MESSAGING ANTI-ABUSE WORKING GROUP (MAAWG) GENERAL MEETING -- PHILADELPHIA -- Internet service providers reported a slight dip in email abuse in the second quarter of this year, according to data revealed today by the Messaging Anti-Abuse Working Group (MAAWG) at its general meeting here.

MAAWG, an ISP working group aimed at helping combat spam and more recently, botnet abuse, says that spam and malicious emails dropped to 89 percent in the second quarter from 90.4 percent in the first quarter of 2009. MAAWG gathers the only email abuse data based on reports directly from the ISPs, and its latest data is drawn from 500 million email boxes and 200 billion delivered email messages, says Jerry Upton, executive director of MAAWG.

Researchers from Symantec, McAfee, and Cisco, meanwhile, here also reported slight dips in spam and email abuse in the third quarter, although those rates were higher than MAAWG's second quarter numbers. MAAWG plans to release Q3 numbers in a few weeks.

But Upton says not to read too much into the overall decrease in email abuse reported by ISP's: "This may be a somewhat seasonal pattern -- it may go up" again, he says.

"At times, we're doing better, and at times we're holding our own," he says. "This shows the bad guys aren't winning, but neither are we."

The amount of what the ISPs call "abusive email" has hovered around 90 percent or so over the past year. It hit one of its highest rates in the fourth quarter of 2008, when ISPs reported seeing 94.2 percent of all of their email traffic was spam, malware-ridden, or from known abusive sources.

"And this doesn't mean you are still not seeing spam or unwanted email getting to your inbox" because these numbers represent traffic caught before it hits users inboxes, Upton says.

Meanwhile, Symantec says 94 percent of all email was spam in Q3 and seven-eighths of all spam comes from botnets, according to Sandy Jensen, architect of the anti-spam technology group at Symantec.

Matt Sergeant, a senior antispam technologist for Symantec, also provided a peek at the company's latest data on botnet-based spam. Vietnam broadband users send the most bot-based spam per day -- 1,800 per broadband user -- followed by Brazil, with under 1,500; and Romania, around 1,200. The U.S. sends under 200 bot-bases spam messages per broadband user, he says.

McAfee, meanwhile, saw spam volumes declining to around 93.65 percent for the third quarter, and an average of 4.5 million new bots coming online each month, according to Sam Masiello, researcher for McAfee. "So how are people still being duped?" Masiello says. "You have to remember there are always new users coming on the 'Net -- parents, grandparents, and teenagers that have not necessarily been exposed to the new social engineering tactics available today."

One relatively new arrival on the spam scene is South America, with Venezuela, Argentina, and Columbia each cracking McAfee's top ten spamming countries list. "We might be seeing issues here like when Eastern Europe first starting coming online [with broadband] and we started seeing an uptick in spamming," McAfee's Masiello says.

And Russia's bot hosting activity has dropped significantly, he says, from 5.6 percent to 3 percent of the world's botnet hosting activities.

Cisco also saw a drop in Russian spam volume, from 3.7 trillion messages in 2008 to 2.3 trillion this year so far, says Henry Stern, senior security researcher for Cisco's IronPort team. Brazil leads the pack with 7.7 trillion spam messages, and the U.S. accounts for 6.6 trillion, down from 8.3 trillion last year.

"Spam is still growing significantly, but we've shown we can curb it a bit," Stern says. "We've seen the G-20 [countries] have between 20- to 40 percent less spam sent this year than last," which reflects how ISP's are making headway in fighting messaging abuse, he says.

Even so, with around 90 percent of mail designated as abusive today, the cost of blocking that malicious traffic is high for ISPs: "ISP's are stopping spam a lot at the front door using sophisticated techniques. But that involves significant cost" to them, says Michael O'Reirdan, chairman of MAAWG and distinguished engineer in national engineering and technical operations at a major U.S. ISP.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.