The Spam Statemate

The Messaging Anti-Abuse Working Group (MAAWG) has released new figures that put the average volume of email spam on the internet at 90%, peaking as high as 94.2% in recent years.

Jerry Upton, MAAWG Executive Director said “We’ve been sitting at a stalemate for probably two to three years.  Taking out the highs and lows, we’re sitting at about 90%”.

Figures that regularly appear from various security vendors have been telling the same story for several years now.  With latest figures confirming the continuing trend one might be forgiven for wondering who is really winning the war against spam.

Spam fighting is a multi-billion dollar industry and businesses are spending thousands or even millions of dollars each year to try and protect their networks from spam threats.

Network providers have had some successes by disconnecting major spam networks from the internet but in most cases the spammers have resurfaced or simply distributed their infrastructure across international jurisdictions.

Consumer ISPs are generally against implementing measures to prevent their customers from adding to the problem.  This despite MAAWG’s findings that “tens of millions of Web users in North America and Western Europe have clicked on spam at least once – and many of them did it on purpose”.

Were the ISPs to implement the sort of changes to their email infrastructure that some people say would reduce spam, this would do little for the emerging threats in non-email spam.

MAAWG members voiced concerns over the growing trend of “spam distributed through social networks”, a problem that is quickly becoming a serious threat to businesses.

Although security vendors quickly act on new threats and techniques by spammers and criminals the biggest vulnerabilities remain in the end user.  Many of the new attacks use strong social engineering techniques made possible by the increasingly public way in which people live their online lives.

And despite authorities attempting to educate the public on new threats the criminals are able to exploit these campaigns by delivering malware as fake antivirus and spyware programs, which users often eagerly accept thinking they are protecting themselves from the threats they have been warned about.

For businesses the most alarming trend is the increase in targeted attacks on high profile corporate officers.  It is thought that this type of attack was used in the recent hacks of Google and other US companies.

The benefit of MAAWG is the open forum in which competing companies can meet and share information with ISPs, government agencies, and each other in an effort to better understand online threats.  Unfortunately their ongoing efforts seem to have maintained a long running stalemate at best.  But we should appreciate their initiative, because it’s clear that without it our situation might be far worse.