According to an article in
eSecurityPlanet,
a new record has been set in the world of email: 82% of all email in the U.S.
is spam.
Throughout last year, the volume of spam has been on a steady increase, going
from every other email in the mid-2003 being spam, to nearly two-thirds of all
mail in January of this year being spam. Unexpectedly, in February and March
this year the volume of spam dropped sharply to 59% and 52.8% to the relief of
mail server administrators the world over.
This was too good to last.
In April, the volume of spam bounced back up and overtook the level in
January to 67.6%, and 82% in the USA - outdoing even the worst predictions of
most analysts, who predicted that the US 80% barrier would be breached later
this year.
With rates this high the obvious question now is how will this affect
people's usage of email. So far the signs are that it has not affected current
levels of usage, but users themselves are already asking themselves whether it
is worth continuing using email, with their important messages getting caught up
amongst the sea of junk in their inboxes.
Last year saw a shift in spammers' tactics. By teaming up with virus writers
they have created a dangerous combination. By preying on users with inadequate
virus protection and those not keeping their machines up to date with system
patches, they are creating an army of compromised machines which can be remotely
controlled, able to send out more viruses, distributed denial of service attacks
and inordinate quantities of spam. This technique also hides the spammers'
identities as the message headers upon arrival only point back as far as the
compromised machine, making tracking down the actual spammer nigh on impossible.
"You can all do your part to keep the spam down", says Michael McConnell,
developer of MailStripper
for the UK-based Eridani Star System.
"If you run a mail server make sure it cannot be used as an open relay from
the outside world", he adds. There are numerous free tools available on the
Internet to help with this, the best known and fairly thorough one is
the relay test at
mail-abuse.org.
Michael adds, "Ensure that if your web server has any CGI scripts capable of
sending mail, such as FormMail, that they are locked down so cannot be called
from outside web pages and are limited to whom they can send mail."
It's not just server owners who can help. Michael goes on to say "Owners of
client machines connected to the Internet also have a part to play. Make sure
you keep up to date with software patches for your operating system, run an
anti-virus package and keep the signatures current at least once a day, and if
you are online less often, update every time you go on line and especially
before you download your email. I don't believe that last point has been
emphasised enough. I've seen machines where signatures are more or less current
but the mailbox is teeming with nasties and the owner wonders how they got past
the virus scanner. Running a personal firewall on your machine is also highly
recommended, as this will stop crackers* from
trying to break into your machine and viruses that work in a similar way to the
old SQL Slammer worm and the more recent Sasser worm, neither of which use
e-mail to spread."
1995 this is not. The days of the internet free-for-all are long gone.
* Crackers? Yes, the media always gets this one wrong. See the proper
definitions of hacker
and cracker
at ESR's Jargon Dictionary.
|