Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


09:37 PM
Connect Directly

ISPs: Email Abuse Down But Not Out

Messaging Anti-Abuse Working Group (MAAWG) says ISPs, bad guys at a draw when it comes to spam, malicious email

MESSAGING ANTI-ABUSE WORKING GROUP (MAAWG) GENERAL MEETING -- PHILADELPHIA -- Internet service providers reported a slight dip in email abuse in the second quarter of this year, according to data revealed today by the Messaging Anti-Abuse Working Group (MAAWG) at its general meeting here.

MAAWG, an ISP working group aimed at helping combat spam and more recently, botnet abuse, says that spam and malicious emails dropped to 89 percent in the second quarter from 90.4 percent in the first quarter of 2009. MAAWG gathers the only email abuse data based on reports directly from the ISPs, and its latest data is drawn from 500 million email boxes and 200 billion delivered email messages, says Jerry Upton, executive director of MAAWG.

Researchers from Symantec, McAfee, and Cisco, meanwhile, here also reported slight dips in spam and email abuse in the third quarter, although those rates were higher than MAAWG's second quarter numbers. MAAWG plans to release Q3 numbers in a few weeks.

But Upton says not to read too much into the overall decrease in email abuse reported by ISP's: "This may be a somewhat seasonal pattern -- it may go up" again, he says.

"At times, we're doing better, and at times we're holding our own," he says. "This shows the bad guys aren't winning, but neither are we."

The amount of what the ISPs call "abusive email" has hovered around 90 percent or so over the past year. It hit one of its highest rates in the fourth quarter of 2008, when ISPs reported seeing 94.2 percent of all of their email traffic was spam, malware-ridden, or from known abusive sources.

"And this doesn't mean you are still not seeing spam or unwanted email getting to your inbox" because these numbers represent traffic caught before it hits users inboxes, Upton says.

Meanwhile, Symantec says 94 percent of all email was spam in Q3 and seven-eighths of all spam comes from botnets, according to Sandy Jensen, architect of the anti-spam technology group at Symantec.

Matt Sergeant, a senior antispam technologist for Symantec, also provided a peek at the company's latest data on botnet-based spam. Vietnam broadband users send the most bot-based spam per day -- 1,800 per broadband user -- followed by Brazil, with under 1,500; and Romania, around 1,200. The U.S. sends under 200 bot-bases spam messages per broadband user, he says.

McAfee, meanwhile, saw spam volumes declining to around 93.65 percent for the third quarter, and an average of 4.5 million new bots coming online each month, according to Sam Masiello, researcher for McAfee. "So how are people still being duped?" Masiello says. "You have to remember there are always new users coming on the 'Net -- parents, grandparents, and teenagers that have not necessarily been exposed to the new social engineering tactics available today."

One relatively new arrival on the spam scene is South America, with Venezuela, Argentina, and Columbia each cracking McAfee's top ten spamming countries list. "We might be seeing issues here like when Eastern Europe first starting coming online [with broadband] and we started seeing an uptick in spamming," McAfee's Masiello says.

And Russia's bot hosting activity has dropped significantly, he says, from 5.6 percent to 3 percent of the world's botnet hosting activities.

Cisco also saw a drop in Russian spam volume, from 3.7 trillion messages in 2008 to 2.3 trillion this year so far, says Henry Stern, senior security researcher for Cisco's IronPort team. Brazil leads the pack with 7.7 trillion spam messages, and the U.S. accounts for 6.6 trillion, down from 8.3 trillion last year.

"Spam is still growing significantly, but we've shown we can curb it a bit," Stern says. "We've seen the G-20 [countries] have between 20- to 40 percent less spam sent this year than last," which reflects how ISP's are making headway in fighting messaging abuse, he says.

Even so, with around 90 percent of mail designated as abusive today, the cost of blocking that malicious traffic is high for ISPs: "ISP's are stopping spam a lot at the front door using sophisticated techniques. But that involves significant cost" to them, says Michael O'Reirdan, chairman of MAAWG and distinguished engineer in national engineering and technical operations at a major U.S. ISP.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
IoT Vulnerability Disclosure Platform Launched
Dark Reading Staff 10/19/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-22
Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not pa...
PUBLISHED: 2020-10-22
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
PUBLISHED: 2020-10-22
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
PUBLISHED: 2020-10-22
An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.
PUBLISHED: 2020-10-22
An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique.