Spam: Previous record toppled

Incredibly, out of every 10 e-mail messages sent nine contain spam and that's a new record. Michael Kassner takes you through the latest statistics.

Every month, Symantec's MessageLabs releases statistics on the state of e-mail spam. In the May 2009 report, MessageLabs had the dubious honor of reporting that the number of e-mail messages containing spam reached an all-time high of 90.4%:

I'm not sure about you, but to me it's hard to grasp that nine out of every ten e-mail messages is unsolicited spam. On a brighter note, the number of e-mail messages containing virus code has decreased to one in 317 e-mail messages:

Also the number of e-mail messages containing phishing content is leveling off at one in 279 e-mail messages:

Security experts aren't surprised at the last two statistics, they even expected it. Users being more cognizant of phishing schemes and improved e-mail scanning are forcing the bad guys to find different tactics to ply their trade. Currently, the preferred methods are via malicious fake Web sites or compromised official Web sites.

Time of day matters

It may not seem like it, but the time you are most likely to get e-mail spam depends on your geographical location. If you live in the United States you can expect the most spam e-mail between 9 and 10 a.m. local time:

People in Europe can expect a fairly consistent increase in spam throughout the day:

People in the Pacific Rim area will be happy to know that their mailboxes will be full of spam right away in the morning.

At first, I didn't understand the logic behind the sending times. But as I read further, the report came up with three possible explanations for the distribution being the way it is:

  • Spammers are predominantly active during the US working day.
  • Most active spammers are located in the United States
  • Spammers are timing spam delivery to coincide with largest on-line audiences.

Here's two more interesting tidbits:

  • Sunday must be a day of rest for spam operators as spam levels drop considerably on that day.
  • Monday and Friday are peak spam activity days.
Europe tops the list

The battle for top honors in spam origination is a close race, with Europe taking the top slot in May:

  1. 31.6% from Europe
  2. 27.8% from Asia
  3. 21.4% from South America
  4. 13.4% from North America

Deciding first place is becoming increasingly difficult as 60% of all spam is sent from botnets. Since botnet members are more or less evenly distributed around the world, the spam origination statistic is beginning to lose significance.

Top spamming botnet

What may be more relevant is the amount of spam sent by each botnet:

  1. 18.2% from Donbot
  2. 16.1% from Rustock
  3. 8.6% from Cutwail
  4. 6.3% from Bagle

The report goes on to state that there's a significant amount of spam (40%) being sent out by smaller and relatively unknown botnets. Also the people controlling these botnets seem to prefer using stolen Web-based e-mail accounts like Gmail for sending spam.

One explanation for that is, using stolen Gmail accounts allow botmasters to apply spear-phishing and social-engineering techniques on the specifically targeted organizations or individuals. This usually increases the success rate. Using Web-based e-mail accounts also increases the likelihood of getting to the intended victim since most administrators don't filter e-mail emanating from sources like Gmail.

Final thoughts

I know a lot of high-powered groups are working on the spam problem, but these reports show little if any progress on their part. Every day, I check spam filters for several clients and it's amazing. For example, a spam filter for one client (only 20 users) captures over 5000 spam e-mails each day. What's going to happen when desired e-mail messages are only a fractional percent of the total amount of those sent?

I hope the experts figure something out soon, as this kind of growth can't continue much longer. Finally, I'd like to thank MessageLabs for their help in supplying the statistics and graphs.