99% of incoming mail is spam
by Volker Weber
Just a few hours ago I cleaned out my spam bucket. Now it contains 283 spam messages. I can easily get thousands of mails a day, and less than one percent is legit. And it's getting worse.
Conclusion: if you are architecting a solution which require emails for notification, go back to the drawing board.
Comments
But didn't the spam filter catch it all (in your case)? It's a problem but if you have good performance separating spam from ham, relative equilibrium is maintained. You just have to have a fliter that can keep up with the bad guys.
That said, I'm seeing more spam leaking through from both GMail and IBM internal mail, although it's still fewer than five or six a day, combined. And (knock wood) I haven't had something I really want get trapped.
*sigh* true, indeed.
Well, FWIW, would you like bigger breasts?
I have recently built a web site for a friend which includes a feedback form. Because it is hosted at one of those places where any old amateur web site is welcome and where most such amateur efforts are wide open to SQL injection and XSS and thius frequently used to host drive by malware and phishing, every mail fired out by my feedback form is tagged as spam. So you may have a point.
OTOH, if you have full control over the receiving servers, as is often the case when integrating some cloud solution into corporate email, then this can be done very reliably. We have done this with a number of such solutions, including Salesforce.
Same here, 99% SPAM and viruses. It has begun last november to increase dramatically. Situation is like Arthur is commenting: the Antispam service is leaking through some SPAMS lately.
For me it is the other way around. I have on my personal account less then 1% of Spam and 99% of Ham. This excludes the Spam targeted accounts like abuse@, postmaster@, hostmaster@, dnsmaster@. Including those I have more Spam but my contentfilter is catching them pretty well (having 99.98% catch rate).
If I look at all the domains I host, then I have currently for the last two weeks:
1.475% of False Negatives
0.906% of False Positives
75.287% of Non Spam
24.712% of Spam
The Spam amount would be less if all of the users/domains would use all the available possibilities. But some don't like to use Greylisting, some don't like to use DNSBL/RHBL/WSBL/Hashing/Throttling/SPF checks/DKIM checks/SenderID checks/etc. They have huge control what to enable and what to disable. It's their domain and they can do whatever they like.
If I would count the blocked connections and the virus infected mails, then the number would be higher. The above numbers are just mails which reached an inbox. Including the blocked delivery then the Non-Spam rate would be above 98%.
With the today available technology I don't see a huge Spam problem any more. Good content filters get easy above 99% catch rate. I have accounts myself having 99.995% catch rate.
Ahh... and yes. No commercial product involved in the whole issue. All open source and free available. No reason to buy for huge amount of money anything. Just install and let it get every day more and more mature. No heavy maintenance, no paid subscription, no nothing. Just from time to time a small amount of time needed to correct the contentfilter wrongdoings.
And put as much as you can infront of the content filter to take control of the connection and lower the inbound to the absolute minimum (throtting, stuttering, tarpitting, greylisting, firewall rules to block or control DoS attacks, etc).
My mail server allows me to construct arbitrary email addresses, and I use site-specific addresses to allow me to identify where the spam comes from. My mail client (Notes) lets me see who the email was addressed to, so I can identify when an address has become exploited (some of them are actually addresses I specifically used on IBM web sites). When that happens, then all mail to that account is zapped and I never see it. Result: I get less than 1% spam. Interestingly, on my gmail account, 90% of the spam I get is from christians.
