• On The Insider: Victoria's Secret: Behind the Wings
December 12, 2007 3:02 PM PST

Study: 95 percent of all e-mail sent in 2007 was spam

Posted by Matt Asay
  • Font size
  • Print
(Credit: Barracuda Networks)

There was a time--2004 to be precise--when spam "only" consumed 70 percent of all e-mail. Those were the good old days. Today, as Barracuda Networks' annual spam report shows, upwards of 95 percent of all e-mail is spam. In 2001, the number was 5 percent.

We've come a long way, baby.

Ironically (or not), the United States' Can-Spam Act has done absolutely nothing (zip!) to stop the spam onslaught. It has come to the point that, as a separate Barracuda survey of 261 business professionals shows, we increasingly prefer telemarketing to e-mail spam. (I find that I'm much more willing to give my home address and phone number than my e-mail address these days. You?)

Some salient numbers from the reports:

  • The Barracuda Networks study, based on an analysis of more than 1 billion daily e-mail messages sent to its more than 50,000 customers worldwide, found that 90 percent to 95 percent of all e-mail sent in 2007 was spam, increasing from an estimated 85 percent to 90 percent of e-mail in 2006;

  • Barracuda Networks' poll also showed that 50 percent of users received five or fewer spam e-mails in their in-box each day. Almost 65 percent received less than 10 spam messages each day, while 13 percent were inundated with 50 or more spam e-mails daily. (That's me, unfortunately.);

  • Spam is becoming more sophisticated. Barracuda Networks found "that the majority of spam e-mails in 2007 utilized identity obfuscation techniques";

  • Spammers also increased the usage of attachments, such as PDF files and other file formats in 2007.
  • 57 percent of respondents view spam e-mail as the worst form of junk advertising, close to double the 31 percent that cited postal junk mail. Only 12 percent chose telemarketing;

    • What is to be done? I suspect, as Dana Blankenhorn has written, that the spam problem is not an individual's problem. It's a community's problem and, hence, a community response is arguably the best way to resolve it. There are interesting open-source projects that leverage the power of community to identify and block spam.

    (Credit: Barracuda Networks)

    But what about adding to this with a social-networking approach? I've written before about the role one's address book could play in building online trust networks, and how these same networks could be used to block spam. Following the six degrees of separation argument, I could presumably create a massive "white list" of allowable e-mail senders by linking my friends (and their friends, and their friends...) Everyone else? Blocked, until they become part of the network.

    The point is that collective intelligence is likely better than an individualistic approach to combating spam. When we start pining for the "good ol' days" of junk mail and telemarketing, we clearly need to find solutions. Filtering probably isn't going to cut it.

Matt Asay is general manager of the Americas and vice president of business development at Alfresco, and has nearly a decade of operational experience with commercial open source and regularly speaks and publishes on open-source business strategy. He is a member of the CNET Blog Network and is not an employee of CNET. Disclosure.
Topics:

Industry news,

Number crunching

Tags:

