 pv8man17
join:2003-10-07
Hammond, IN | ha 5 billion?...I smell BS | |
|
 | |
| | voyager6868
join:2003-01-29
Lynnwood, WA | Re: ha And IronPort will solve the problem for a mere 4.5 billion dollars! | |
|
| 
BIGMIKE
Premium
join:2002-06-07
Westminster, CA | that's all? $5 billion
Gridlock in America". A cover story article in USNews.com published on May 28, ... Congestion costs Americans $78 billion a year in wasted fuel and lost time.
--
Type "miserable failure" in Google | |
|
Camelot One
Premium,MVM
join:2001-11-21
Sarasota, FL
clubs:
| Where is the cost in bounced/return messages? What is it that costs anyone anything? We aren't talking about viruses and such, just bounced spam emails. They don't cost businesses anything unless they happen to be paying for bandwidth by the byte. They are annoying sure, but not costly.
--
AMD X2 4800+ @2700Mhz/ MSI K8N Neo 4 Platinum SLI/ 4x 1024Mb Corsair XMS PC4000/ WD 74Gb Raptor/ PNY 7800GTs SLI/ Antec 550 True Control/Custom water cooler | |
|
| 
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
 ·Cox HSI
 ·Speakeasy
| Re: Where is the cost in bounced/return messages? said by Camelot One  :What is it that costs anyone anything? We aren't talking about viruses and such, just bounced spam emails. They don't cost businesses anything unless they happen to be paying for bandwidth by the byte. They are annoying sure, but not costly. Say, in an effort to block spam, you've tightened things to the point that legitimate emails ocassionally get blocked. Now, lets assume that one of those legitimate emails was notification of an available $15Mn contract. What is the cost of bounced messages, then?
-tom
--
"Experience should teach us to be most on our guard to protect liberty when the government's purposes are beneficial. The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well meaning but without understanding." -Louis D Brandeis | |
|
| | 
clorets
join:2001-12-12
Oklahoma City, OK | Re: Where is the cost in bounced/return messages? yea but you cant calculate something like that. to add instances like that into the figure would be instant BS.
They could say a situation like that happens once, or they can say it happens 1000s of times a DAY!!!!!111OMGBUYMYSTUFF. | |
|
| | |
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
·Cox HSI
·Speakeasy
| Re: Where is the cost in bounced/return messages? said by clorets :yea but you cant calculate something like that. to add instances like that into the figure would be instant BS. They could say a situation like that happens once, or they can say it happens 1000s of times a DAY!!!!!111OMGBUYMYSTUFF. And yet, very similar similar tactics are used to prosecute crackers and software/music/movie pirates.
-tom
--
"Experience should teach us to be most on our guard to protect liberty when the government's purposes are beneficial. The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well meaning but without understanding." -Louis D Brandeis | |
|
| |
Camelot One
Premium,MVM
join:2001-11-21
Sarasota, FL
clubs:
| said by nixen :said by Camelot One :What is it that costs anyone anything? We aren't talking about viruses and such, just bounced spam emails. They don't cost businesses anything unless they happen to be paying for bandwidth by the byte. They are annoying sure, but not costly. Say, in an effort to block spam, you've tightened things to the point that legitimate emails ocassionally get blocked. Now, lets assume that one of those legitimate emails was notification of an available $15Mn contract. What is the cost of bounced messages, then? -tom I would call that loss due to IT incompetence, not the spam return itself.
--
AMD X2 4800+ @2700Mhz/ MSI K8N Neo 4 Platinum SLI/ 4x 1024Mb Corsair XMS PC4000/ WD 74Gb Raptor/ PNY 7800GTs SLI/ Antec 550 True Control/Custom water cooler | |
|
| | | thebulldan
join:2005-06-13
Bridgeport, PA
 ·Verizon FIOS
·Comcast
| Re: Where is the cost in bounced/return messages? Mayeb for some, but we have been through multiple spam blocking solutions and they ALL have flaws! Some IT groups may be incompetent, but for the most part, you only appear to be as competent as the solution implemented allows.
