Spam Down, Users Still At Risk

Posted by Christine Borgia on

Brian Krebs recently posted on his blog, Krebs on Security, that spam has decreased significantly in recent years. Using data from Symantec’s MessageLabs, Krebs created a graph that shows spam volumes since 2007, and the peaks and valleys associated with bot takedowns and other major events are clearly visible. What’s also clear is that spam volumes are as low as they’ve ever been, and have been consistently low for over a year.

So, shouldn’t we all go celebrate? Has our blood, sweat, and tears finally resulted in user inboxes that are full of wanted email, free of spam, as well as safe and secure? Regrettably, no, that’s not the case. Anybody in the anti-abuse business knows that volume numbers never tell the whole story. Sure, users receive less of the blast spam of yesteryear – pharmaceuticals, stock tips, xxx – but that’s not where the story ends. On the plus side, getting rid of that junk means users have a better experience in their inboxes. Unfortunately, this makes them more trusting of the mail they receive each day, less able to tell the good from the bad. Add to this the fact that cybercriminals have become more sophisticated and phishing email is no longer reliably going to be from a bank you don’t even do business with.

Modern phishing campaigns are more targeted, and cybercriminals are less interested these days in getting your banking credentials. No, these days they want more. They are compromising individual user accounts, using those to gain the credentials of more accounts, to send spam, and to distribute malware.  As the volume of spam goes down, the threat level seems to go up.

The anti-abuse industry should be be thrilled at the progress they have made in fighting email spam. As Krebs mentioned, coordinated industry efforts have led to disconnecting rogue ISPs and taking down major botnets. But there is still much to do. Mailbox providers and senders need to work together to authenticate mail and reject suspicious mail that fails authentication. This protects users from receiving at least some of the phish email. And mailbox providers need to take it a step further and increase their efforts to curb outbound abuse by protecting users from compromises and stopping the creation of fake accounts. The more mailbox providers we can get to implement authentication and outbound abuse, the safer email users will be.

Here at Return Path, we provide tools to help mailbox providers do just that. To find out more about our Fraud Protection Services, or for assistance implementing authentication, please contact us.


Popular this Month

 Video in Email: Is It Right For Your Business? (Part 1)

Video in Email: Is It Right For Your Business? (Part 1)

Video in email is nothing new. Marketers have been using some form of video...

Read More

 [New Research] Are These Hidden Metrics Harming Your Deliverability?

[New Research] Are These Hidden Metrics Harming Your Deliverability?

Reaching the inbox is not as simple as hitting send. Once a message is...

Read More

 What Job Is Your Subscriber Hiring Your Email To Do?

What Job Is Your Subscriber Hiring Your Email To Do?

Over the last 16 years, I’ve worked as a product manager, run product...

Read More

Author Image

About Christine Borgia

As Senior Director of Data Support, Christine ensures that Return Path's employees, customers, and consumers are able to get the answers they need about our data and data sources. Prior to joining Return Path, Christine spent seven years fighting spam for AOL where she led a team of content filtering and IP reputation experts. Connect with her on Twitter @christineborgia or at linkedin.com/in/christineborgia.

Author Archive

Stay up to date

Enter your name and email address below to subscribe to our mailing list.

Your browser is out of date.
For a better Return Path experience, click a link below to get the latest version.