Start New Discussion within our Hardware and Software Community

Ipswitch Inc has published the seventh Spamometer survey results, revealing that spam is now at its highest rate since recording began. How high would that be? Well for the same spring period last year the measure was some 62% of all received email, that has risen to an incredible 93% of all email received according to the network monitoring specialists.

Of this number, 34% can be attributed to the growing scourge of pharmacy spam, narrowly pipping financial and phishing on 33% to the top (dis)honor. Gambling on 7% and Pornography on 5% make up the top four spaces, assuming that we discount the actual third place category of ‘undecipherable’ on 12%.

This report comes hot on the coat-tails of an IDC study which warned that more than 40 billion spam messages would be sent worldwide during 2007, courtesy of a combination of the success in getting image-based spam past filtering mechanism and the increased response rates via email sender ID spoofing.

Just to add to the email problem, MessageLabs which operates a managed email service has revealed that there is a growing coming together of spam and virus activity, with cyber-crime being the driving force. Criminal gangs are starting to act ever more like structured businesses, looking to milk every bottom line dollar from the spamming service they provide. And so it is that MessageLabs have been intercepting messages which contain pump-and-dump stock scam spams along with links to malware laden websites. Visit the website, disengage your common sense for long enough to download the ‘screensaver’ you find and hey presto, as if by magic your computer is infected with the Zhelatin MeSpam engine and becomes part of the criminal evil empire, continuing the more spam cycle.

By layering one threat on top of the other, the gangs are delivering a double security whammy at half the cost. Think of it as pump-dump-infect I guess, I know many a bug business that would be proud of the ingenuity and innovation displayed by these gangs. On the other hand, poor schmucks like me and you have to put up with 93% of our email being rubbish, and increasingly we can look forward to it being infected rubbish.

The toxicity has to stop if email is to remain a truly useful communications medium. Unfortunately, without going down the spam-vigilante route, or bringing in the death penalty for spamming scumbags, the problem will remain.

Yes, anti-spam filtering technology is improving all the time. No, it isn’t diminishing the amount of spam being sent. Yes, laws are in place around the world to deal with spammers. No, they are not working, at all. Yes, I love email. No, I’m not using it as much as I used to. IM, texting and, wait for it, even good old fashioned pen and ink and postage stamp are increasingly demanding my communication time.

Spam is destroying the marvel of modern messaging, what can we do to stop the rot? Serious suggestions welcome, on a postcard please.

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

Since Spam by and large originates from servers outside the juridstiction of the US or the EU (the actual location of the hated spammer being immaterial in this modern age of communication wonders...), I vote to cut the fiber going to those countries that permit the spammers to route the spam through their networks without fear of prosecution.

Since that will probably never fly, I have a more pragmatic idea...

Lets offer bounties on the hard drives of spammers and let the crackers work for us. It's already a money making industry - if our governments were to enact laws allowing for cyber-bounty hunters and pay a reward either for the utter destruction of the spammers hard drive or for information leading to the arrest and conviction of the spammer then we might be able to take them down (although this would certianly infringe on the civil liberties of the spammers.)

Or, we could construct a massive social networking server to determine the probability of Spam. For example, a server that when you get an e-mail, checks it against who you're "friends" with, and then checks their friends, and you maybe go about three levels deep and see if it's somebody on the list. Otherwise, it may be spam.

I'm not convinced that they should ;)

But they're sneaky little suckers, so the risk them framing somebody innocent gives me a bit of pause...

What about subtle viruses that turn an innocent computer into a spam bot in the background? Those could still originate from the US/EU and nearby connected nations (IIRC, eastern bloc countries are also a large source of spam...). Creating a botnet can't be that hard given the number of exploits and unpatched systems floating around...

My solutions are mundane, yet effective. I use an email whitelist and I browse the web with Opera or at least Firefox. I avoid MSIE.

This makes the process of emailing a bit more formalized, since after meeting somebody, I have to add their email address to the whitelist before they can contact me. But this is the only effective way of completely shutting down spam, and so whitelists are eventually going to become the norm. Perhaps email clients will start to have built-in functionality to facilitate the management of server-based whitelists. At that point, maintaining a white-list will be something that non-technical users can do. Once this gets widespread acceptance, there will no longer be any point in attempting to spam.

As for the death penalty for spammers, that would be totally ineffective in stopping them. The death penalty has been demonstrated through decades of law enforcement studies to pose no deterrent effect on actual criminals. The only thing it accomplishes is to satisfy the blood-lust of survivalist end-timer types in Wyoming for somebody (anyone who looks vaguely suspicious will do) to pay a hefty price when a crime is committed.

Unless internet becomes UN jurisdiction and laws (like Maritime laws for the international waters) are passed, and every country is forced to ratify them, the problem will go on and on.

>This makes the process of emailing a bit more formalized,
>since after meeting somebody, I have to add their email address to the
>whitelist before they can contact me. But this is the only effective way of
>completely shutting down spam, and so whitelists are eventually going to
>become the norm. Perhaps email clients will start to have built-in
>functionality to facilitate the management of server-based whitelists. At
>that point, maintaining a white-list will be something that non-technical
>users can do. Once this gets widespread acceptance, there will no longer be
>any point in attempting to spam.

This has huuuge usability issues. Nobody can contact you until you add them to the white list, which would block a huge amount of legitimate email. It would also require a hand-maintained list, which only a few tech-savvy masochists would want to put up with. Even then, someone will likely find a way to break it. Security systems that don't get used are basically worthless.

If I knew a spammer... I would immediately post every personal piece of information about him on every site/blog/bathroom stall I could find. BAM problem solved.

And really, I think it should come down to individuals doing their part. Why bring the Government into it? They only prove time and time again they are too big, old, and slow to keep up with technology.

I don't want an internet where the government is metaphorically standing on every electronic street corner double-clicking their m16's at web surfers and emailers.

Market forces can handle this problem, the government can only take away the freedom of the internet and build new bureaucracies it can't afford.

The article starter has earned a lot of community kudos, and such articles offer a bounty for quality replies.