Spam traps nab 95% of all emailWritten by John P Mello Jr on February 5, 2010
Email service providers trash 95 percent of the traffic headed to their customers’ inboxes, according to a survey from a European security group.
“[S]pam’s impact on the business has been greatly reduced through effective anti-spam measures,” the European Network and Information Security Agency reported recently in its third annual 2009 Anti-Spam Measures Survey.
“Anti-spam measures are doing their job, reducing the threat of spam to a manageable security process,” it added. “This process still requires focus, expertise and resources, but it is arguably predictable.”
“These measures currently filter out over 95 percent of email traffic, using a variety of methods, greatly reducing the volume of spam that customers receive, without causing significant problems with false positives,” it continued.
The researchers found “alarming” the current state of blacklist management.
Blacklists are one of the most common ways service providers block spam from leaving their servers, followed by outbound virus scanning and port 25 monitoring. Yet some 66 percent of the survey participants said their servers had been added or retained on blacklists incorrectly. What’s more, the same percentage told the surveyors that they believe that major blacklists sometimes incorrectly include servers that do not or no longer send spam.
After encountering a blacklisting problem, the respondents split evenly on the difficulty of rectifying it, with 50 percent saying it was easy and 50 percent saying it was hard, according to the survey of 92 anti-spam and email service providers responsible for some 80 million email boxes in 30 countries.
“This high level of responses citing problems with blacklists incorrectly including non-spamming servers is alarming,” the report declared. “This problem may inevitably happen occasionally, but email providers clearly want to be sure that when a spam problem is fixed, that the server can be removed from the blacklist.”
The researchers also noted that spending to fight spam is wide ranging, with one of the major determinants being company size. “Even most small providers have anti-spam budgets over EUR 10,000 annually [about US$14,000], while the largest providers can have budgets in the millions of Euros,” they wrote.
They added that spam imposes a burden on company help desks. “Some respondents noted that a significant share of help desk calls concern spam, though most reported that less than 10 percent of help desk calls concern spam.”
“These results,” they continued, “suggest that most providers are currently managing to prevent spam from greatly harming the customer experience, though spam continues to impose costs on help desks.”
According to the survey, respondents emphasized the need for a coordinated approach against spam, and a key part of that is for providers to shut down spammers among their own customers before sending the spam on to other service providers.
“Generally,” it noted, “collaborative approaches are developing and proving successful, but there is much more that can be done to collaboratively address the problem of spam.”
The report also identified some of the most popular techniques deployed by spam fighters to skunk email junk.
The most common way of detecting spam is through complaints, folowed by monitoring peak traffic, traffic anomalies and signature detection. Seventy five percent of the respondents said they analyze a spam source when customers complain about it, the report noted, but “Far fewer analyze the source of spam based on automated tools, specifically when monitored spam levels reach a threshold.”
For blocking spam, the most popular methods are blacklisting, content filtering, and sender authentication. “The usage of most network-based measures has stayed constant since the 2007 survey, though use of sender authentication and URI blacklisting have increased markedly, while reputation systems and slowing the sender’s connection have become less common,” the report observed.
“The average number of network-based measures applied has also remained consistent at 4.7 per provider,” it added.
When authenticating the senders of email, the report found that SMTP AUTH remains the most popular, with SMTP TLS and SPF finishing a distant two and three. “The usage of the various sender authentication mechanisms has remained mostly constant since 2007, except for DKIM, which has increased significantly,” the report explained.
As effective as their efforts have been, the report revealed that spam fighters don’t intend to sit on their laurels. “Close to half of providers stated that they plan to implement new anti-spam measures within six months,” the researchers reported. “Reputation databases were mentioned most frequently with new blacklists most common, followed by greylists.”