I subscribe to many, many newsletters that involve the IT industry – trends, troubleshooting, etc…. One of these newsletters I received had some alarming information in it regarding the trend of spam and viruses as related to email. The data, as reported, focused on email processed by one large vendor…
Postini recently predicted what 2005 will bring for spam and gave an overview of the situation in 2004. Here’s a summary of what happened – and what Postini thinks will happen during the next 12 months:
At the beginning of 2004, 78% of the e-mail processed by Postini was spam. By the end of the year, 88% of the e-mail that Postini processed was spam, a figure the company believes will increase to 92% in 2005.
Directory/dictionary harvest attacks (DHA) – which spammers use to obtain fresh, valid e-mail addresses from a corporate directory – will increase 25% during 2005. During 2004, Postini blocked more than 164 million DHAs and 38 billion invalid delivery attempts, an average of more than 6,000 invalid delivery attempts per mailbox.
During 2003, one in 200 e-mail messages Postini processed contained a virus, a figure that increased to one in 67 e-mails during 2004 and one in 25 e-mails contained a virus near the end of 2004.
During 2004, Postini blocked more than 40% of the 95 billion SMTP requests that it received, based solely on the suspect nature of the IP address from which those requests were sent.
The point of this newsletter is not to be an advertisement for Postini, but rather to point out the direction that a significant processor of e-mail sees for spam and virus attacks.
Admittedly, the situation looks a bit grim. Perhaps the most significant takeaway from the points above is the importance of pre-processing SMTP requests to determine the likelihood they are spam.
Processing at the connection level is an important step toward solving the spam problem because it makes spam processing less of a content filtering issue and more one of source control.
Analyzing the source of spam and blocking or throttling it far back in the network does two things:
It minimizes the amount of spam that reaches the edge of the network.
It puts the onus for spam control on the senders of the stuff, such as the ISPs whose networks are filled with zombies.
Preventing or slowing delivery of messages from IP addresses with a bad reputation means that legitimate, paying customers of these networks whose e-mail can’t get through may switch to networks who are more serious about zombie control and other forms of spam prevention. That would provide an economic incentive for network operators to take a more aggressive stance on controlling spam.