Spam: down but not out

21st February 2017

Cath Goulding

Cath Goulding
Head of Information Security

We are ensconced in a period of both rising and falling spam, email and edible respectively. While the processed-meat-in-a-can’s reputation has fallen of late (following a report from the World Health Organisation that labelled it a carcinogen), the volume of unwelcome emails is on the rise again despite a brief respite.

The term ‘spam’, when applied to emails, is defined as a message that is both unsolicited and in bulk. This definition is internationally-accepted, and spam is banned by all internet service providers worldwide. Spam is sent with various intentions, many of them malicious: spam emails can be an attempt to sell illegal goods, phishing scams or tempting people to click on links to sites that host malware, offering a multitude of risks to the receiver and their machine.

Spam has been a headache for humans since the 19th century when Western Union first made it possible for telegrams to be sent to multiple destinations. The original spamming incident is believed to have occurred in 1864 when British politicians received unsolicited telegrams advertising dentistry services – 73 years before the introduction of the canned meat that would one day provide the name ‘spam’.

Despite its longevity, spam is still going strong and appears to be on the rise: according to research by Statista, in May 2014 spam accounted for 71.1% of email traffic, but then proceeded to drop to 52.8% by September 2015. The lull was not to last however, and by September 2016 spam levels were back at 61.25% and rising. A recent report by Cisco concurred, estimating that currently 65% of all emails are spam, 80% of which are malicious. What accounts for this ebb and flow?

The fall was likely due to improvements in technological resistance making it more difficult for spammers to operate, while well-publicised takedowns of high-earning spammers would likely have dis-incentivised others for a time. With a lower volume of spam, experts had more time and space to refine their defences, helping to maintain the low levels. Unfortunately, the end of all email spam is an unrealistic dream, and as the rates rise again, businesses and individuals need to step-up their defences and accept unsolicited emails as an irritating fact of life.

Part of the problem are the opportunities, avenues, and anonymity the internet offers spammers. While there is legislation in place, this varies country by country, and as such spammers often operate from places with looser restrictions. As of 2003, the UK anti-spam laws see offenders facing fines of up to £5,000, but as so much spam is sent by a botnet, it is difficult for prosecutors to hunt down offenders.

By using a botnet, spammers can send their emails through someone else’s address space to prevent being blocked or tracked by authorities. The world’s worst ‘botnet country’ as of 14 February 2017 is China, followed by India and Brazil. The volume of spam emails also varies by country, with Cisco’s recent 2017 Annual Cybersecurity Report finding that India receives the highest amount of spam; 85% of all emails. This is followed by Brazil with 57% and Mexico with 54%.

If we can draw one benefit from a rise in prevalence of email spam, it is that we have more data to analyse, which we do at Nominet with the help of our DNS data analytics tool turing. Using turing as a guide, we are able to observe the changing methods of spammers – for example, the current method de rigueur is to use attachments that can infect machines when opened. We are also seeing a closer connection between malware and spam, as the former’s operations are having an impact on the volumes of the latter. As the slippery spam merchants develop and refine their methods of attack, monitoring data, observing patterns and tracking changes are vital to keep defences updated. In the war on spam, the allies can’t afford to stand still.

Instead of seeking eradication, we must invest our efforts into better monitoring, improving defences, and mitigating the impact of spam by having robust recovery plans in place. These plans should be reviewed and updated regularly and include backing-up valuable and sensitive data offline.

If you run a business, educate all your staff to be wary of email attachments from unfamiliar senders and empower them to flag up any potential spam emails. This will help you to recognise and keep tabs on methods being employed by cyber criminals and to advise colleagues on what to look out for. For those suffering with spam emails on personal accounts, try and limit how often you subscribe to websites or services with your email address, or create a separate email account for all subscriptions to isolate the subsequent spam.  Many providers also allow you to mark an email as ‘spam’, which will then filter out emails from similar sources.

Despite the rise and fall of email spam rates, there is no doubt that unsolicited bulk messages are here to stay. Be alert to any threats and ensure that you have security systems and measures in place to make life as difficult as possible for those looking to harm either you or your business.