Offers for cheap medicines, illegal software, a myriad of get-rich-quick schemes and promises of enhanced sexual prowess; junk email has become an electronic plague.
According to a report from email security vendor MessageLabs, the global ratio of spam in email traffic for November 2006 was 74% – nearly three out of every four emails is unwanted trash. Some even claim that this figure is too low – UK-based anti-spam vendor SoftScan estimates that nearly 90% of all email is spam.
This should not come as a surprise. Spam has been a problem since the dawn of the Internet. And as both the crime stats and stock markets attest, spam really can work.
To date, the vendors’ promises to ease the problem have appeared empty. Indeed Bill Gates’ prediction, made at the World Economic Forum in Davos, Switzerland in 2004, that spam would be eradicated in two years’ time, was wrong: in fact the levels have continued to skyrocket.
What is surprising though, is that the number of spammers is relatively small. According to the Spamhaus Register of Known Spam Operations (ROKSO) – a database that collects information on known spammers – up to 80% of all unsolicited email received in North America and Europe is generated by a group of around 200 known professional spam gangs.
This is possible because spamming is effectively a zero-cost business – criminals are simply able to leverage a huge network of hijacked, interconnected computers known as “bot-nets” or “zombie PCs” to initiate attacks, and they are getting more sophisticated by the day.
Yet the consequences for organisations are potentially devastating: network bandwidth can be severely limited while resources such as storage and processing functions are strained. Critically, legitimate email may not reach its intended recipients, potentially costing millions in lost revenues.
Stopping the criminals has proved impossible. In spite of a number of high-profile spammers who have been brought to justice (such as Ryan Pitylak who was fined $1 million for sending up to 25 million emails per day) there is no cohesive international law that covers spammers and the resulting global attacks that they precipitate.
The experts' response…
Daniel Druker, executive vice president of marketing at email security vendor Postini says that spam attacks will continue to get worse, but protection is still vital.
As the criminal gangs continue to hire more computer scientists to help them get around detection techniques the results [of spamming] are becoming more destructive.
Most at risk are companies that do not have state-of-the-art protection or are trying to stop these attacks themselves – the cost of blocking spam escalates with the amount of attacks you receive. We try and block them by looking at the behaviour of computers that are sending out attacks using a heuristic model that has thousands of characteristics of what bad behaviour looks like.
Graham Cluley, senior technology consultant at antivirus company Sophos, says it is possible to block all spam, but this stops genuine email getting through.
Stopping spam is an inexact science because one man’s spam is another man’s useful communication. Most anti-spam products don’t stop 100% of spam, but instead aim to get as close to 100% as possible without making any mistakes.
There needs to be much more emphasis given to cleaning up home computers as they are the ones spewing spam into the business inboxes. And we also need the law authorities around the world working together to catch these international gangs and give them serious sentences.