Spam - Evil
As a rule, employees of manufacturing companies are told that they tend to exaggerate real dangers in order to improve their own sales. Of course, this happens, although, in general, among professionals, this behavior is considered at least unethical. For example, in (ISC) ² Code Of Ethics , which must be followed by CISSP specialists, it says: "give reasonable, well-grounded advice; do not create an unreasonable anxiety or unsubstantiated confidence" among your interlocutors . As already shown, information security experts sometimes violate the canon of gratuitous anxiety. But unreasonable confidence is no less evil.
Recently, Alexey Lukatsky began to publish a series of articles under the general title "Myths and Misconceptions of Information Security." Some of the “myths” relate to the problem of spam. Mr Lukatsky decided to dispel Myth # 5 “Spam is bad” and Myth # 6 “Spam is damaging . ” Of course, the name of Alexei Lukatsky, as a person who writes a lot and speaks on topics related to information security, is well known, and some people have a full confidence in his opinion, it should be noted that, at least, these articles require comments. Other statements by Alexei and his other articles may also require more careful consideration, but about them another time. So spam. Here is what Mr. Lukatsky writes: “ Spam, as a threat to the stability of mail servers, is from the realm of science fiction. The mail server was originally designed to receive e-mail and an extra couple of dozen messages per user is unlikely to change the situation. Will the stability of your regular mailbox in the house where you live deteriorate from the fact that you regularly get advertisements for window companies, sales, nearest beauty salons and fitness centers? “ Just yesterday, I (A. B.) stayed late for work, helping to configure Postfix for one small business. Here are the facts: there are about 500 mailboxes on the enterprise’s mail server, about 5 GB (gigabyte!) Of received letters are recognized as spam, about 300 MB (only 6%!) Of letters are missed, as legitimate mail. The server constantly has more than 300 competing incoming connections, accepting mail. Suppose a spam filtering system would not be installed on the server, then the volume of mail traffic reaching user boxes would increase 17 times. So, if the average user receives 10 legitimate messages per day, he would have to delete about 160 letters! In fact, it is possible, and more, since the size of spam letters is often stronger than the legitimate letter, because quite extensive office documents are often attached to the latter. It is absolutely clear that with such a volume of junk traffic, accidental deletions of legitimate emails are inevitable. Although, Alexey Lukatsky on this occasion is prone to sneer: “ To call the accidental destruction of mail one of the causes of the harmfulness of spam, my language would never have turned. With the same success, I can accidentally delete an email just by viewing or transferring them between folders. In addition, to combat the accidental deletion of emails, it is easy to fight by recovering them from the “Deleted Items” folder . ” I'd like to clarify with him how he finds out that he deleted a random legitimate email? Two weeks later, when will he be reminded of this? And if he removes a reminder by accident?
Let's return to the facts. Here are a few more: I get 2,000 spam messages per day. But support @ may receive several tens of thousands. A colleague suggests statistics of a single hosting: 5-6 million emails per day, at the peak of 14 million, about 700 competing connections, spam 95%. Little things? Further, Alexey writes: “ The next problem (increased demands on system resources) is also largely contrived. Spam is not stored for a long time - users delete it as quickly as they receive it. » Facts (doesn’t it seem to the reader that we’ve become similar to Microsoft’s“ Get facts ”? :) we hope not): for mail servers like Exchange, where letters are stored on the server side, their volume multiplied by the number of users which in reality destroy letters not so often, such trifles are no longer so imperceptible. In our example with a small business, each user receives about 10 MB of mail per day. The employee went on vacation for 2 weeks - 100 MB of disk on the mail server is busy. 500 users are about 2000 vacation weeks per year or 38 missing employees in any week, or 2 GB of spam space on the mail server. If you look at the architecture of the message storage subsystem in Exchange, it becomes clear that deleting a mail message by the user does not immediately lead to the release of disk space on the mail server. A large number of short-lived messages, such as manually deleted spam, have a negative impact on both disk space requirements and server performance. A separate story - public services with thousands of users, including inactive, like Mail.ru. Of course, everyone has quotas, but we all know that without spam these quotas could be more. 10-20 times. “ Therefore, the mentioned 3/4 hard drives, which are allegedly spent on servicing spammers, do not quite correspond to reality. The processor, of course, is loaded with an increase in the number of mail messages, but to call this one of the reasons for installing anti-spam would be slyness. If you take this particular reason, it is much more efficient to upgrade the processor whose price is measured by three to four hundred dollars (for example, the price of the Intel Core 2 Quad Q9300 processor is about 8,200 rubles according to price.ru), than to put an anti-spam solution, not to mention that the installation of the anti-spam software system will load the processor even more, because in addition to the same spam, you will also have to deal with its intellectual processing. »It will be useful for Alexey to know that e-mail servers are almost always limited by input / output resources (both disk and network), and not computing power. In addition, the process