funsec mailing list archives

Re: 95% of User Generated Content is spam or malicious

From: Rich Kulawiec <rsk () gsp org>
Date: Mon, 22 Feb 2010 06:55:32 -0500

[ Please do not send redundant copies of on-list traffic. ]

On Mon, Feb 22, 2010 at 12:15:43AM -0500, Dan Kaminsky wrote:

My sense is that SPAM filtering is ghettoizing, i.e. there's a very
small community of extraordinarily miserable people whose job it now
is to deal with SPAM for the rest of their users.  They've been so
successful, even at 98%, that now users have NO tolerance for SPAM.
In other words, the SPAM war appears to be won, nobody seems to know
it's still being fought.


First, the correct term is "spam", never "SPAM".  The former refers to
unsolicited bulk email, the latter refers to a Hormel product.

Second, 99% of the people doing anti-spam work are quite incompetent.
Many of them do not grasp even the rudiments of the field -- for example,
the distinction between stopping spam and stopping spammers.  Many of
them do not know the correct definition of spam.  Many of them deploy
known-failed and/or known-abusive methods.  Many of them fail to point
their defenses inward as well as outward.  Many of them use whatever the
flavor-of-the-month is, even though spammers have defeated it before it
was even put into production.  Many of them buy garbage products from
carpetbagging vendors eager to make a quick buck off the Internet's
collective misery by peddling whatever half-ass crap they can.   &etc.

So no, the war's not being won.  We are losing worse than ever thanks
to the incompetence and stupidity of most of those who think they
know something about spam but are little more than ignorant newbies.
While *some* spammers are just as laughably inept, the professionals
have repeatedly demonstrated far more intelligence, ingenuity and
savvy than almost all of their opponents.  And as one of the direct
consequences, they've managed to cause the expenditure of ever-increasing
amounts of money/time/effort/inconvenience for ever-decreasing results.

We're only at the beginning of this fight.  It's going to get much worse,
because spammers hold all the strategic advantages, and because there is
as yet no sign that their opponents, as a group, will get a clue.

---Rsk

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Re: 95% of User Generated Content is spam or malicious, (continued)
- - - Re: 95% of User Generated Content is spam or malicious Dan Kaminsky (Feb 24)
    - Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 25)
    - Re: 95% of User Generated Content is spam or malicious Dan Kaminsky (Feb 25)
    - Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 25)
    - Re: 95% of User Generated Content is spam or malicious Hubbard, Dan (Feb 25)
    - Re: 95% of User Generated Content is spam or malicious Drsolly (Feb 10)
    - Re: 95% of User Generated Content is spam or malicious rackow (Feb 10)
    - Re: 95% of User Generated Content is spam or malicious der Mouse (Feb 10)
    - Re: 95% of User Generated Content is spam or malicious Dan Kaminsky (Feb 21)
    - Re: 95% of User Generated Content is spam or malicious Tomas L. Byrnes (Feb 21)
    - Re: 95% of User Generated Content is spam or malicious Rich Kulawiec (Feb 22)
    - Re: 95% of User Generated Content is spam or malicious Dan Kaminsky (Feb 22)
  - Re: 95% of User Generated Content is spam or malicious Tomas L. Byrnes (Feb 14)
- Re: 95% of User Generated Content is spam or malicious Randy Abrams (Feb 10)
  - Re: 95% of User Generated Content is spam or malicious Ned Fleming (Feb 11)
    - Re: 95% of User Generated Content is spam or malicious Benjamin Brown (Feb 11)