The reason I asked this question may be because I am in a rare position these days, in that I don’t use online email, I use a local client, one that is now outdated and no longer updated: Eudora.
It has a built in Bayesian spam filter that actually does a decent job, and catches 99% of my incoming spam quite successfully. But as I am currently getting around 50 spam emails per day, that means every couple of days it mistakes a genuine email for spam, or mistakes a spam for genuine, and I have to delve through the junk folder to make sure I don’t miss anything important.
For some reason it is often assuming email from my sister is spam, despite it always being perfectly legitimate conversational text. Can’t find a way for it to learn that, without it causing more trouble than it solves.
Anyway, my point is, I like my local client, but am probably more vulnerable to spam because of that choice, and so I was hoping maybe some kind of change might be on the horizon.
In the meantime, I will continue to wish all spammers a long and painful illness before a messy and violent death.
She’s already on my address list, and always has been. The problem is, the setting of “Mail isn’t junk if sender is in address book” gets false positives with all the email that is spoofed with my own email address in the “from”, so I’ve switched that setting off.
I was going to ask the same thing. I haven’t had a problem with spam for a couple of years now. My personal yahoo account maybe gets 1 spam message a month. My company’s e-mail account gets pretty much -zero- spam.
I didn’t know people were still having problems.
They shut down a major spammer six months ago or so, and I noted a large drop since then. Almost nothing slips through the Yahoo spam filter. Nonetheless, a very large amount of email being sent is spam, and that increases costs and decreases performance for everyone, even if many people no longer see it. Clearly enough do, and fall for it, to make the very small cost of spamming worth it.
There are a couple of other problems also. First, it forces a lot of traffic to be sent the other way to do the confirmation. That might be more bandwidth than spam is taking up.
Second, it will encourage content free titles, to get people to open the mail to see what is going on. I’m on a lot of newsletters, and it is useful that they put the top stories in the title, so I can see if the mail is worth looking at.
There are a couple of characteristics of spam. First, it gets sent to everyone for whom the spammer has an email address. Your mail to marketing managers clearly isn’t. Second, it can’t be turned off. I’m involved with a conference that mass mails also, but we give directions about how to get off our list in each mailing, and we remove people who say they want to be removed. I assume your mass mails are similar. That obviously doesn’t work for a real spammer.
Spam: unsolicited and unwanted email. That covers it completely. Spam is defined by the one who receives it. If I sign up for your mailing list, it’s not spam to me because it fails the “unsolicited” test. If I’m one of those people who is looking for cheap Viagra, then the Viagra come-ons are not spam to me because they fail the “unwanted” test.
This definition means that spam is not defined at the sender’s end. If you send a million Viagra come-ons, and 10 recipients want it and the rest don’t, then you’ve sent 999,990 spams, and ten non-spams.
If, legally, we used that definition of spam, then in the above example you would be a spammer. Sending those ten non-spams is fine and legal, but you sent 999,990 spams, so you’re a spammer.
If I sign up for your email newsletter, then I opt out, and you keep sending me email, you’re a spammer. After I opt out, your email is now unsolicited and unwanted, so you’re spamming me by sending it. Doesn’t matter that you also sent 999,999 emails that were wanted. Once you recieve my opt-out, it’s your obligation to remove me from the mailing list, and until you do, you’re a spammer.
Oh, and as for the OP, I agree with those who say that authenticated email headers would go a long, long way toward solving the problem.
The thing is, there is already a recognized way to verify the IP address that email comes from. It called Sender Policy Framework, or SPF ( see www.openspf.org ). It lets you add records to the DNS listing for your domain that identifies valid IPs which originate emails for your domain.
If all mail servers set up SPF records, and all mail servers filtered any email where the stated domain does not match the IP address it was received from, all of the spambots would be out of business.
And it’s been a recognized standard for several years. Every mail server program I’m aware of supports SPF filtering in some way. I don’t know why it’s not more widely implemented.
It would completely bugger people like me: I have my own domain, which is simply a catch-all forward to my ISP, so I can change ISPs without changing email addresses. But all my email is sent from my ISP, with a from address of my domain.
Just because users don’t see the spam does not mean that it is not a problem. All internet users pay for the 90% of email traffic that is spam, via bandwidth charges, storage and maintaining antispam filters/servers. Getting rid of that traffic would give us all a better, faster and more reliable internet.
Oh yes.
<snip discussion of SPF>
But you probably don’t change ISPs very often, and when you do, you just update the SPF record. However, you could also forward your outgoing email via a known host - I use the Outbound Mailhop service from DynDNS.org (even though I now have a static IP address) at £25 a year for 150 emails a day (which is fine until my wife sends out her quarterly email to all our friends, which probably does count as spam). This almost completely avoids blacklisting and port blocking and is a secure system. You could also possibly use SecureSMTP for outgoing email on your inbound mail system - check with your domain host. There is always a secure technical solution, and if people understood and used those systems, spam issues caused by non-secure but-I-want-to-do-this-easily approaches could be severely reduced.
Si (fighting spam and open mail relays since 1993)
No, you’d be fine. If you change ISPs, you just update the DNS record for your domain and change the valid IP address the one(s) your ISP sends mail from. Takes just a few minutes and you’re back in business.
I don’t have any real answer, just a small data point. And I think it says the average speed wouldn’t be all that much different.
On the servers I’m responsible for* email is a small part of the bandwidth used, less then 5% of the total. That figure comes from my memory when I analyzed usage a couple years ago so I could be off a smidge, but I don’t think it’s much.
Also, a year or so ago I opted into a spam filtering service (Barracuda) offered by our ISP, which cut the spam actually received by our mail servers by about 99%**. As far as I can tell looking at bandwidth logs from my CoLo, our usage didn’t change by any noticeable amount.
So my (extremely limited) experience is that while email is by far the largest number of hits on my servers, those hits are almost all very small in size compared to the total usage, which is basically email, FTP, and websites.
Three boxes running email servers for a half dozen companies, but totaling only 150 or so users, plus three more boxes running several websites, but only one of any size.
** Barracuda is amazingly effective. Only a handful of lost legitimate emails (and those were due to user error) and an incredible reduction in spam. My personal spam went from about 300 per day to two or three per day.
I work for a company that produces deep packet inspection equipment for ISPs. Our boxes look at every single packet that traverses the ISP’s network and classifies it as HTTP(web), Peer to Peer, email, etc. The amount of bandwidth that is taken up by all email(spam or otherwise) is minuscule.