of receiving mail is always multi-threaded and easily parallelized, so the power of a separate processor does not play a significant role. Finally, as can be seen from the above example, the channel ends, for this they are buying not a new processor, but a second server. It’s not even expensive by itself, it’s exhausting rack space, power and cooling capacity. Show somehow Alexey a good server, at least the same Beeline, so that he never says “buy a new processor” again. Further, Alexei is followed by threats to write more articles about spam and a long paragraph about support. Yes, he is right, they do not read much @, but this does not mean that mail.ru does not have support. On the contrary, this means that the user has a great chance not to get through to her, since info @, abuse @, support @ and other generally accepted contacts of the company are buried under garbage flows. Alexey says that he receives about 100 emails per day and on the basis of this he concludes that he does not need antispam. At the same time, he cites the published figures on Beeline, where the amount of spam per year is estimated at $ 393750. Yes, it is a little bit and Beeline will survive without an antispam, but why should he survive without it? The “small bank” mentioned in the article also, of course, will survive without antispam, even sales managers do not argue with that. But it will survive, as the facts tell us that they will receive an order of magnitude more than Alexey personally receives in his box. Alexey writes: “The Korean Information Security Agency (KISA) cites interesting data. If in 2002 the number of mobile spam e-mails was 5 times less than that of the traditional e-mail spam, in 2003 the difference was almost imperceptible (42,123 against 36,013 in favor of the usual spam). And in the first 9 months of 2004, mobile spam exceeded by 3 times the number of mail advertising (244,151 against 78063). " Elena Bondarenko, leading spam analyst at Kaspersky Lab, commented on this information as follows:" The data of 2003 are outdated and have no right to be used for agmentation. " Ironport has published the results of its observations of spam volumes: the volume of spam in 2008 was twice as high as in 2007 and reached 200 billion messages per month. Although on November 11, 2008, the level of spam decreased after disabling the McColo spam company , experts believe it will return to its previous level in the near future. “ Now look at the other side of the coin. According to a survey of companies Mirapoint and Radicati Group, conducted in 2005, during which almost 800 users were surveyed, including 34% of business users and 66% of consumers, 11% of users, despite their dislike for spam, practice buying products and services for spam advertising. "
')
And now let's take a look at the actual data , and not the data from three years ago: “the link advertised in spam was passed to 0.00303%, 0.00457% and 0.00680% of users, and the product was bought 0.0000081%, 0.000378% and 0.000561%. For greater clarity, 347 million letters were sent, 82 million were delivered, 10,000 users visited the site, and 28 people bought the product. ” All people who took part in writing this text are ready to talk about their experiences, positions, if anyone want to.
Recently, Alexey Lukatsky began to publish a series of articles under the general title "Myths and Misconceptions of Information Security." Some of the “myths” relate to the problem of spam. Mr Lukatsky decided to dispel Myth # 5 “Spam is bad” and Myth # 6 “Spam is damaging . ” Of course, the name of Alexei Lukatsky, as a person who writes a lot and speaks on topics related to information security, is well known, and some people have a full confidence in his opinion, it should be noted that, at least, these articles require comments. Other statements by Alexei and his other articles may also require more careful consideration, but about them another time. So spam. Here is what Mr. Lukatsky writes: “ Spam, as a threat to the stability of mail servers, is from the realm of science fiction. The mail server was originally designed to receive e-mail and an extra couple of dozen messages per user is unlikely to change the situation. Will the stability of your regular mailbox in the house where you live deteriorate from the fact that you regularly get advertisements for window companies, sales, nearest beauty salons and fitness centers? “ Just yesterday, I (A. B.) stayed late for work, helping to configure Postfix for one small business. Here are the facts: there are about 500 mailboxes on the enterprise’s mail server, about 5 GB (gigabyte!) Of received letters are recognized as spam, about 300 MB (only 6%!) Of letters are missed, as legitimate mail. The server constantly has more than 300 competing incoming connections, accepting mail. Suppose a spam filtering system would not be installed on the server, then the volume of mail traffic reaching user boxes would increase 17 times. So, if the average user receives 10 legitimate messages per day, he would have to delete about 160 letters! In fact, it is possible, and more, since the size of spam letters is often stronger than the legitimate letter, because quite extensive office documents are often attached to the latter. It is absolutely clear that with such a volume of junk traffic, accidental deletions of legitimate emails are inevitable. Although, Alexey Lukatsky on this occasion is prone to sneer: “ To call the accidental destruction of mail one of the causes of the harmfulness of spam, my language would never have turned. With the same success, I can accidentally delete an email just by viewing or transferring them between folders. In addition, to combat the accidental deletion of emails, it is easy to fight by recovering them from the “Deleted Items” folder . ” I'd like to clarify with him how he finds out that he deleted a random legitimate email? Two weeks later, when will he be reminded of this? And if he removes a reminder by accident?
Let's return to the facts. Here are a few more: I get 2,000 spam messages per day. But support @ may receive several tens of thousands. A colleague suggests statistics of a single hosting: 5-6 million emails per day, at the peak of 14 million, about 700 competing connections, spam 95%. Little things? Further, Alexey writes: “ The next problem (increased demands on system resources) is also largely contrived. Spam is not stored for a long time - users delete it as quickly as they receive it. » Facts (doesn’t it seem to the reader that we’ve become similar to Microsoft’s“ Get facts ”? :) we hope not): for mail servers like Exchange, where letters are stored on the server side, their volume multiplied by the number of users which in reality destroy letters not so often, such trifles are no longer so imperceptible. In our example with a small business, each user receives about 10 MB of mail per day. The employee went on vacation for 2 weeks - 100 MB of disk on the mail server is busy. 500 users are about 2000 vacation weeks per year or 38 missing employees in any week, or 2 GB of spam space on the mail server. If you look at the architecture of the message storage subsystem in Exchange, it becomes clear that deleting a mail message by the user does not immediately lead to the release of disk space on the mail server. A large number of short-lived messages, such as manually deleted spam, have a negative impact on both disk space requirements and server performance. A separate story - public services with thousands of users, including inactive, like Mail.ru. Of course, everyone has quotas, but we all know that without spam these quotas could be more. 10-20 times. “ Therefore, the mentioned 3/4 hard drives, which are allegedly spent on servicing spammers, do not quite correspond to reality. The processor, of course, is loaded with an increase in the number of mail messages, but to call this one of the reasons for installing anti-spam would be slyness. If you take this particular reason, it is much more efficient to upgrade the processor whose price is measured by three to four hundred dollars (for example, the price of the Intel Core 2 Quad Q9300 processor is about 8,200 rubles according to price.ru), than to put an anti-spam solution, not to mention that the installation of the anti-spam software system will load the processor even more, because in addition to the same spam, you will also have to deal with its intellectual processing. »It will be useful for Alexey to know that e-mail servers are almost always limited by input / output resources (both disk and network), and not computing power. In addition, the process of receiving mail is always multi-threaded and easily parallelized, so the power of a separate processor does not play a significant role. Finally, as can be seen from the above example, the channel ends, for this they are buying not a new processor, but a second server. It’s not even expensive by itself, it’s exhausting rack space, power and cooling capacity. Show somehow Alexey a good server, at least the same Beeline, so that he never says “buy a new processor” again. Further, Alexei is followed by threats to write more articles about spam and a long paragraph about support. Yes, he is right, they do not read much @, but this does not mean that mail.ru does not have support. On the contrary, this means that the user has a great chance not to get through to her, since info @, abuse @, support @ and other generally accepted contacts of the company are buried under garbage flows. Alexey says that he receives about 100 emails per day and on the basis of this he concludes that he does not need antispam. At the same time, he cites the published figures on Beeline, where the amount of spam per year is estimated at $ 393750. Yes, it is a little bit and Beeline will survive without an antispam, but why should he survive without it? The “small bank” mentioned in the article also, of course, will survive without antispam, even sales managers do not argue with that. But it will survive, as the facts tell us that they will receive an order of magnitude more than Alexey personally receives in his box. Alexey writes: “The Korean Information Security Agency (KISA) cites interesting data. If in 2002 the number of mobile spam e-mails was 5 times less than that of the traditional e-mail spam, in 2003 the difference was almost imperceptible (42,123 against 36,013 in favor of the usual spam). And in the first 9 months of 2004, mobile spam exceeded by 3 times the number of mail advertising (244,151 against 78063). " Elena Bondarenko, leading spam analyst at Kaspersky Lab, commented on this information as follows:" The data of 2003 are outdated and have no right to be used for agmentation. " Ironport has published the results of its observations of spam volumes: the volume of spam in 2008 was twice as high as in 2007 and reached 200 billion messages per month. Although on November 11, 2008, the level of spam decreased after disabling the McColo spam company , experts believe it will return to its previous level in the near future. “ Now look at the other side of the coin. According to a survey of companies Mirapoint and Radicati Group, conducted in 2005, during which almost 800 users were surveyed, including 34% of business users and 66% of consumers, 11% of users, despite their dislike for spam, practice buying products and services for spam advertising. "
')
And now let's take a look at the actual data , and not the data from three years ago: “the link advertised in spam was passed to 0.00303%, 0.00457% and 0.00680% of users, and the product was bought 0.0000081%, 0.000378% and 0.000561%. For greater clarity, 347 million letters were sent, 82 million were delivered, 10,000 users visited the site, and 28 people bought the product. ” All people who took part in writing this text are ready to talk about their experiences, positions, if anyone want to.
Andrey Bondarenko
Vladimir Ivanov
Source: https://habr.com/ru/post/44513/
All Articles