Ninety-five percent of email never reaches an inbox.

Email service providers trash 95 percent of the traffic headed to their customers’ inboxes, according to a survey from a European security group.

“[S]pam’s impact on the business has been greatly reduced through effective anti-spam measures,” the European Network and Information Security Agency reported recently in its third annual 2009 Anti-Spam Measures Survey.

“Anti-spam measures are doing their job, reducing the threat of spam to a manageable security process,” it added. “This process still requires focus, expertise and resources, but it is arguably predictable.”

“These measures currently filter out over 95 percent of email traffic, using a variety of methods, greatly reducing the volume of spam that customers receive, without causing significant problems with false positives,” it continued.

The researchers found “alarming” the current state of blacklist management.

Blacklists are one of the most common ways service providers block spam from leaving their servers, followed by outbound virus scanning and port 25 monitoring. Yet some 66 percent of the survey participants said their servers had been added or retained on blacklists incorrectly. What’s more, the same percentage told the surveyors that they believe that major blacklists sometimes incorrectly include servers that do not or no longer send spam.

Continue reading Spam traps nab 95% of all email»

Business Week reports that a study by researchers in New York reveals that as many as one in five young, overweight people have been a victim of email spam.

The study revealed some interesting statistics:

• 88% of overweight individuals reported receiving spam pitching weight loss products, compared to 73% of other respondents
• 42% of overweight individuals said they opened the spam, compared to 18% of other respondents
• 18% of overweight individuals said they bought products promoted in the emails, compared to just 5% of other respondents

Firstly why do overweight people receive more weight loss spam?  One theory is that these people are visiting more web sites on that topic than other people, and therefore end up in marketing databases.  This means that the spam is either coming from the website owner, or another party that is given access to the database of email addresses.  This access may be either from selling the list or by using co-registration, which is a legitimate lead-sharing strategy that is often abused by spammers.

For any email marketer a 42% open rate is outstanding.  It means that the subject line for the email was very effective at enticing the recipient to open the email and read more.

For a spammer sending 1,000,000 emails 42% open rates do not mean 420,000 people opened them.  Most of those recipients will never receive the spam due to anti-spam protection on their email server or their computer.  But even a 1% penetration could mean several thousand people open the email.

Finally the conversion rate for overweight people is very good at 18%.  Several hundred conversions of a weight loss product likely to cost $50-$200 is a good day’s pay for the spammer. Continue reading Weight Loss Scams Reveal Why Spam Works»

In November 2008 the antispam community collectively cheered as the McColo ISP, a major source of the spam on the internet, was disconnected by its network providers effectively shutting it down.

At the time global spam levels dropped by about 75%.  Since then spam has steadily risen in volume and returned to similar levels again.  Some might wonder why more spam network shutdowns similar to McColo are not occurring again.

The problem is highlighted in a recent monthly report by a security vendor.

McColo has taught botnet owners a lesson.  Botnet control centres have become more distributed, spanning many networks in many countries. The loss of a big hosting provider today would prove only a minor inconvenience – as opposed to a major defeat – for spammers.

I’ve written in the past about the international nature of spam fighting.  Microsoft’s Terry Zink described the problem very well in an analysis of a spam message he received.

Here’s how it works: A malware author infects a machine in Canada (1) that relays spam to a machine in the United States (2), which contains payload that points to a machine in Spain (3) registered by a guy in the United States (4) using a registrar in France (5), which is resolved by a name server in the Czech Republic (6).

And thats not all.

The guy in Texas is using name servers that look like they are located in Russia, but they are not.  The one name server which resolves the spammy site is exploited (the one sitting in the Czech Republic) and then the top domain cn8.ru, sitting on a machine in China…

So for this one item of spam, which is probably one of many from an organized spam network, the authorities of Canada, USA, Spain, France, Czech Republic, Russia and China would all need to cooperate to shut the spam network down. Continue reading No More Big Spam Network Shutdowns»

New figures from security analysts estimate as many as 5 million computers are under the control of the top 10 botnets.  This includes the Cutwail botnet, which has been been blamed for as much as 29 percent of all spam during the 6 months between April and November of this year, or approximately 8,500 billion spam emails.