spam,

Barracuda Networks,

open source,

social networking

Bookmark:
Digg
Del.icio.us
Reddit
Recent posts from The Open Road
Novell delivers another 33 percent quarterly rise in its Linux business
Cisco's $100,000 bounty: Get paid to love Linux, diss Microsoft
Apple more proprietary than Microsoft, survey finds
Facebook finally hits the mainstream
China Linux policy suggests open source is not always open
Pandora breaks free on the iPhone: Is the music industry listening?
Microsoft's mixed-up open-source TCO messaging makes perfect sense
Eclipse coaxing developers away from Windows Vista?
Add a Comment (Log in or register) 16 comments
by Amadal1 December 12, 2007 12:00 AM PST
Surveying normal users will gravely under-report the amount of spam because most users never see the bulk of it. As owner of a domain, I get over 3,000 spam messages a day. Some are bounces from failed deliveries of spam that was sent by someone else as if it came from my domain, some have been sent to common domain recipients (such as sales@), but most are just random as if my email addresses had been harvested. I use whitelists to get most of my messages into active mailboxes, but any left over email is forwarded to my junk folder so I can examine it because, alas, legitimate messages often get eaten by standard spam filters.
I wonder how long it will be before the spam comes in faster than I can delete it.
Reply to this comment
by vashachiroku December 12, 2007 4:19 AM PST
I found the best way to fight spam is just join in. I buy 20 products from each email I get, now if we have everyone buying 20 of their projects, they will run out of products to sell and wont email anymore!
Reply to this comment
by JM777 July 2, 2008 3:04 PM PDT
This is the totally wrong approach. In fact you are the reason spam still exists. If no on opened or clicked on links or bought any thing from spam mail it would go away because it would not be profitable.
by geofffeldman December 12, 2007 4:42 AM PST
There is something wrong with the study if in 2001 only 5% of e-mail was spam. By 2001 the majority of my e-mail was spam and I am sure that I was not so atypical. My curiosity is who actually buys stuff in response to spam? Obviously people wouldn't spam if no one ever responded, but no one has ever "confessed" to me that he or she spent money in response to spam. Is there anyone in this forum who would like to share his experience with buying something from a spammer. BTW I define spam as a marketing e-mail where the sender and receiver have had no previous relation. For example I do not consider the targeted marketing e-mail that I receive from amazon.com to be spam as I have patronized them in the past(I recently bought a book in response to an e-mail from Amazon). I decided to share my spam experience. In my inbox I have 6 e-mails this week that have survided my spam filter and 20 that didn't. Only three are legit, so that is 3 out of 26 or 11%. I think I deleted some spam from my inbox too this week. 13 of the 23 spam e-mails were for RX's the bulk of which were sex-related(Viagra or *****-enhancers, etc.) 6 were porno, 2 on-line gambling, one on-line college degrees and an on-line store that makes replicas of brand-name watches. I have been using e-mail regularly since 1988(we called it BITNET back then) and I never received spam until 1999, shortly after I voted on-line for baseball's All-Star team and had to enter my e-mail(maybe just a coincidence, who knows?).
Reply to this comment
by geofffeldman December 12, 2007 4:58 AM PST
I have long noticed that one thing that makes spamming a novel form of marketing as opposed to junk mail or telemarketing is that it is free! It costs money to pay someone to make phone calls and it also costs money to send junk mail. Thus telemarketing and junk mailing need a minimum response rate to be profitable, while perhaps a spammer can make a profit even if just one out of a thousand respond to his e-mail. I have considered thus as an option to require provider's to charge a nominal fee, maybe a penny per message, for each message sent to each recipient. That way if you send 5 e-mails a day you pay $1.50 a month, if you send 1000 a day, $300 a month. This would not affect the behavior of most "normal" e-mail users but would be a strong incentive for spammers to at least try to target those recipients most likely to buy.
Reply to this comment
by rcrusoe December 12, 2007 5:57 AM PST
Since 2004 when Mr. BG stated ""Spam is a major security problem... We hope this problem will be under control within two years," we've seen spam at my company climb from approximately 70% of all messages to its current level of 99.5%.

Fortunately our users see almost none of this in their Inbox. But the cost of the bandwidth to handle this onslaught and the technology to block it continues to increase.

However, I disagree with those that prefer telemarketing to e-mail. I give out my GMail address rather than my phone number. Google's filters do an excellent job, and anything they miss is usually stopped when the messages are auto-forwarded to my personal domain.
Reply to this comment
by PlexVector December 12, 2007 6:20 AM PST
Since Time Warner Roadrunner has implemented their new spam policy several months ago at the ISP level my spam went to zero. I read their policy online and it makes a lot of sense, and other ISPs I hope will follow. I've read in past analysis that the only way to really combat spam is at the ISP level, rather than the user. I've actually turned off my spam filters! I have also read that some ISPs have stopped sending bouncebacks to help alleviate traffic.

