MostlyGeek

The NYTimes published a good article on the rise in image based spam. Here’s the meat of the article:

• Spam has evolved to include images (captchas) to elude message fingerprint filtering
• No more HTML links. Spammers using “pump and dump”. They pump up a penny stock and then dump it when enough suckers have bought into it.
• Spammers are making money, this trend won’t be ending soon.
• Companies are spending more money to block spam
• Zombie botnets are responsible for sending out the spam

At Sutton I’ve seen the same sort of things happening with our network. In the NYTimes article their featured geek, Ben Nakamura, the Mariners’ network manager, adopted the Barracuda spam firewall. We’ve been using this product for about three years now and it is good at blocking out spam. However, it hasn’t been cheap. When we started we had one Barracuda 400. Now we require two and recently both of have been bogging down with handling the increase in spam.

The arms race between spam filtering and spam blocking is expensive for companies like Sutton. While it costs us thousands of dollars a year to block spam, it costs spammers nearly nothing to tell their botnets to dump another billion messages. This is a sad situation where the winners are the spammers and the spam blockers. Everybody else is a loser.

Take a look at this spam I recently received:

When encountering messages like these it’s better not to classify them as spam. Most spam filters use bayesian filtering which creates a statistical model of words that commonly occur in spam to decide the messages to filter. These types of spam are designed to poison that statistical model so spam can not be differentiated from regular email.

For now I still hope that more ISPs block outgoing SMTP on their networks. It was frustrating for me at first but most people won’t even know that the port has been blocked. On Shaw and Rogers cable here in Canada they already rate limiting P2P so the equipment is already in place to make port 25 a no-no as well.