Just recently, Forbes reported that, “Spam email is on the wane”.
The credit for the slaying of the beast goes to a heightened level of anti-spam protection. The article goes on to really promote the hard work that so many security engineers are doing and how the average user is becoming more adept at recognizing spam and avoiding, or reporting, it.
So everything is looking good. We can take that security budget and trim it down because after all, spam is dying right?
Sometimes, We Get it Wrong
Yes, spam levels are declining. Botnets that pump millions of junk email messages are constantly being dismantled, anti-spam technology keeps getting better and users are becoming more aware of spam. But this doesn’t mean that it is dying off.
Just like the early days of malware, viruses that infected computers through floppy discs reigned as king. But people soon lost interest in malware that was easily detected and did little for the actual creator. Instead, malware morphed into what we know it as today – software that avoids detection and does more damage to a bank account than it does to a hard drive.
Malicious email has followed the same path. Criminal organizations are no longer sending out millions of emails with poor grammar and spelling that promote the usual suspects. Instead, they are using social channels and other information to target users – sending out smaller batches of carefully crafted email campaigns that don’t have the sheer volume of days past, but are much more effective.
Think about how the level of spam is measured; by the number of messages blocked by anti-spam technology. So that leaves these numbers with two things to think about. First, if targeted spam is what is being sent then obviously the numbers will decrease. If the spammer can send out one thousand messages, that all get delivered, and get ten people to take action that is better than if they send a half a million messages only to find most of them blocked because a mass mailing with those numbers just screams out “SPAMMER.”
Second, spammers are getting smarter. They are always developing ways to fool the filters. If they succeed, then less spam is being caught. With less spam being caught, it appears that levels of spam are falling.
Technology vs. Users
So if our technology tells us that spam levels are falling, why is it that 52 percent of respondents to a survey state that they received more spam last year and 32 percent stated that levels of spam they received stayed about the same? Seventy two percent flat out said they receive too much spam, regardless of what the levels were this year compared to last.
Beating Back Spam
Spam can be filtered out before it gets to your inbox, but you need to have the right technology in place to stop it. Technical controls are great, but if your anti-spam solution does not account for user input then it is not leveraging the greatest tool in the fight against spam, the human brain.
Filtering technology that allows users to whitelist emails that are falsely identified as spam, and flag spam that made it through the filter, have the ability to learn how to better spot malicious email messages because they are being taught how to do so. They don’t rely solely on an algorithm or a list of words or IP address to tell them what spam is. Instead, they use these technologies alongside what the users who are dealing with spam every day have to say about what is junk and what is worth taking a look at.