And just as was posted, you CANNOT rely on email alone for super-pertinent business - especially if it is outside your domain. I have the utmost confidence in our internal email infrastructure, but as soon as the traffic hits the ISPs NOC, who knows. | |
|
| | | 
sweintz
Premium
join:2002-03-01
Hamden, CT
| said by Camelot One :I would call that loss due to IT incompetence, not the spam return itself. Incompetence of the the admins that sent the bounce messages (which should never be done! rejefcts should always happen during the smtp session via a 5xx message!), not incompetence on the part of the poor domain that gets the bounces! But they are the ones stuck working over time and having to shell out the bucks to pay for those hours... | |
|
| | 
sbrook
Premium,Mod
join:2001-12-14
H0H 0H0
·Rogers Hi-Speed
Host:
Rogers
Bell Canada
| The answer to that is easy ... you'd NEVER rely solely on email for contracts ... NEVER.
I deal with some pretty major companies. While they will email a contract, they are on the phone checking I got it, and they also either FAX or snail mail a copy of the contract. | |
|
| 
REHAKES
Premium
join:2002-04-07
Lake Butler, FL
·Windstream
| said by Camelot One :They don't cost businesses anything unless they happen to be paying for bandwidth by the byte. They are annoying sure, but not costly. Indeed, there may not be a cost to the subscriber. However, there is a cost to the bandwidth providers. Somebody has to pay for that internet bandwidth infrastructure! | |
|
| 
madylarian
The curmudgeonly
Premium
join:2002-01-03
Parkville, MD
| said by Camelot One :What is it that costs anyone anything? We aren't talking about viruses and such, just bounced spam emails. They don't cost businesses anything unless they happen to be paying for bandwidth by the byte. They are annoying sure, but not costly. Wait til your domain is spoofed as sender on a millions of spam spew and you start getting hundreds to thousands of bounces a day.
mady
--
Honi soit qui mal y pense | |
|
| |
Camelot One
Premium,MVM
join:2001-11-21
Sarasota, FL
clubs:
| Re: Where is the cost in bounced/return messages? said by madylarian :said by Camelot One :What is it that costs anyone anything? We aren't talking about viruses and such, just bounced spam emails. They don't cost businesses anything unless they happen to be paying for bandwidth by the byte. They are annoying sure, but not costly. Wait til your domain is spoofed as sender on a millions of spam spew and you start getting hundreds to thousands of bounces a day. mady It has happened. Twice in the past 6 months in fact. I didn't get a bill either time.
--
AMD X2 4800+ @2700Mhz/ MSI K8N Neo 4 Platinum SLI/ 4x 1024Mb Corsair XMS PC4000/ WD 74Gb Raptor/ PNY 7800GTs SLI/ Antec 550 True Control/Custom water cooler | |
|
| | kinabrew
join:2002-02-01
·Comcast
| That's lots of fun. The only spam I receive is bounces, which are difficult to filter because the messages are different. The only solution is to filter messages whose subjects contain words like "undeliverable", "returned mail", et cetera.
If a mail is very important, I'd just request return receipts. I'd like nothing better than if all mail servers would stop sending bounces. | |
|
|
sweintz
Premium
join:2002-03-01
Hamden, CT
| said by Camelot One :What is it that costs anyone anything? We aren't talking about viruses and such, just bounced spam emails. They don't cost businesses anything unless they happen to be paying for bandwidth by the byte. They are annoying sure, but not costly. Pretty igonorant.
1) Many busisnesses (including my $DAYJOB) have mail admins that are required to look over the mail logs daily. Do you have any idea how much time it takes to do that when you have a few tens of thousands of bogus bounce messages in there?
2) What about all the support calls from users asking about bounce messages for emails they never sent?
Tech support folks get paid for their job. I figure the average forged spam run with joe jobbed return addresses, genertaing few thousand bogus bounces sent to us costs us roughly $1K once you factor my time and our helpdesk personel's time into it... | |
|
koitsu
Premium
join:2002-07-16
Mountain View, CA
| Backscatter This is commonly referred to as "backscatter" mail.
There is absolutely *no effective way* to filter backscatter that I have found. postfix docs recommend you filter mail based on the Received: header, but this is quite broken/risky (plus when I tried it, broke outgoing mail which was sent via PHP scripts and other CGIs on the local machine).
»www.postfix.org/BACKSCATTER_README.html
If anyone has a good solution for this, I'm all ears.
