Less spam around?

[swill453]

I've got a couple of older email addresses that used to get a lot of spam. Even with the spam folder getting automatically cleaned after 30 days, there'd typically be 50-100 messages in each one.

These days I'm seeing hardly any - one account has had 3 spam emails in the last 30 days, the other only has one.

Are spammers not bothering much any more? Or are spam emails being intercepted further up the line and not even getting as far as my accounts these days?

Scott.

[GoSeigen]

There's an incredible amount of technology being deployed to combat spam. I doubt the spammers have given up...

GS

[Infrasonic]

The major email providers had a tightening of DMARC authentication policies around February this year and also placed far stricter limits on how many emails could be sent from accounts on a daily basis - it was widely covered in the tech press in the months before implementation and I've mentioned it on this board multiple times.

Whether it will last or the spammers find yet more ways around the increased DMARC demands remains to be seen, history has shown that more and more layers get added to try and cover the innate swiss cheese nature of email and slowly but surely they get circumvented.

There's also a balance to be had between all out implementation of all the various protocols currently in existence, which would severely curtail spam/spoofing/phishing et al, but would also make any legit email that didn't fully comply risk being NDR'ed or worse 'silently dropped'.
Most of the major email systems like Gmail, Outlook.com, Yahoo don't fully comply with all the protocols - they score about 65-70% if you use the test sites.

[Infrasonic]

Knowledge base articles here covering most of the email protocols in current use...https://www.mailhardener.com/kb/

They also do a free (for personal use) dashboard delivery report service for domain email that I implemented on my domain about a year ago - very handy...https://www.mailhardener.com/features

[GoSeigen]

I recently had trouble sending email to a legitimate contact because my IP address was on some sort of blocked list implemented on his ISP server (Outlook IIRC). A rare case for me of being negatively affected by the anti-SPAM measures.


GS

[scottnsilky]

My experience is the exact opposite, until a couple of months or so ago, I got next to no spam, now I get several every day, fortunately the spam filter sends them to my spam file. Most are innocuous suggestions I should try winning at roulette, or whatever, but I've had two from my 'friend' Diane, whom I've known for forty years, and she definitely does not sign off 'warm regards'. I think/hope I'm right in saying, I can check the sender's email address without risking security, they came from Napier Healthcare, a Singapore based company.
How can someone link my email address with my friend's exact name without having access to our emails?

[ReformedCharacter]

How can someone link my email address with my friend's exact name without having access to our emails?

It used to be a common modus operandi for email viruses to use the contents of a victim's email address list on their computer to generate email that appeared to come from someone else on the same list, giving it superficial credibility. I presume this only works with computers that use local mail storage, not cloud email like Gmail. Until recently I was still getting occasional email that purported to come from a friend whose computer had been virused 20 years ago. I think these viruses must still be around because I recently received email from a random address with an acquaintances name in the subject line.

RC

[UncleEbenezer]

Spam has adapted with the times, and much of it has become more sophisticated and target. I think the amount of pure-random spam has reduced a lot.

Back in 2001 I turned spam filtering off for about a week, on an address that had been public since a more innocent (pre-spam) era. That got me something over 4000 spam messages a day. Trying it again this year, the daily number is down into two digits. The minority that are in English are largely telling me to reset my password, unblock my account, or pay a ransom, rather than the more innocent "visit my site" or "buy me".

[Infrasonic]

How can someone link my email address with my friend's exact name without having access to our emails?

It used to be a common modus operandi for email viruses to use the contents of a victim's email address list on their computer to generate email that appeared to come from someone else on the same list, giving it superficial credibility. I presume this only works with computers that use local mail storage, not cloud email like Gmail. Until recently I was still getting occasional email that purported to come from a friend whose computer had been virused 20 years ago. I think these viruses must still be around because I recently received email from a random address with an acquaintances name in the subject line.

RC

Or compromised email servers.

Even with encrypted email the message source headers have to be clear text in order for the routing to be effective, so the to and sent from addresses can be easily harvested.

On premises MS Exchange has effectively been abandoned by Microsoft now, they only support the Exchange online service as there are so many security holes in on prem and user security patching has been very 'patchy'. Exim (Linux) had a major security alert a while back with thousands of email servers affected and the potential admin privilege exploits had been floating around for years.

Email was designed in far more benign times and is effectively a digital postcard - none of the more recent security protocols are 100% secure but collectively if all or most of them get implemented it does greatly reduce the attack surfaces. The issue is forcing compliance across the board.

Many things like S/MIME are set up fail to open, which seems daft but in reality if everything was fail to close the email systems would grind to a halt with all the non delivery issues.

[Infrasonic]

https://support.microsoft.com/en-us/off ... 6af7735c2e

To help protect against abuse by spammers, Outlook.com limits the number of email messages that you can send in a single day, as well as the number of recipients for a single message.

If you recently created a new Outlook.com account, a low sending quota is a temporary restriction which is upgraded to the maximum limit as soon as you establish credibility in the system.

What are the Outlook.com email limits?
The limits for Microsoft 365 subscribers are:

Daily recipients: 5,000

Maximum recipients per message: 500

Daily non-relationship recipients: 1,000

Notes:

Limits may vary based on usage history and will be lower for non-subscribers.