I have several aliaes that I use. I never use the main account, I have one for registering with trusted web sites, one for websites I'm not sure about, and one for personal communications with friends. It makes it easer to manage if/when an e-mail gets compromised. Only the one that was used for personal use did I ever get spam on due to it being farmed by viruses on computers of unsophisticated friends. Unfortunately, people forward e-mails without cleansing the e-mail addresses first.
Reply to this comment
by sandradayoconnor December 12, 2007 6:50 AM PST
The average click through rate for most spam is generally accepted to be 2%. If you consider the cost for sending spam, a 2% response rate is grossly profitable.

Spam works. Spam works because people, both the sender and receiver, are greedy. "Oh! This is a GREAT deal! I just HAVE to click through to take advantage of this!" Bingo. Spam continues.

I would like to believe there is a way to stop spam. I would also like to believe that world peace is possible. Given the sterling nature of humankind, I'm not holding my breath for either.
Reply to this comment
by Toulinwoek December 12, 2007 7:10 AM PST
I have never had nearly as much problem with spam as the Internet as a whole is claimed to be mired in, but I'm not denying the size of the problem, though I am a bit skeptical about 95%. Maybe that's just my experience reflected in my opinion.

What I'd like to know is, what is the percentage of the idiots who keep spam alive by buying into these various offers? As has been stated, spam is profitable, but that can only be so if enough people are buying what the spammers are selling.
Reply to this comment
by only_truth December 12, 2007 8:04 AM PST
There are some emails that I just cannot receive because Verizon cuts them off. Others however sneak through. The problem with your whole Six Degrees of Separation theory and White Listing is that eventually everyone will be included in the network - even spammers. That's the whole point of the theory: that everyone can be connected to everyone else. Some emails that I want could be considered spam to other users; it all depends on user preference.
Reply to this comment
by mopeon December 12, 2007 8:19 AM PST
Uh, how do you think you get half that spam? One of your friends' contact list! Your 'friend network' (a) would not stop spam at all and (b) already exists via facebook, linkedin, myspace, etc.

You need to shut this down at the source, not the recipient. But you can use the recipients, in coordination with legal/financial disincentives, to make a wholistic system.

The real solution, IMHO, is that when human users choose to designate emails in their inBox as Spam then the address/IP/Header/Subject/Content all goes to a mega/community database and if that same message gets treated similarly by a threshold # of humans, say a few hundred empirically determined, then that info is added to the spam list and is accessed by all mail agents for auto-filters. This is for emails that make it past the spoofing/EHLO filters.

Benefit of 'human-eyesd' black-list accessed by query-only:
-Registrars of multiple offending domains can be prosecuted. (e.g. DynamicDolphin is registrar for 98% of the 30 spams I get every day).
- Registrars/hosting services/ICANN can review (legally mandated) and disconnect offending IP Addresses and domains. (note this is post spoofing, so no damage there).
- Contact info (namely name and phone number) of whois records listed and Registrars can opt for phone verification of registrants. This would add cost to serial spammers who hop around domain registrars as they would have to keep getting new phone numbers.
- Mail agents can build better lists for auto-filters that go beyond 'cleverly' selected keywords or validation algorithms.
- White-lists managed by the BBB (in US) or the WTO (globally) of legitimate businesses can be easily cross-referenced against this list.
- Get ICANN to actually DO something about spammers.
- Offender appeal process to get off this list would be rather straight forward, since spoofs don't hurt them.

What'smore, design the full datawarehouse to be easily, privately accessible by Fed/FTC/FCC agencies so they can directly see is getting loaded up and prosecute directly, assuming CAN-SPAM is modified.

oh4real
Reply to this comment
by Trey71 December 12, 2007 9:05 AM PST
And 90% of that 95% comes through comcast.net!
by sadchild December 12, 2007 10:57 AM PST
(I find that I'm much more willing to give my home address and phone number than my e-mail address these days. You?)

