Are We Winning the Battle Against Junk Mail?
Anyone who uses email on a regular basis knows just how aggravating spam can be. Electronic junk mail has been a huge problem for years, and while spam filters can be helpful, they can also keep users from receiving legitimate email messages in a timely manner.
Finding effective ways to decrease the amount of junk mail received is important, because spam can be a drain on productivity and is a security risk if users click on links that can lead to viruses and other malware.
A 2013 report from security technology company McAfee on threats, says “snowshoe” spam will continue to increase.
“When a shady marketing company approaches your marketing people and tells them that they have a list of email addresses that have already opted into receiving whatever advertising you want to send them, it should set off alarm bells,” the report says. “Unfortunately, those bells don’t ring often enough.”
Well-known companies that sell a variety of products have signed on with these advertisers, which blast out millions of blatantly illegal spam messages every day, the report says. “Recipients have their inboxes bombarded with these spam messages and are unable to opt out of them.”
Because this type of activity is not as malicious as the most newsworthy hacking attacks and malware, authorities have mostly ignored it. Still, this practice of snowshoe spamming has exploded during the past two years and is currently one of the biggest problems in the spam world, according to McAfee.
The Silver Lining in the Spam-Filled Skies
The latest news on the spam front is promising. Data from Kaspersky Lab, an IT security provider, shows that email spam dropped in 2013 compared with 2012. The company reports that the proportion of spam in email flows was 69.6 percent in 2013, which is 2.5 percent lower than in 2012.
Just over 3 percent of emails contained malicious attachments, which is 0.2 percentage points lower than in 2012.
Other key findings from the Kaspersky report: 32 percent of phishing attacks targeted social networks; the greatest amount of spam, 23 percent, was sent from China; and 75 percent of spam emails sent in 2013 were no larger than 1KB.
“The amount of spam in mail traffic has been declining since 2010; it is a clear tendency,” says Darya Loseva, head of content analysis and research at Kaspersky Lab.
The volume of spam that is advertising legitimate goods and services is gradually decreasing, the Kaspersky report notes. Advertisers increasingly prefer legitimate advertising to spam; more varied types of online advertising are becoming available, and they generate higher response rates at lower costs than spam can offer.
At the same time, in some spam categories, commercial advertising is being gradually displaced by criminal mailings. A typical example comes from the travel and tourism area. This category used to account for 5 to 10 percent of all spam traffic and was made up entirely of various offers for trips, tours and tickets, Kaspersky says.
Today, commercial advertising in spam is rare, “but we see numerous malicious emails exploiting the subject of travel and leisure,” the report says. Fake confirmations of hotel or airplane ticket reservations have become a common part of spam, and the company saw such messages in spam traffic throughout the year.
“While a couple of years ago spam might help people to book a tour package, ticket or hotel room, today’s spam email will more likely than not offer the recipient malware rather than an ad for a tour company,” the report says.
What is causing the decline in spam year over year? “Nowadays, there are many convenient, cheap and legal ways [on the Internet] to promote goods and services, like social networks’ ads or coupon services,” Loseva says. “So people who want to promote their goods do have some legal options.”
The problem with spam, according to Loseva, is that most of it promotes illegal goods, such as medicine without prescriptions, counterfeit goods, pirated software and so on.
“Besides, a large part of spam is actually scam, phishing and other fraud,” she says. “And furthermore, there is malware spam, the goal of which is to spread malicious programs. All of these kinds of spam can’t migrate to the legal platforms, because the very content of them is illegal.”
According to Kaspersky, the cost per click in social networks is much cheaper than in spam, because most spam — as much as 99 percent — is blocked by antispam filters. Most of the remaining spam that gets through is deleted by users, Loseva says.
X DMARCs the Spot
It’s not likely that the spam volume will ever fall below 50 percent, Loseva says. “Not in the nearest future anyway,” she says. “Even if all legal ads will migrate to other platforms, the amount of illegal spam is more than 50 percent and it will not decline.”
To address the ongoing spam incidents, organizations will need to continue to rely on technology such as email filters.
“Any organization and any email provider nowadays use antispam filters,” Loseva says. “All antispam vendors have their own technologies based on quantitative methods, cloud computing, IP [Internet protocol] reputation and content of spam emails.”
As for emerging methods to help fight against spam, she mentions Domain-based Message Authentication, Reporting & Conformance (DMARC) as one of the promising technologies.
DMARC is a technical specification created by a group of organizations trying to reduce the potential for email-based abuse by solving long-standing operational, deployment and reporting issues related to email authentication protocols.
DMARC standardizes how email receivers perform email authentication using the well-known Send Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) mechanisms, according to DMARC.org, a site that promotes the standard.
“This means that senders will experience consistent authentication results for their messages at AOL, Gmail, Hotmail, Yahoo and any other email receiver implementing DMARC,” the site says. “We hope this will encourage senders to more broadly authenticate their outbound email, which can make email a more reliable way to communicate.”