Posted by Virus Bulletin on Apr 16, 2013
What happens before the filter doesn't matter too much.
It is surprisingly difficult to get accurate figures for the amount of spam that is sent globally, yet everyone agrees that the global volume of spam has come down a lot since its peak in late 2008. At the same time, despite some recent small decreases, the catch rates of spam filters remain generally high.
Spam still accounts for a significant majority of all the emails that are sent. A world in which email can be used without spam filters is a distant utopia. Yet, the decline of spam volumes and the continuing success (recent glitches aside) of filters have two important consequences.
The first is that we don't have to fix email. There is a commonly held belief that the existence of spam demonstrates that email (which was initially designed for a much smaller Internet) is somehow 'broken' and that its needs to be replaced by something that is more robust against spam.
Setting aside the Sisyphean task of replacing a tool that is used by billions, proposals for a new form of email tend either to put the bar for sending messages so high as to prevent many legitimate senders from sending them, or break significant properties of email (usually the ability to send messages to someone one hasn't had prior contact with).
Still, if spam volumes had continued to grow, we would have had little choice but to introduce a sub-optimal replacement. The decline in spam volumes means we don't have to settle for such a compromise.
Secondly, current levels of spam mean there is little threat of a constant flow of spam causing mail servers to fall over.
At the same time, one would be hard-pressed to find a user whose email is not filtered somewhere - whether by their employer, their provider, or their mail client.
Thus, looking at the spam that is sent isn't particularly interesting as it provides us with little insight into the actual problem. What matters is that small minority of emails that do make it to the user - whether because their spam filter missed it, or because they found it in quarantine and assumed it had been blocked by mistake.
Equally important is the question of which legitimate emails are blocked, and why - and what can be done to prevent this from happening again in the future.
It is tempting to look at all the spam received by a spam trap, or by a mail server, and draw conclusions from that. They certainly help paint a picture, but in the end they say as much about what users see as the number of shots on target in a football match says about the final result.
Despite the doom predicted by some a decade ago, email is still with us - and we have won a number of important battles against spam. But if we want to win the war, we need to shift our focus.
This Friday (19th May) I will give a talk in Athens, Greece on the current state of spam. The talk is organised by the local ISACA and OWASP chapters.
Posted on 16 April 2013 by Martijn Grooten