That’s 8,500,000,000,000 spam emails from one botnet, contributing to not even one third of the total spam for that 6 month period.  If your business needed one more reason to invest in spam prevention there is 8.5 trillion to choose from right there.

Where to Start?

Choosing from the variety of antispam systems available on the market can seem like a daunting task.  The best place to start is an analysis of your own needs.  Ask yourself these questions:

How many users do we need to protect? – Most antispam products are licensed per-user or per-mailbox that is being protected.  You need to know how many licenses you will need so that price comparisons can be made.

How many servers do we need to protect? – Some products are also licensed per-server, so it is important to know how many email servers are in your environment.  Depending on the antispam product it may be installed onto mail servers or it may reside on its own server.

How many locations do we need to protect? – For larger organizations with multiple entry points into the network for email a distributed antispam system might be required.  This will affect the choice of product as some are easier than others to administer in multi-server deployments.

Do we want to host this ourselves or outsource it? – Some businesses will require complete control of important systems like antispam while others will prefer to outsource spam protection so they don’t need to install and manage yet another server of their own.

Learning about Available Products

Once your basic needs have been determined it is time to find out what is available in the marketplace for antispam software.  You can use Google searches such as “email security” and “business antispam” to identify vendors and product names. Continue reading 8,500 Billion Reasons Your Business Needs Spam Protection»

Cloud computing is a popular topic these days.  One of the ways in which cloud computing is being delivered to businesses is by hosted email security services.

A hosted email security provider offers antivirus and antispam protection for their customers using servers hosted off the customer’s premises.  This delivery model carries many benefits to the customers.

Equipment Costs – by choosing a hosted service the customer is not required to purchase their own server hardware to run the security product on their own premises.

Support Costs – support is included in the monthly fee to the hosted provider, so the customer is not required to hire and retain staff to manage an on-premise solution.  The hosted provider is responsible for all maintenance and upgrades to keep the service running smoothly.

License Costs – because the customer is not running their own server they also save on software licensing costs.  Furthermore they are simply paying a per-user license cost to the hosted provider.

Bandwidth – because any virus or spam emails are filtered by the hosted provider that traffic never reaches the customer’s network, saving their bandwidth which is both a cost and a performance benefit. Continue reading 9 Benefits of Hosted Antispam Services»

Anyone who uses the internet whether for business or for leisure has had first hand experience with spam at some point in time.  Spam is a problem that plagues the internet and affects us all in some way.  Like most problems the spam problem is a very complex one.  There is no single source or cause of spam, which means there is no single solution to the problem.  In this post I’ll explain some of the sources and causes of the spam that we see every day.

Botnets and Zombies

Bots or zombies are typically home computers that have been infected with some type of virus or malware, which puts the computer under remote control by a malicious person.  A group of these computers is referred to as a botnet, and is used by a spammer to send out millions of emails containing spam, phishing scams, and computer viruses.

Examples of botnets include the Cutwail and Rustock botnets that are responsible for massive spam attacks around the world.

Because botnets are made up of computers located within ISP customer IP subnets they can often be blocked by using connection filtering to block any SMTP connections from those IP address ranges.  When this fails you have to rely on content filtering to detect the spam content within the messages.

Open Relays

An open relay is a poorly configured email server that allows anyone to relay messages through it to any other destination email address.  Modern email server software is not configured to permit open relay by default, it usually takes human error to cause a server to be configured this way, and there are few genuine reasons to run an open relay especially not one that is open to the internet where it can be abused by spammers. Continue reading 7 Major Sources of Spam on the Internet»

When you boil the spam problem down it becomes quite simple – someone is sending you emails that you don’t want to receive.  This makes the anti-spam solution a simple one too – stop unwanted emails from arriving in someone’s email account.  However, actually achieving this is a very complex task.

Any anti-spam system that is worth using will contain a range of preventative measures and features that are used to determine whether an email is likely to be spam or not.  As a complete solution they can be very effective, but taken individually and their weaknesses become more apparent.  Here are some examples.

Source IP Filtering

Also known as Connection Filtering, DNSBL, or RBL, this technique compares the source IP of an incoming SMTP connection to a list of suspected spam sources.  The list can be either a manually generated list that the email administrator creates, or can be a subscribed list by a third party provider (such as SpamHAUS).  If the IP address is on the list then the email is considered likely to be spam and the server will drop or reject it.

The weakness of this technique is when IP addresses are mistakenly included in the list.  A legitimate email server may find itself blocked by other systems that are subscribed to a particular IP list, which prevents important business email from being sent to those systems.  Similarly, some regular sources of spam emails such as free web-based email services cannot be blocked by IP address because that would certainly block a lot of legitimate email as well.

Content Filtering

Early anti-spam products made decisions about spam emails using single word matches such as “Viagra” or foul language.  This quickly proved fruitless because spammers would simply vary the word slightly in each email, for example “v1agra” and “via.gra”.  Content filtering then improved to include databases of spam phrases and patterns and would assess more of the content in an email to determine if it was spam. Continue reading Anti-Spam Products Are More Than the Sum of Their Parts»

I was having a discussion with some associates of mine this week that work in IT support for a medium sized business across town from my office.  Since we were talking about email servers the discussion inevitably came around to the topic of spam prevention.

Firstly I was pleased to hear that the business they work for has recognised that spam costs them money and that implementing spam protection is necessary for their organisation.  Unfortunately that had not extended to allocating much of a budget to the project.  I asked my associates whether the business would be willing to allocate some more funding towards a decent solution, and learned that the business owners wanted to try out some free solutions first instead.

Why pay for something that I can get for free?

You could secure your front door against intruders every night for free just by jamming a chair against it, or by sliding a heavy book case in front of it.  An intruder won’t be able to open it, which was your goal when you implemented the solution, but on the other hand it is very cumbersome to manage because you need to slide the book case aside to get out of the house, and you can’t lock it from the outside. Continue reading Why Pay For An Anti-Spam Solution When I Can Put One Together For Free?»

Global economic downturn has lead to crashing stock markets, corporate bankruptcy, and rising unemployment.  The economy and the dreaded “R word” are at the forefront of most people’s minds at the moment, and as with most big events the spammers are using the recession to scam people and make money.

At any given time of year the spammer will use current or upcoming events to try and beat the last line of defense.  Christmas spam, Valentines day spam, Israel/Palestinian conflict spam, and now recession spam.

Spammers love the good times

Economic booms are great for spammers.  Unemployment is low, people have a lot of disposable income and banks are willing to give out lots of credit, so all they need is something to spend it on.  Spammers will offer fake goods and stock market scams to email users, some of whom will jump at the chance to buy what they think are luxury items or sound investments.  With so many cashed up people falling for the scams the spammer makes millions of dollars.

Spammers love the bad times too

Recessions and high unemployment are as big an opportunity for spammers as an economic boom is.  When people lose their jobs, their investment portfolios, or their retirement savings, desperation can kick in leaving them vulnerable to scams that promise opportunity and wealth.  Other scams involve preying on job seekers by masquerading as popular career websites.  While the economy crumbles and people struggle to make ends meet the spammer continues to make his millions of dollars by tricking people into parting with the few dollars they have left.

Protecting business employees from recession spam

There are immediate cost benefits achieved by investing in an effective antispam solution for your business.  By reducing the time spent by employees dealing with spam, and preventing the massive load that spam can place on email servers, your business saves far more money than it spends on a commercial antispam product. Continue reading Economic crisis spells opportunity for spammers»