Shark Bait

Knowledge Centers

Operating Systems

Networking & Internet

Mobile & Wireless

Security

Storage

Business Intelligence

Servers & Data Center

Computerworld Reports

Industry

See your link here

Richi Jennings

Spam'n'stuff

Spam volumes -- what's REALLY going on?

6 comments

IT TOPICS:Emerging Technology, Government & Regulation, Networking, Security

The sky is falling! The sky is falling! Spam has doubled / spammers are winning / spam is 80% of all mail / 90% of mail / 110%, etc. etc. etc...

Yawn.

I'm getting bored with self-serving anti-spam vendors flinging dubious statistics around. Yes, spam volumes have increased recently, but doubled? No.

Here's my take on what's happening.

The growth in spam is chiefly down to two factors:

Demand-side -- stock kiting gangs wanting access to more and more sending capacity
Supply side -- new, bigger botnets with more sophisticated command and control mechanisms, which are more resistant to being shut down and can send fewer messages per zombie (because they're bigger), so they stay under the radar longer

This growth is compounded by bad statistics, which make the growth seem bigger than it actually is:

New botnets are spewing spam from PCs not on blacklists, so a smaller proportion of spam gets rejected (and thus more ends up in quarantines).
New botnets are resistant to anti-spam techniques such as greylisting (because they have real, autonomous MTAs), so a smaller proportion of spam gets rejected (and thus more ends up in quarantines).
New botnets are employing content-morphing tricks, which are fooling many vendors' content filters. So more spam reaches the inbox (and naive commentators wrongly assume that a doubling of spam in the inbox equals a doubling of spam on the Internet).

As a side note, the image spam messages tend to be about 10x bigger than "normal" (median 30K compared with 3K), so spam volumes are now much higher in terms of numbers of bytes on the wire.

Some anti-spam vendors are coping quite adequately with spammers' new techniques, but either their PR departments don't seem to be able to get the word out, or the news media are more interested in shock-horror sky-falling-pictures-at-11 stories. As I mentioned during my Thanksgiving debacle, Symantec/Brightmail seems to be doing a very good job.

I run my own spamtraps and I also trust data from Commtouch and MessageLabs. My reading is that spam volumes increased measurably about a month ago, but not to the extent that Chicken Licken would have us believe.

Richi Jennings is an independent technology and marketing consultant, specializing in email, blogging, Linux, and computer security. A 20 year, cross-functional IT veteran, he is the main author of Computerworld's IT Blogwatch and an analyst at Ferris Research. Contact Richi at cw@richi.co.uk.

Email this

Digg this

What People Are Saying

Add new comment

I am really tired of getting

Submitted by Mary on April 14, 2007 - 12:39 P.M.

I am really tired of getting spam e-mails.

Reply | Report this comment

Hi Lorrie, Sorry to hear

Submitted by Nikki on January 18, 2007 - 7:51 A.M.

Hi Lorrie,
Sorry to hear your suffering, but you're not alone. The spam you are getting is not your fault, it is mostly sent by shady criminal orginizations. Spam adverts today are the cyber-version of the mob trying to sell you cheap TVs off the back of a truck.

The best defense available today is a very good anti-spam solution that can block image-based spam. If you are using an ISP hosted email, ask your ISP what they are doing to block image-spam and suggest they use a more advanced solution.

Until then, try to erase them without opening the email. Beyond being annoying, spam can also have malicious code that may infect your computer.

Reply | Report this comment

For months now i have been

Submitted by Lorrie Palmer on December 20, 2006 - 4:46 P.M.

For months now i have been receiving emails from someone that no one can seem to do anything about. I have reported it to Juno, I have blocked them but they come anyway, they are from drug companies and stock market type stuff, there is no place to click on, i have replied to them and they always come back not a legitimate sender, some of them have typing on the end that makes no sense. Some are quite vulgar. I don't know if you can help, but anything would be appreciated, is their an internet authority that can actually do something about people like this? I feel like I am wasting all my block space on only these people. I never subscribed to any of this kind of stuff, and PLEASE help me to make it stop. Thank you so much. Lorrie Palmer

Reply | Report this comment

I think its marvelous that

Submitted by Loadster on December 20, 2006 - 2:20 P.M.

I think its marvelous that the spam industry has created an entire vocabulary of jargon just related to useless, productivity-sapping, life-sucking nothingness. "stock kiting gangs, zombies, botnets," and fantasies about mail quarantines. I'm sure the sewage treatment plants have their own technical words for poop, pies, and pass-through but at least they produce a valuable commodity. What is it spam does, again? Oh yeah, keep you guys working, right.....

Reply | Report this comment

Troy, yes of course most if

Submitted by Richi Jennings on December 18, 2006 - 6:47 P.M.

Troy, yes of course most if not all vendors' labs measure spam volumes in the way you describe. But that's not the point I'm making.

Unfortunately, what we're seeing is a number of the vendors' marketing staff letting their enthusiasm run away with them, shall we say.

The point is that they don't in some cases seem to be using statistics gathered in a sensible way. Instead, they're drawing naive conclusions from flawed source data.

Perhaps this is happening because of high staff turnover? It's certainly an extremely competitive market, so there's a strong drive to be making PR splashes.

Reply | Report this comment

Your speculation as to why

Submitted by Troy Rollo on December 18, 2006 - 5:01 P.M.

Your speculation as to why anti-spam software vendors are seeing greater increases in spam than you are is flawed.

