Global email spam levels down but still remain a problem
November 11, 2010
On average, global email spam levels have dropped almost 47.2 percent in the three months between August and the end of October 2010, according to Symantec. Although this is seen as progress against the never-ending war with spammers, it still remains a big problem for the Internet community and Internet service providers trying to cope with the issue.
Symantec’s hosted services unit (formerly MessageLabs) credits the sharp decrease in global spam levels to various actions by the authorities against botnets and organized cybercrooks. Last month, authorities in the Netherlands took down several servers associated with the Bredolab botnet. The action followed the September closure of spamit.com, a key player in unlicensed pharmaceuticals spam and arrests in the U.S., the U.K. and the Ukraine of scores of suspected members of a large ZeuS phishing Trojan ring.
The net effect of these actions was a reduction of spam volumes to their lowest level since September 2009, according to Symantec. Even with this progress, about 89 percent of all email messages are junk mail or worse, they are viruses or malware that tried to install itself on unsuspecting users' computers.
A similar study by Kaspersky Lab, published yesterday, also reports a drop in spam volumes in Q3 2010 to around 82 percent. It credits the disabling of control nodes for the Pushdo / Cutwail botnet (blamed for one in 10 junk mail messages worldwide) and the closure of Spamit.com for the decline in spam volumes.
However, the security firm warns that ads touting sex pills are unlikely to disappear anytime soon.
“The closure of one partner program — even a major one — will only result in a temporary decrease in the amount of advertisements for Viagra in our inboxes. The spammers aren’t about to abandon such a lucrative business,” said Darya Gudkova, head of content analysis & research at Kaspersky Lab.
In September, email anti-spam engineers at the popular Spamhaus Project have introduced a new email whitelist service of known benign Internet email servers.
Spamhaus' new initiative works seamlessly alongside the organization's well-established blacklist of bad mail servers to make it easier and simpler for mail server administrators to filter out junk and unwanted spam from all incoming email traffic.
Overall, qualified corporations such as banks, financial services companies, insurance firms, law firms, airlines, medical centers and certain government agencies, and transactional email from known automated billing systems, ecommerce servers and online banking services are all candidates for the new whitelist.
In addition to filtering out incoming email traffic by content, using a whitelist places a much lower performance overhead on email spam filters. It also makes it less likely that legitimate transaction-related emails or the like will be marked as spam by scoring systems, content filters, local blacklists or poor filtering choices.
For email senders, the technology makes it far less likely that important emails will either be delayed or classified as unwanted spam.
The Spamhaus Whitelist was launched as a beta initiative with inclusion on the list being by invitation only, from someone who already has a whitelist account.
Whitelist account holders "are chosen by others who trust them; you cannot simply apply," according to Spamhaus.
As could be expected, Spamhaus is reserving the right to revoke whitelist status for any email etiquette transgressions, such as the distribution of bulk mail of any type. The whitelist will be maintained in both IP addresses and domain name forms as two separate, but matched, lists.
Controls mean no domain or IP address that is on the Spamhaus Project blocklist can ever be whitelisted.
The Spamhaus Whitelist allows mail servers to separate incoming email traffic into 3 categories: Good, Bad and Unknown. You can block known bad email traffic, let known good email traffic pass safely, and heavily filter unknown email sources.
The benefits are better, faster and much safer spam filtering. Both an IP whitelist (SWL) and a domain whitelist (DWL) are available from Spamhaus servers worldwide. Using them is simple and free.
For mail recipients, the Spamhaus Whitelist heralds an end to mail messages marked by error as spam by scoring systems and content filters. For email senders, it means an end to important mail lost in junk folders, delayed or wrongly filtered as spam.
Only verified legitimate senders with clean reputations are approved for whitelisting and there are strict terms to keeping a whitelist account. Applications for whitelist accounts are currently only available by invitation.
You can link to the Internet Security web site as much as you like.