Hell no!
Reply to this comment
by ballmerisanape December 12, 2007 5:03 PM PST
Thanks Microsoft for allowing your users to be zombie spam bots. We all appreciate it. Great Job.
Reply to this comment
by Travis Ernst December 12, 2007 7:01 PM PST
Mopeon, when ISP's (say you are a small company or home business) get hijacked and blackflagged, you have a LIMITED TIME to prove you were not the one sending the junk mails to get off the blacklist. By limited time I think it was one week or less. Otherwise you are placed on the blocked list and cannot send out mail.

I think that percentage of spam is a little high as well. I am one who, on my previous provider, had to crate an "approved list" as well as a filter custom made to look for keywords that most junkmails have, such as the adult mails, stocks, medications etc. By entering over 35 words and variants in spelling it caught about 90% of the incomming spam.

Some reason it liked to treat all mails from AOL as spam, even if the account was listed on my approved list. Even on AOL my account was one of the few that didn't get bombarded by junk. Maybe a few unwanted, but otherwise I was one of the lucky ones.

Now my new ISP has great filters and I don't think I have seen a single piece of junk get through. The typical catalog mailers from sites you purchase from, but quarterly mailings from them are a lot better then trash I had coming in before on a daily basis.

As for having idiots call me, No problem. That way I can yell in their faces. I've had a bad last 12 months of being mistaken for another person and the creditors are chasing after HIM and are calling ME. Even his college has called me trying to collect. By phone I can find out the details and it is a two way street, not a noreply email address. If it is one of the 3 times a week debt consolidations I can talk firmly in their ears to remove me or I'll sue them for repeat calls after I was to be removed ($500/per violation). They act quickly.

Not to mention MOST of us are already listed for phone and address in Ma Bells books.
Reply to this comment
by kwhittingham December 12, 2007 11:01 PM PST
Spam is illegal - right? People using, and therefore promoting span can be easily traced. Why not put ransoms out for their capture and metaphorical 'hanging' - they have to pay their own ransom and compensate the spammed for the costs incurred. The average mid-large corps pay more than a million a year because of spam.
Reply to this comment
advertisement

In the news now

Slowing expectations at a green-tech start-up

Six months ago, biofuels start-up Mascoma had the wind in its sails, as did the rest of the clean-tech sector. Now, the company is treading carefully and scaling back.


With JavaFX, Sun seeks new coders, new revenue

With the launch of JavaFX 1.0, Sun is trying to reclaim Java's strength as a foundation for rich Internet applications. But it's no longer the incumbent.


Tim Lincecum, motion capture star

San Francisco Giants pitcher, who won the Cy Young award last month, dons a motion capture suit for 2K Sports' Major League Baseball 2K9 video game.


Resource center from CNET News sponsors
Business. Ready.
Sony VAIO® Professional PCs.

Click Here!
A new grade in mobility demands a new kind of notebook. And Sony delivers.Tough, portable and featuring up to 7.5 hours of battery life! VAIO® Professional notebooks are built for business. Learn more.

Click Here!
Built tough for business.

Learn more about the rigorous quality testing Sony puts its notebooks through.

Protect your investment.

Find out why VAIO® tech support recently won a Laptop Editors' Choice Award, July 2008.

Long battery life.

Up to 7.5 hours of battery life! See how VAIO® PCs will keep you productive longer when on the road.

Travel light

Check out our ultraportable line-up, starting at 2.87 lbs.

PCs for every need.

Find out which VAIO® notebook is right for you.

About The Open Road

Matt Asay brings a decade of in-the-trenches open-source business and legal experience to the Open Road, with an emphasis on emerging open-source business strategies and opportunities. Matt is general manager of the Americas division and vice president of business development at Alfresco, a company that develops open-source software for content management. He is a member of the CNET Blog Network and is not an employee of CNET. Disclosure.

Add this feed to your online news reader

The Open Road topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
Latest news
Business tech
Green tech
Wireless
Security
Media
Popular topics
Apple iPhone
Apple iPod
CES
Cell phones
Dell
GPS
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
Corrections
Customer Help Center
RSS
What's new
About CNET