Something odd has been happening the last few weeks. The sheer volume of spam traffic has begun increasing at such a steep rate that it's beginning to affect the normal delivery of email in general, and not just for the company I work for. More and more, I am seeing cases of customers reporting large delays, and when I investigate the headers, I find the delays occurring also at other major hosting providers and ISPs. One of the more extreme examples was 18 hours.
Can you imagine waiting 18 hours for an important email?
Every other week, there's an issue involving AOL accidentally blocking legit mail servers in its zeal to cut the spammers off. And see this recent message concerning AT&T - apparently they are trying to implement a whitelist, as blacklisting hasn't been so successful. Recent attacks against blacklist providers and a steep increase in using CGI forms to hijack sendmail services are escalating the issue well into the view of not just administrators and maintainers, but astute web denizens in general.
My "open" email address, which normally receives 75 to 100 spam messages per day has spiked to 500 per 24 hour period - a first to occur outside a viral epidemic.
We seem to be approaching some kind of critical mass. What happens then?
There are fledgling efforts on the way, which are hoped to stem the tide, as existing blacklists, whitelists, hail-and-response, and Bayesian filtering don't seem to be completely doing the trick. The next methods are centered around special DNS records that would identify authorized SMTP servers involving either SPF, RMX or DMP records. But these won't be widely implemented for awhile yet.
So, what next? When will it get really bad? What would meltdown look like? What will happen next?