So yes, I can see how it might cost ""the industry"" quite a bit of money. Five billion seems way too high, but yes, it's wasted time and traffic, which ultimately means wasted money.
--
Making life hard for others since 1977. In memory of 2005... | |
|
|
sweintz
Premium
join:2002-03-01
Hamden, CT
| Re: Backscatter said by koitsu :This is commonly referred to as "backscatter" mail. There is absolutely *no effective way* to filter backscatter that I have found. postfix docs recommend you filter mail based on the Received: header, but this is quite broken/risky (plus when I tried it, broke outgoing mail which was sent via PHP scripts and other CGIs on the local machine). » www.postfix.org/BACKSCATTER_README.htmlIf anyone has a good solution for this, I'm all ears. So yes, I can see how it might cost ""the industry"" quite a bit of money. Five billion seems way too high, but yes, it's wasted time and traffic, which ultimately means wasted money. simple solution-m don't send backscatter! don't send NDR mails outside of your own domain! That's been best practice for a while now.
When you get backscatter, report it to spamcop and any other RBL related service you can think of. Send the admin of the domain that sent the backscatter a nice note explaining why sending NDRs outside of one's own domain in this day and age is a VERY BAD idea.
Only two ways to handle non deliverable mail are acceptable:
1) Reject it during the SMTP session with the appropriate 5xx error code (ie: 550 User Unkown, etc)
2) silently drop it.
NEVER send bounces for non-deliverable mail! NEVER! NEVER EVER EVER! | |
|
lonnyb
lurking no longer
Premium
join:2004-01-25
Elizabethtown, KY
clubs: | Just a few years ago... ...spam was canned meat!! Time flies when you're having fun!! | |
|
|
nixen
Rockin' the Boxen
Premium
join:2002-10-04
Alexandria, VA
·Cox HSI
·Speakeasy
| Re: Just a few years ago... said by lonnyb :...spam was canned meat!! Time flies when you're having fun!! SPAM hasn't just been canned meat since at least the early 80's.
-tom | |
|
| |
lonnyb
lurking no longer
Premium
join:2004-01-25
Elizabethtown, KY
clubs: | Re: Just a few years ago... That was "just a few years ago" to me. Hehe!! | |
|
| | | |
| | | |
lonnyb
lurking no longer
Premium
join:2004-01-25
Elizabethtown, KY
clubs: | Re: Just a few years ago... Yessir!!!!! I was born in '55 and the progress of the human race makes my head spin!!!! | |
|
Fatal Vector
join:2005-11-26 | How ironic. Iron ports wants to run active x controls on their site. Something my IE wont let them do. So sad. | |
|
Fatal Vector
join:2005-11-26 | Awww...
Should we shed a big, fat tear for the poor companies now? It's not like they dont write it off as a business expense anyway. Just another cost of doing business. | |
|
| 
GTaylor
Premium
join:2002-12-14
Frisco, TX
clubs:
| Re: Awww... said by Fatal Vector :Should we shed a big, fat tear for the poor companies now? It's not like they dont write it off as a business expense anyway. Just another cost of doing business. A cost that they'll either pass on to consumers or their employees via cutbacks, layoffs, etc. Don't laugh - Microsoft's new lease program forced us to let go of several people a few years ago. It does happen | |
|
mzeglevski
join:2003-08-26
Brighton, MI | I forgot, why do we care? Who can I bill for the time it takes to prcoess the countless spam email that I have read before bouncing? | |
|
|
sweintz
Premium
join:2002-03-01
Hamden, CT
| Re: I forgot, why do we care? said by mzeglevski :Who can I bill for the time it takes to prcoess the countless spam email that I have read before bouncing? you shouldn't bounce! That is what is causing the problem!
(unless you misunderstand what "bounce" means in the context of email - it means send a message bacvk to the sender that the mail is undeliverable) | |
|
| | mzeglevski
join:2003-08-26
Brighton, MI
| Re: I forgot, why do we care? said by sweintz :said by mzeglevski :Who can I bill for the time it takes to process the countless spam email that I have read before bouncing? you shouldn't bounce! That is what is causing the problem! (unless you misunderstand what "bounce" means in the context of email - it means send a message bacvk to the sender that the mail is undeliverable) Thanks for clearing up the matter...
