However, everything spam related is not an ideal solution. Ideally, there won’t be any zombie spam bots right?
Telus has a good balance. Home DSL users get no SMTP outgoing except to their SMTP server. I’m sure millions of spams a day are being blocked by this.
For people traveling, I would recommend an SSL secured, authenticated SMTP server. I think an IT department should accommodate the needs of their users. I used to be a techie that was unbending in following “proper” and “ideal” solutions. I’ve found balance to be more realistic.
We do have an authenticated server on a different port (587) but that is sometimes blocked too on certain corporate networks. Perhaps having a backup SMTP on port 23 could be a good idea.
Telus (so far) allows SMTP on port 587. Here is a link to a Telus posting on the subject: http://www.dslreports.com/forum/remark,10617362?hilite=587
Thanks Glen, that was is excellent link.
Prompted me to look more into port 587.
Computer Security Tips…
I couldn’t understand some parts of this article, but it sounds interesting…
Thanks for sharing with me Great info dude.
Here i have a simple info for sharing.use anti spam firewall for protection from spam.
The Baracuda AntiSpam Firewall provides comprehensive spam-blocking for your organization. The algorithms and methods used by the The Baracuda Spam Firewall are the most comprehensive and most advanced in the industry.This system good for use in our company for protection from spam.