NEWS FROM THE LAB - Friday, December 15, 2006

'Tis the Season ... Posted by Era @ 10:58 GMT

Every year around Christmas, the spammers have arranged something like a Gold Rush, ramping up the number of messages they send for the Christmas shopping season.

However, this year, what we are seeing is a completely new phenomenon. It seems that multiple unfortunate events have coincided, resulting in an unprecedented rise in spam levels.

Now, if you look around for statistics, you will find that some claim that spam is now up to a record high 60% of all email in the world, and others claim that spam is at a record high 90% of all email, and some undoubtedly see close to 100% (my personal inbox would be a good example).

Sad Inbox

Whenever you see such numbers, you have to ask yourself whose numbers these are, and how they calculate them. Who has the data to correctly measure all the email in the world? Does that include email sent within corporate intranets, too? How do you account for blocked email which would have been sent if the block wasn't in place? Etc.

But however you measure it, the consensus is clear: Spam is worse than ever.

Right now, we are identifying three contributing factors:

1. Well, it's Christmas Gold Rush again.

2. It looks like the spam nets established by email worms over the last couple of years, and especially during this autumn (Warezov), are now entering a new phase, with massive volumes of spam being sent.

3. Possibly the same spammers have come up with techniques to introduce much more variation in their messages, which enables them to bypass many content-based filters which used to work better.

If you want some numbers, in spite of what was said above, here are some numbers. It's not clear how well they generalize, but this is what we are seeing:

- The average size of a spam message has doubled in the last year or so. No doubt, this is mainly because of the increase in image-based spam.

- The number of spam messages in a typical honeypot mailbox has tripled in two years. The growth is not constant; it has accelerated markedly in the last year.

- Combining and extending the two previous observations, the volume of spam in bytes has grown more than fifteen-fold in two years.

We are hard pressed to find any good news to report in order to balance this account, but it appears that at this rate, we will soon exceed the pain threshold for passing international legislation against spam.