So, I should feel guilty for bouncing unsolicited, uninvited, and unwanted spam email advertising completely inane products that for the most part are of shady reputation at best and worry that it costs them money?
Color me incredulous! Jaw hanging on the floor!
And if these 'folks" are unwitting victims of abusers than they need to bark up a different tree...oh, I know, like the spamers!!!! No, that would be to simple... | |
|
| | |
sweintz
Premium
join:2002-03-01
Hamden, CT
| Re: I forgot, why do we care? said by mzeglevski :said by sweintz :said by mzeglevski :Who can I bill for the time it takes to process the countless spam email that I have read before bouncing? you shouldn't bounce! That is what is causing the problem! (unless you misunderstand what "bounce" means in the context of email - it means send a message bacvk to the sender that the mail is undeliverable) Thanks for clearing up the matter... So, I should feel guilty for bouncing unsolicited, uninvited, and unwanted spam email advertising completely inane products that for the most part are of shady reputation at best and worry that it costs them money? Color me incredulous! Jaw hanging on the floor! And if these 'folks" are unwitting victims of abusers than they need to bark up a different tree...oh, I know, like the spamers!!!! No, that would be to simple... Yup, you should feel guilty. You are not bouncing to the spammers, but rather to the poor folks whose email address they have forged as the "from" address. You are victimizing an innocent 3rd party that had nothing to do with the spam.
There is abolsultey nothing the poor victim that has their address forged can do to prevenet this problem other than publishing SPF records. The BULK of what needs to be done to correct this problem is on the folks receiving the spam with the forged "from", and their mail admins:
1) They should implement SPF checks at their receiving server. See if the claimed sending domain has an SPF record listing it's mail servers. If it does, reject (without bouncing!) any mail that claims to be from that domain that does not arrive from one of it's SPF listed servers
2) NEVER bounce mail. If you can't reject it during the SMTP transaction with a 550 message , then silently drop it.
Bouncing is itself considered to be spamming in this day and age. It does fit the definition (Unsolictited Bulk Email) | |
|
| | | | mzeglevski
join:2003-08-26
Brighton, MI
| Re: I forgot, why do we care? hey...wait a minute...didn't I just lay claim to the victim crown? What you suggest sounds good, but I don't have the first clue of implementing it...nor up to now the slightest inclination...
Sadly, only geeks, classification affectionately offered, know anything about this...no?
Hey, maybe the Demoncrats should pass another law...the kind of pedantic stuff they're made of...marching toward authoritarianism...
GOPer's not far behind...
Final note...I will consider what you suggest....but whatever the hell a 550 message is.... | |
|
| | | | |
sweintz
Premium
join:2002-03-01
Hamden, CT
| Re: I forgot, why do we care? said by mzeglevski :Final note...I will consider what you suggest....but whatever the hell a 550 message is.... The mails server admins, the ones that need to implement this, know exactly what it means. | |
|
| | | | | | mzeglevski
join:2003-08-26
Brighton, MI | Re: I forgot, why do we care? Ah....cryptic...'til then "bounce away!" | |
|
|
raderator
join:2003-07-22
Conklin, NY
 ·PHONE POWER
| The public is to blame I get no spam. The trick is to pick an e-mail address which is hard to guess, just like a password. Then don't post it any place public like Usenet. I even give it to reputable retailers and none have sold it to spammers.
If you do get spammed, change your email address. Not hard. | |
|
| Armour
join:2002-01-08
Scarborough, ON
| Re: The public is to blame What are you on ? we are mostly talking about the cost to business. you just dont go on and swap 5000 email adress on a semi regular basis. plus how do you keep email adress out of the public when you are a company trying to gain customers witch are the public ? once a domain is knowen the cat is out of the bag. I have a domain I registered and have never used or posted the email anywhere and I recived spam on it | |
|
| | raderator
join:2003-07-22
Conklin, NY | Re: The public is to blame So what your talking about is spammers getting spammed. So I don't care. | |
|
| | | sommerfeld
join:2006-01-24
Arlington, MA
| Re: The public is to blame no. much spam comes from forged source addresses -- the spammer picks an apparently random source address from their database of victims and inserts that in the From: line and the SMTP envelope-from.