A “non-relationship recipient” is someone you've never sent email to before.

The sending limits of any third party connected accounts depend upon the service provider.

Cont.

[Infrasonic]

^^ As an example back in the middle of February I had to send out quite a few emails to new contacts from my main Hotmail account (that I've had since 1998), my account got suspended twice for 'suspicious activity' and I had to enter a 6 digit SMS code to unlock it each time.

Many of the emails had attachments which is what I think was triggering the lock outs, but my associated MS account gets about 30-40 unsuccessful log in attempts a day from nefarious parties. (You can view the sign in logs in the security section of your online MS account.)

I've got 2FA enabled (smartphone authenticator apps and passkeys with biometrics) so none of the rogue attempts will succeed but the attention may well lower the trigger thresholds for MS to suspend the account, as well as the change in my sending behaviour for that account from occasional to a brief flurry with attachments - so clearly they are monitoring and responding dynamically, which is reassuring.

If you do need to send out large numbers of bulk emails (e.g marketing) from a domain the only real feasible way of doing it these days is via the commercial bulk emailers like SendGrid et al who are specifically set up to get around the 'spammer' issues, including things like rotating their SMTP IPv4 addresses and having direct communication lines with the big email providers to get them 'delisted'.

Many commercial bulk emailer's have free tiers with daily sending limits but you won't get the full fat 'high delivery success rates' service for free...

[Adamski]

Maybe all the Ukrainian wives to be are married off, or if moved to the West no longer need husbands

Or the Nigerian inheritances have found the assistance they need, and Nigerian Princes have found wives

[Julian]

It's gone away now (I hope) but for a lot of the time over the last few months I've been getting a lot of spam - as in about 2,000 spam messages a day. (Yes, I did mean to type two thousand!) All but a handful were (at least ostensibly) either Delivery-delayed or Delivery-failed warnings from Google (I use GMail).

A few times I got close to opening a thread here to post the full original text of a typical message I was getting to see if anyone had any idea what was going on but I never quite got round to it since I would have needed to make sure I anonymised any domain addresses or IP addresses that might relate to me so I never got to the bottom of it and now all those messages do seem to have stopped.

The body of the emails that were being said to have had their delivery delayed or failed were all the classic "Hello friend. I have some bad news for you. I just used your webcam to record you watching porn..."(*) so my working theory was that some spammer was attempting to use my email account to send their spam to other people although I suppose the spam could have all been directed at me using a new (to me) tactic of wrapping them up in a seemingly valid alert that email was getting delayed to make me look at them (unlikely I think).

What was never clear to me was what online account they were attempting to use since I have my native GMail account but all my mail is forwarded through my own domain name so maybe they were trying to access my SMTP account at my domain provider rather than my actual GMail account. I also wasn't 100% sure whether it was an online hack with the attempts to send email via my account being originated from some other spammers PC or whether my PC had somehow got infected with malware that my security software wasn't detecting so my PC was now part of a Botnet. I tended to favour the first theory since when I had my PC off for a week because I was away I still got back to close to 10,000 spam messages.

It is a big relief that this issue has gone away because with that volume of spam I found it really rather disturbing, and also I do scan my spam folder for false positives which GMail can occasionally create (i.e. send a valid message to spam sometimes including important stuff from my bank) and when I was having to check thousands of spam emails a day that became quite a time-consuming chore even when only taking a cursory glance at the subject lines.

I wouldn't recommend my particular spam experience to anyone.

- Julian

(*) Quite an accomplishment in my case since (a) I don't watch porn on my PC and (b) I don't have a webcam connected to it either!

[Infrasonic]

It's gone away now (I hope) but for a lot of the time over the last few months I've been getting a lot of spam - as in about 2,000 spam messages a day. (Yes, I did mean to type two thousand!) All but a handful were (at least ostensibly) either Delivery-delayed or Delivery-failed warnings from Google (I use GMail)....

Almost certainly a classic spoofing whereby the spammers have used your address as the sent from/reply to and so you get all the delayed (non)delivery reports to your address. It's happened to me a couple of times in the last year or so with my oldest Hotmail address, which with its age has been involved in a few database breaches and so is on many of the spammer lists.

It will also get your abused address listed on the 'backscatter' DNSBL's temporarily which can effect your ability to send legit email - thankfully those listings reset pretty quickly.

I'm still getting subdomain spam for the some of the previously abused routes like nonsense at subdomain.onmicrosoft.com, so that still needs addressing, but overall the spam situation is much better.
https://practical365.com/onmicrosoft-com-domains/

No doubt the volumes will creep back up as workarounds get found by the spammers, so expect another tightening of the authentication belt in future - if you have your own domain email then you need to keep on top of it to make sure your host is implementing all the required DNS TXT etc, or if you can, learn how to customise it to your own specific needs.

My domain/email host recently added DKIM to my account, and a DMARC policy of 'none' which overrode my customised DMARC policy of quarantine+ reporting via mail hardener (see upthread). So I deleted the hosts TXT file which reinstated mine.