It’s sometimes easy to assume that spam is spam, regardless of its source. In fact, most days, we don’t stop to wonder where it came from. Really, who cares? It’s hateful stuff, no matter if it came from the shadowy bowels of a former Soviet bloc country, the shady depths of sub-Saharan Africa, or the server farm that resides in the building down the block. When it comes to spam, we’re equal opportunity haters. But maybe we shouldn’t be.
Considering a May report from Virus Bulletin, maybe we should reconsider how we spread around the hatred for email spam. In a comparative report of spam blocking solutions, Virus Bulletin found that several anti spam applications got good marks. When they’re blocking the nasty stuff that pushes male enhancement on us as if the world’s male population had been exposed to a healthy dose of unhealthy radiation – right to the family jewels – the majority of anti spam programs are doing their job. 19 solutions achieved a Virus BulletinSpam certification, and there was even an increase in the catch rates over previous tests, according to Info Security Magazine; but there is a notable gap in the ability to block spam that originates from web hosts. (The report can be purchased here)
According to Info Security, Virus Bulletin’s anti spam test director, Martijn Grooten, said in a statement to the media that “a lot of the focus in the anti-spam industry has been on botnets of compromised home PCs, and while these botnets still send a lot of spam, spam filters have become quite good at dealing with it.” The problem, Grooten points out, is that “various recent reports have suggested that spam is increasingly being sent from web hosts – many of which are compromised.”This workaround seems to be intentional, perhaps as if the spammers have discovered that their activities have a greater chance for success if they use web hosts. “Our results show that this isn’t merely a shift in the way in which spam is sent, but it actually increases the likelihood of the spam messages making it to someone’s inbox,” Grooten says.
In the testing performed by Virus Bulletin, 64,000 spam emails were considered. More than 30% (19,449) of the emails originated from web hosts. According to Info Security, “the average email sent from a web host had a probability of 1.04% of being missed by a spam filter, compared to just 0.29% for other spam – meaning that web host-sent spam is 3.5 times more likely to bypass a spam filter.”
Grooten points out that both percentages are relatively small numbers, but that the overall number of emails being sent as spam is significant. “On a (very small) campaign of one million emails, this is the difference between fewer than 3,000 and well over 10,000 emails making it to recipients’ inboxes. It could be the difference between a spam campaign making a profit or a loss for the spammer.”
The elephant in the room is the why. Why are web hosted spam emails more effective at getting through anti spam filters? Apparently, that’s going to remain a mystery, at least for the moment. Info Security points out that “while [Virus Bulletin’s] research team is unsure why web hosted spam is more effective at evading filters, Virus Bulletin was quick to point out that the difference also isn’t simply skewed by a small number of emails sent from web hosts that have a very high delivery rate.” The report points out that focusing on the emails blocked by at least three quarters of the anti spam solutions still results in a higher penetration rate for web hosted email spam. And this disparity can’t be attributed to IP blocking, according to the report.
So what does this mean for those of us who, well, simply don’t want or need spam in our lives? That’s the $64,000 question, isn’t it? If spammers realize that they can use web hosted solutions to break through the barrier – and that’s an inevitability – then we can project a higher penetration rate in spam messages, perhaps a renaissance where we’re back in 2005, trying to figure out how to stop the bleeding in our inboxes once again. Anti spam solutions are certainly going to be focusing on the whys and wherefores of this information, working hard to determine why web hosts are spam friendly. It’s a bit of conundrum, and for the moment, perhaps it’s time to dust off your user education material and warn them all over again about the dangers of spam.