Spam smarter, not harder

I use Gmail, and I was proud of my Gmail account mainly for one thing: my spam folder typically had only one or two messages in it.  Gmail culls messages older than 30 days from your spam folder, so that means I only got one or two messages per month.  It had been like this for about a year.  I was proud because this was largely my doing rather than Gmail's, because provider-blocked spam is still routed to the spam folder.  Admittedly, I only get 1/3 the total mail volume or less of some other people I know, but I this was still a pretty nice accomplishment.  It means I've been good about what forms I fill out, what sites I visit, and where I leave my e-mail address lying around for bots to pick up or viruses to steal.  I can't even remember the last time I had an undeserved spam message get past the filters.  False positives are also comfortably rare (it's been a few months, at least).

The rare deserved message does reach my inbox on occasion.  This is when I forget to uncheck the box that says, "Send me more info."  Or when I am too lazy to unsubscribe from a list I no longer care about.  It's my fault, and of course they reach my inbox because they're not really spam-- still junk, but not really spam.  Not all unwanted e-mail is spam.  Not all spam has to be unwanted e-mail.  At two messages per month I didn't really care whether or not it came straight to my inbox.  I might even have been willing to open it up and take a glance, just like you might do with junk snail mail.

Unfortunately, the astute reader will have a nagging question in the back of his mind about my use past tense in the first paragraph.  Recently the amount of spam I get has spiked.  I currently have nearly 75 messages in my spam folder, or 2 1/2 per day.  That's still low by some people's standards, but I consider it too high.  It's annoys me most because false positives, while rare, do occur.  I have to check the spam folder, and the chance of not noticing a false positive just jumped way up.

The blame for the increase in spam can be directed squarely at the Storm botnet.  The size of this botnet has been estimated to be as large as 50 million machines, and it's computing power is said to rival the world's largest super computers.  How can I stand up to that?  (This is the part where I beg you to make sure your anti-virus and anti-spyware software is up to date, and more importantly that you install security patches as soon as they're released).

The thing I noticed about spam now that I get enough of it is that while I received 75 spam e-mails, there were only maybe 1/2 dozen different varieties.  This is not only annoying for me, but it's bad for spammers as well.  What might have been a subtle social engineering trick that almost ropes you in is exposed for what it is when the message is duplicated 5 times.  Now it's an obvious scam and you delete it without a second thought.  If you only had to reject a message once then it wouldn't matter that it made it to your inbox.  You know you won't see it again.  You might not care enough about junk e-mail to  have a spam filter.  Your might even open and read the message on occasion, and eventually make a purchase.  E-mail would be a legitimate marketing tool.

But instead of a reasonable flow of junk e-mail, we have spam.  So much spam that people have sophisticated software to block it.  So much spam that it accounts for over 1/2 of all internet traffic.  So much spam that most of it never even reaches the recipient's spam folders but is instead deleted by a mail server before delivery.

If I had one piece of advise for the owner of the Storm botnet, I would tell him to start using all that computing power to do some analysis on his e-mail list, and apportion the messages such that each e-mail address only receives a particular marketing plea once.  My spam folder at least would drop from 75 e-mails down to about 6.  Six messages I can live with, and for six messages I, and I believe others as well, would begin to question the value of using a spam filter.  Social engineering techniques would be more effective, and people would be more inclined to open the messages they get.  In other words, the response rate would increase immensely.  More importantly, people would start seeing spam as a legitimate marketing option and you have the ability to make much more money selling ads via legitimate means than your were by committing what amounts to fraud.