Spam: Hard to Swallow

According to most sources, anyone making a suggestion similar to that made by Bill Gates in January 2004, that the problem of junk e-mail would be solved within three years, is as wrong now as Mr. Gates was when he made his prediction almost three years ago. Many more are likely to agree with Forbes' assessment of the situation, " Spam is filling up the Internet, and it's not going away anytime soon." Spam reduction applications are making improvements, however, the spammers they are up against are also, and doing so at least as well. Though many, particularly those sitting behind the desks of corporations protected by spam blocking and filtering products, may not see much of the problem, what they do see represents the tip of the iceberg. In this case, though ignorance may be bliss, it is still quite costly.

Dan Druker, executive VP at Postini, a message management company, says, "Everyone thought this was a solved problem . . . But now it's the worst it's ever been." Drucker believes, "This dramatic rise in spam attacks on corporate networks has the Internet under a state of siege." If there is in fact a siege, it is largely a result of sheer volume. According to Postini, "Spam now represents nearly 93 percent of all email." In the past 12 months the company reports that the number of spam messages grew by 147 percent. Much of this growth is recent, 73 percent growth in the past three months alone. Postini is not the only solution provider noting this increase in volume; Web security products provider Ironport concurs. Statistics from Ironport's Threat Operation Center indicate, "Worldwide spam volumes increased from 31 billion messages a day in October 2005 to 61 billion messages per day in October 2006, an increase of nearly 100 percent." Symantec, one of the best know security companies, agrees as well, though with numbers a bit less dramatic; they estimates that as much as 60 percent of all e-mail is spam.

Accepting numbers from security vendors can produce a skewed view of the landscape; they may profit from inflated reports. However, vendors are not the only ones broadcasting the alarm. As far back as 2004 the Federal Trade Commission estimated that spam made up 83 percent of the e-mail traffic in the United States. More recently, a November article in Network World states, "Researchers and IT managers are confirming security vendors' claims that spam levels have spiked in the past month - some say by as much as 80 percent - and show no signs of decreasing." The Network World piece also quotes the co-chair of the Internet Research Task Force's Anti-Spam Research Group, John Levine, "There are enormous amounts of spam; it's shot up like crazy since the beginning of October." Levine says, "Spam is a huge tax on e-mail and the tax just doubled." Whether seen merely as an eyesore or for what it is, there is a cost to spam."

Forbesstates that, "Spam costs corporations millions in Internet capacity, clogs up infrastructure, requires people and products to deal with it and wastes employees' time wading through whatever spam makes it into their inboxes." Perhaps the most recent and damning report on the financial implications of spam came last month from the European Union (EU). BusinessWeek says of the report, "Monday's EU report said spam cost $51.1 billion worldwide last year, according to San Francisco-based Ferris Research Institute." Unfortunately, the cost is shouldered by recipients. Forbes points out that, "Typically, spammers charge less than a hundredth of a cent per recipient," and it is this cost/benefit scenario that keeps them at it.

Ironically, it can be said that recent improvements in spam reduction applications have led spammers to develop new methods, resulting in a huge spike in spam volumes. What is being seen now is, according to Drucker, "a triple threat, a perfect storm" of spam attacks. One element of this triple threat is the use of botnets, infected machines which are unknowingly turned into spam servers. The enlistment of botnets has effectively allowed spammers to avoid blacklists of known ip and email addresses, two elements widely used by anti-spam programs. Botnets also decrease the delivery cost of spam. Postini alone tracks more than a million such infected machines and says that at any moment 50,000 or more may be active. More and more frequently these botnets are delivering a second element of the triple threat, image spam, messages encoded in images within the body of the email. Since spam detection programs rely heavily on text analysis, scanning messages for suspicious keywords, image spam has thrown a wrench in the gears. Not only is text analysis difficult to perform on images, but the alteration of a single pixle of an image creates an entirely new message, rendering cataloging of known messages almost impossible. The numbers illustrate its effectiveness, Ironport reports that, "Image spam reached a new high of 25 percent of total spam volume in October 2006 compared to 4.8 percent in October 2005, an increase of 421 percent."

As critical as it is to take spammers head on, it is important to realize they are not the only ones responsible for the problem. Many say that if no one opened spam the problem would go away. Though education is proving somewhat effective, spammers are making their messages more and more tantalizing. To think that all spam will go unread is as unlikely as a complete overhaul of the Internet, another route that has been suggested. It must be kept in mind that money made on spam is not only made by those who send it, but by those that block it. ZDNet’s blog puts it this way, "For the most part, vendors see big money in being the one who can best stop spam. And so, there's no incentive to collaborate in a way that produces some standards that would ultimately mean no one makes money on stopping spam (which is the way it should be). It's a long story."

A more complete version of this posting, with accompanying informational charts, journal articles, and research reports can be found at the website of Analyst Views Weekly.

More information on this topic can be found in the Electronic Content & Media section of Northern Light's Internet & Information Services Market Intelligence Center.

And in the following articles:

Why Spam Won't Go Away
Forbes, December 12, 2006
Spam is filling up the Internet, and it's not going away anytime soon. It's not just e-mail. We have voice-over-IP spam, instant message spam, cellphone text message spam, blog comment spam and Usenet newsgroup spam. Spam is such a common tactic not because it's particularly effective--the response rates for spam are very low--but because it's ridiculously cheap.

Winning War against Spam Will Need New Strategy
Bloomberg, December 12, 2006
It may not rank up there with George W. Bush's war on terror, or indeed the war on drugs, yet the war on spam is at least as deserving of our attention. It may not be the worst crime in the world, but it is one that makes us victims each day. Just as we aren't doing too well in the wars on terror and drugs, we aren't scoring many victories in the war on spam.

Spam Doubles, Finding New Ways to Deliver Itself
New York Times, December 6, 2006
Spam is back — in e-mail in-boxes and on everyone’s minds. In the last six months, the problem has gotten measurably worse. Worldwide spam volumes have doubled from last year, according to Ironport, a spam filtering firm, and unsolicited junk mail now accounts for more than 9 of every 10 e-mail messages sent over the Internet.

Spam's Making a Comeback and We're All Stuck with It
InformationWeek, December 6, 2006
The New York Times reports grim news that anybody watching their e-mail in-boxes already knew: Spam is making a comeback. Worldwide spam volumes doubled since last year, and spam now accounts for more than 90% of e-mail worldwide. And it doesn't look like the problem is going away.

EU Says More Than Half e-Mails Are Spam
BusinessWeek Online, November 27, 2006
Unsolicited e-mails continue to plague Europeans and account for between 50 and 80 percent of all messages sent to mail inboxes, the European Commission said Monday. EU Media Commissioner Viviane Reding called on EU governments to step up their fight against spam, spyware and other illegal online activities and implement EU rules to improve Internet safety.