Spam from Web Hosts Three Times More Likely to Make Your Life Miserable

109346-cyber-attack-identity-theft-hackersIt’s sometimes easy to assume that spam is spam, regardless of its source. In fact, most days, we don’t stop to wonder where it came from. Really, who cares? It’s hateful stuff, no matter if it came from the shadowy bowels of a former Soviet bloc country, the shady depths of sub-Saharan Africa, or the server farm that resides in the building down the block. When it comes to spam, we’re equal opportunity haters. But maybe we shouldn’t be.

Considering a May report from Virus Bulletin, maybe we should reconsider how we spread around the hatred for email spam. In a comparative report of spam blocking solutions, Virus Bulletin found that several anti spam applications got good marks. When they’re blocking the nasty stuff that pushes male enhancement on us as if the world’s male population had been exposed to a healthy dose of unhealthy radiation – right to the family jewels – the majority of anti spam programs are doing their job. 19 solutions achieved a Virus BulletinSpam certification, and there was even an increase in the catch rates over previous tests, according to Info Security Magazine; but there is a notable gap in the ability to block spam that originates from web hosts. (The report can be purchased here)

According to Info Security, Virus Bulletin’s anti spam test director, Martijn Grooten, said in a statement to the media that “a lot of the focus in the anti-spam industry has been on botnets of compromised home PCs, and while these botnets still send a lot of spam, spam filters have become quite good at dealing with it.” The problem, Grooten points out, is that “various recent reports have suggested that spam is increasingly being sent from web hosts – many of which are compromised.”This workaround seems to be intentional, perhaps as if the spammers have discovered that their activities have a greater chance for success if they use web hosts. “Our results show that this isn’t merely a shift in the way in which spam is sent, but it actually increases the likelihood of the spam messages making it to someone’s inbox,” Grooten says.

In the testing performed by Virus Bulletin, 64,000 spam emails were considered. More than 30% (19,449) of the emails originated from web hosts. According to Info Security, “the average email sent from a web host had a probability of 1.04% of being missed by a spam filter, compared to just 0.29% for other spam – meaning that web host-sent spam is 3.5 times more likely to bypass a spam filter.”

Grooten points out that both percentages are relatively small numbers, but that the overall number of emails being sent as spam is significant. “On a (very small) campaign of one million emails, this is the difference between fewer than 3,000 and well over 10,000 emails making it to recipients’ inboxes. It could be the difference between a spam campaign making a profit or a loss for the spammer.”

The elephant in the room is the why. Why are web hosted spam emails more effective at getting through anti spam filters? Apparently, that’s going to remain a mystery, at least for the moment. Info Security points out that “while [Virus Bulletin’s] research team is unsure why web hosted spam is more effective at evading filters, Virus Bulletin was quick to point out that the difference also isn’t simply skewed by a small number of emails sent from web hosts that have a very high delivery rate.” The report points out that focusing on the emails blocked by at least three quarters of the anti spam solutions still results in a higher penetration rate for web hosted email spam. And this disparity can’t be attributed to IP blocking, according to the report.

So what does this mean for those of us who, well, simply don’t want or need spam in our lives? That’s the $64,000 question, isn’t it? If spammers realize that they can use web hosted solutions to break through the barrier – and that’s an inevitability – then we can project a higher penetration rate in spam messages, perhaps a renaissance where we’re back in 2005, trying to figure out how to stop the bleeding in our inboxes once again. Anti spam solutions are certainly going to be focusing on the whys and wherefores of this information, working hard to determine why web hosts are spam friendly. It’s a bit of conundrum, and for the moment, perhaps it’s time to dust off your user education material and warn them all over again about the dangers of spam.

Written by Malcolm James

3 Comments

  1. Maria Ortiz · June 28, 2013

    Even if spammers realize they can use web hosts to improve their delivery rates, this won’t help them in the long run. Probably now spam from web hosts goes under the radar because it is so rare; if it becomes mainstream, spam filters will most likely evolve to catch it better. The question is how long it will take spam filters to adapt.

  2. Chris · June 29, 2013

    This is one of the many reasons why we should be smart when it comes to choosing our web hosts. A lot of them are incredibly cheap, that’s true. But then again, they tend to scrimp on some of the most essential things such as security. Worse, if you go for resellers, they don’t have adequate technical support to help you out.

  3. Alona · June 30, 2013

    Agree with Maria. Spam coming from web hosts is still in the baby stages, so it is expected to take a lot of people by surprise. As the cycle goes on and more of the public gets exposed to it, anti-spam developers will find solutions to fight off this spam. This doesn’t mean, however, that we should take this new spam concept sitting down. On the contrary, anti-spam developers should already be on their drawing boards figuring out ways to attack this new problem! There won’t be a perfect solution, but at least the spam can be identified and filtered.

Leave A Reply