The anti-spam software vendors do not measure filtered mail when measuring spam volumes, they measure using a system that has no filtering on it whatsoever. That means no blacklists, no source filtering of any kind, and no content filtering. That disposes of points 2 and 3.

The only valid point is point 1, and only to the extent that sparser botnets may be more resistant to being shut down at the ISP level. This assumes the ISPs were routinely able to shut down a bot before it had finished it spam run, which seems a poor assumption - ISP responses typically occur well after the spam run is over, even if the bot is sending several thousand messages.

Reply | Report this comment

Linux's dirty little secret: Uninstall

First real cyberwarriors class graduated last month

Control your virtual machines

California wildfires: new tech helps victims (and don't read this)

LIVE Nov 10, 2009 12:00 PM ET

Architecting Business Intelligence Applications for Change: The Open Solution

LIVE Nov 12, 2009 02:00 PM ET

Forrester Consulting - Optimizing Users and Applications in a Mobile World
Learn how to successfully deploy a WAN optimization solution that is specifically tuned for a mobile environment!

Top to Bottom Performance Management Excellence at the City of Chicago
View now.

Faster, Cheaper and Easier to Maintain
Can you afford not to upgrade your servers to today's advanced, energy-efficient technologies?

Effectively Implementing Datacenter Automation
Effectively select and deploy the best datacenter automation solution today!

The State of PCI DSS Compliance at Organizations Today
Download this resource today!

Aligning IT to Business: The Rising Importance of Application Delivery Networks
Application Delivery Networking (ADN) will play a vital role in helping enterprises incorporate strategic technologies to achieve business initiatives.

All White Papers | All Webcasts

Computerworld Reports

8 Questions To Ask About Your Intrusion-Security Solution

Computerworld Technology Briefings IT Service Management

Computerworld Briefing - Analytics: The Art and Science of Better

All Computerworld Reports

Receive the latest technology news and information.

	Computerworld Daily News (First Look and Wrap-Up)
	Computerworld Blogs Newsletter
	The Weekly Top 10

View all newsletters

* E-mail Address:

* Industry:

* Job Title:

* Company Size:

* Country:

* State:

I would like to receive offers via e-mail from Computerworld partners.

Richi Jennings's Archive

IT Topics

Sponsored Links

Play NetApp's New Data Defense Game.

How Do You Rank as an Innovation Leader? Download Recent Study.

Play NetApp's New Data Defense Game.

Extraordinary times demand Brocade Extraordinary Networks.

No Payments for Up to 6 Months on Orders over $500.

NetScaler VPX : Harness the Power of Virtualized Web App Delivery

64-page prescriptive guide to security, compliance, and IT operations.

Streamline IT Costs. Boost Performance with WAN Optimization

Enterprise Network & Server Monitoring Software. Cross over to Traverse...

Keep your IT expertise up to date. Join the Intel Premier IT Professionals.

Crystal Reports Server: More options. Not more money.

Parallelism is not just for HPC. Create rich apps from desktop to device. Get the eval.

Tolly Performance Report "Citrix NetScaler with nCore Outperforms F5 BIG-IP"

Save up to 61% plus Free Cheesecake

Find IT jobs in the Healthcare industry on Dice.com

With the NEW KODAK i700 Series Scanners get full speed at 300dpi!

Not All QSAs Are Created Equal: What You Should Know Before You Buy

The arrival of Serial Attached SCSI (SAS) marks a new era in storage scalability

The AMD Virtual Experience Virtual Trade Show

New DW Options and Price Points. View Teradata Platform Family Data Sheet.

See how AT&T can help protect your network.

3 Innovations. 3 Free Downloads. Free trials of Windows 7, Windows Server 2008 R2 and Exchange Server 2010.

Take the Netezza TwinFin TestDrive!

Citrix NetScaler with nCore Outperforms F5 BIG-IP - Learn More

New Analytical Platform Options. Download Data Sheet and More.

Get more enterprise mobility value for up to 25% less.

Unified Communications: Thoughts, Strategies and Predictions. Join the discussion.

NYUs M.S. in Management and Systems. Offered Online and On-site.

Increase UPS efficiency without sacrificing protection

Crystal Reports Server: Single server access to reports & dashboards

Create new opportunities. See business making progress now

ESET NOD32 with ThreatSense(R) - Get your free trial now!

Looking to add Unix/Linux functionality to Windows?

Join the conversation about the hottest IT trends with Computerworld on Twitter.

ITwhitepapers.com - Access thousands of white papers on 300+ technical topics.

Leverage Your Cisco infrastructure for Superior Application Performance

Learn about the AMD Virtual Experience

Introducing: Project Icebreaker

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map

CIO

Computerworld

CSO

DEMO

GamePro

Games.net

IDC

IDG

IDG Connect

IDG Knowledge Hub

IDG TechNetwork

IDG Ventures

IDG.net

InfoWorld

ITwhitepapers

ITworld

JavaWorld

LinuxWorld

Macworld

Network World

PC World

The Industry Standard

Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.

Spam volumes -- what's REALLY going on?

What People Are Saying

I am really tired of getting

Hi Lorrie, Sorry to hear

For months now i have been

I think its marvelous that

Troy, yes of course most if

Your speculation as to why

Related Posts

Today's Top Stories

Hot Posts

Recent Comments

White Papers & Webcasts

Computerworld Reports

Newsletters

Richi Jennings's Archive

IT Topics

Sponsored Links