Spam Trends, Redux
Back in February, I wrote about the increasing spam trends, and some options to I had to reduce the amount of spam I see. Since that time, the amount of spam I receive has continued to rise. About a monnth ago, I decided to upgrade SpamAssassin from version 2.63 to 3.1.3, and wow, what a difference it has made:
As a refresher, SpamAssassin uses a set of rules to detect spam. Each rule has a score attached with it, which can be either positive or negative. The total score for a message is the sum of all matching rules, and is used to determine if it is spam or not. In the above graph, weak spam has a score between 5 and 15. Strong spam has a score above 15. And ham (not spam) has a score less than 5 (not shown in the graph). The way I setup my mail filters, strong spam goes straight to the bin. Well actually, I save it so it can be used for Bayesian filtering, but I never even read it.
The idea behind weak spam, is that I scan it for ham incorrectly marked as spam, a.k.a. false positives. The problem, as of a few weeks ago was the the amount of weak spam was so high, I couldn’t keep up with it. I just threw everything in the bin. This, of course, raised the chances of me not catching false positives. As you can see from the graph, after upgrading SpamAssassin, the amount of weak spam dropped tremendously, from over 1,000 to about 200. This is because the SpamAssassin is much more accurate in detecting spam, most likely due to updated rules. The amount of weak spam is now small enough for me to scan it for false positives, again.
The other benefit that doesn’t show up in the graph, is that large numbers of spam would creep into my inbox. Basically, SpamAssassin wasn’t detecting spam. This was extremely distracting, since I had to manually filter this out. The new SpamAssassin cut down on false negatives tremendously, too.
One final observation from the graph is that the total amount of spam has basically been rising linearly for the last year. While it’s great that SpamAssasin catches so much spam, the reality is I’m getting almost 1,600 spam messages per week. That’s double what I was getting just over 12 months ago, and is a disturbing trend. Will I be getting 2,400 spams in another 12 months? How much is this costing me in extra bandwidth and CPU to handle these crap messages?
So the morale of the story is to keep your spam tools up-to-date. Spam is an arms race. Spammers change their tactics all the time to get around spam detection software. By using the most up-to-date spam tools, you’ll be more likely to read less spam.