On 7/7/25 2:54 PM, bzs@theworld.com wrote:
Who is having this spam problem are the people and companies expending resources keeping that spam out of your inbox.
What's the current estimate? Around 90% of all email volume is spam.
You can say "well I don't see it so I don't care" but that's a little like who needs the police I've never been mugged.
This is an operations and infrastructure list.
That's rather the point. It's obviously just a cost of doing business these days. If there were some meaningful cost down to be had, I'm pretty sure it would have been done by now. Nobody's going broke dealing with the spam problem that I've heard of. But if people really still believe that there is such a thing as a FUSSP, they are by all means entitled to pursue it. If they come up with one, the bean counters will probably be elated. But until then, it's just a cost of doing business just like all of the rest of the security kit that you need to buy to keep doing business. I would guess that for NANOG in particular, email/spam is not high up on the list of things that affect network operators' bottom line. To the point that I'm not sure that this entire discussion is particularly germane to this list. Mike
On July 6, 2025 at 15:08 nanog@lists.nanog.org (Michael Thomas via NANOG) wrote:
On 7/6/25 2:05 PM, Barry Shein via NANOG wrote:
So all I'm saying is we have to start thinking more about disrupting spammers' economics and less about designing sharper razor wire fences.
Really? Why? I rarely get spam (UCE) these days through my Google linked accounts, and haven't for years. I assume most of the major mailbox providers need to keep up with Google, so their customers probably aren't getting a lot of spam either. For the mailbox providers, it's just a cost of doing business, and reducing Google's cost of doing business isn't very high up on my list of concerns.
I suspect that the same is true of enterprise mailboxes as well since if the anti-spam vendors couldn't keep up, it would give more incentive to outsource their mail to somebody who could. And again, reducing their cost of doing business isn't very high up on my list of concerns.
So who exactly is having this spam problem these days? I suppose if you're running sendmail and spamassassin it might be bad (I personally gave up on that) but that's in the long tail of people being ornery rugged email individualists. Again, not something very high up on my list of concerns.
Is there some other large set of mailboxes that I'm missing here? Ideally mailboxes that I would care about their economics?
That is distinctly different than phishing and its social engineering aspect. Doubly so with spear-phishing which by its nature, the content is likely to look like legitimate email. Phishing can be catastrophic and will always be a concern. This is where the meta information of authn, etc, become more important in the fight to combat it, but that's different than UCE.
Mike
_______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/EAHHNWMC...