Depending on precisely how a message is rejected/bounced, this can result in bounce messages going to otherwise uninvolved third parties. | |
|
| | | |
Fatal Vector
join:2005-11-26
| Damn I find it interesting that the e mail address I use at AOL (the only one I use that is completely open, no controls), that I have used for years with retailers and to do business has NEVER recieved even one spam e mail.
I guess that it's just too hard for spammers to guess...
The rest, I use control lists on, so I never get any spam on them, either. But then, I dont see the need to run my own mail server either. I guess that it amounts to: If you play, you pay. And, if you get spammed, too bad. | |
|
RayW
Premium
join:2001-09-01
Layton, UT
clubs:
·XMission
| Billions and trillions Between losses from spam, bounce messages, RIAA, MPAA, Hackers, phishers, and etc., how does big business have the money to pay the workers, much less 6 digit bonuses to upper management?
--
I am not lost, I find myself every time. | |
|
| 
NotSoAnonymous
@cox.net
| Re: Billions and trillions I imagine 5 billion dollars isn't that much money to the total revenue the internet generates (legal and illegal.) The only quick figure I could come up from a google search was 2.5 billion for the online porn industry by itself without any indication of demographics. I imagine it's not quite possible to measure the total internet generated revenue other than to say.. it's probably alot more than 5 billion. | |
|
yaplej
CCNA
Premium
join:2001-02-10
White City, OR
·Charter Pipeline
1 edit | E-mail system needs authentication. This is why the e-mail servers needs authentication and validation of e-mail messages.
1. Originating e-mail server assigned ID to every e-mail sent.
2. Originating e-mail server would perform some form of hash on the e-mail using the senders e-mail address, and the content of the e-mail (perhaps additional info such as date/time sent).
3. Originating e-mail server would store both e-mail ID, and hash.
4. Originating e-mail server would then send the e-mail message.
5. Destination e-mail server receives new e-mail.
6. Destination e-mail server checks originating e-mail server for the hash of e-mail, and compares that hash to one done by itself.
7. If hash doesnt match discard the e-mail as it was not sent by the originating e-mail server.
Well its probably not perfect, but if every e-mail server did something like that it would eliminate the possibility of "spoofed" e-mails, and because almost all spam is spoofed already most that problem would go away too.
PS:
The ID/hash would only be stored until the e-mail was confirmed/validated. By making them temporary no one would be able to reuse a valid e-mail ID/Hash for sending "spoofed" e-mail messages. Although creating an e-mail with an exact hash would be pretty hard IMO. | |
|
| |
| |
sweintz
Premium
join:2002-03-01
Hamden, CT
| Re: E-mail system needs authentication. said by tschmidt :Something similar but much simplifier already exists called: Sender Policy Framework (SPF) » www.openspf.org/» en.wikipedia.org/wiki/Sender_Pol···rameworkSPF allows the receiving email server to verify if mail was sent by an authorized email server. Pretty simple, not much additional overhead and easy to implement. Just another entry in the DNS server. /Tom Yet it's amazing how much legit email we block here beacuse idiots set up SPF records, the proceed to try to mail from servers not listed in the SPF record -- one that they set up with a "-all" at the end. | |
|
|
Fatal Vector
join:2005-11-26 | Actually, it's too comlicated and time consuming. It would never get implemented. Especially since the checkback from server to server would double the traffic volume | |
|
|
yaplej
CCNA
Premium
join:2001-02-10
White City, OR | Thanks for pointing that out. I'm going to go back and actually look to see what it will take to implement that. | |
|
computerpimp
join:2004-06-28
| More methods In addition to things already mentioned, there are many ways to fight spam and/or reduce the cost. Bounces can even be faked, or a form of reverse spam.
Implementing an optional opt-in filtering or classifying type of filter to those that want it. It also leaves those that are concerned about losing a single email with options too. Someone could choose to never filter their mail, tag the message somehow and filter on their end, have stuff quarantined for a set number of days, or just delete.
Setting up dummy accounts that if enough are hit it triggers delays, or temporary freezing messages with those contents in the mail queue for inspection.
On my own personal server for me, I reject at SMTP time, block entire netblocks of IP's, and implement filtering. Seems to work well, and the number of spam attempts has been reduced, but it's not something for everyone. | |
|
|
|
|
Bounced E-mails: A $5 Billion Problem?
·
Re: ha
·