A reason not to celebrate: Spam turns 30
And while junk mail only really started picking up with the rise of the internet in the late 1990s and early 2000s, experts say the financial motivation and sophistication of bot-enabled spam will keep it going strong for years to come.
Coinciding with the anniversary, Symantec published its monthly “State of Spam” report, which shows that junk mail made up about 80 percent of all email in April, with that number increasing to close to 90 percent at times.
Big Yellow said it has spotted several new techniques, including spammers leveraging trusted names, such as Google, to make their unwanted messages seem more legitimate.
Dermot Harnett, principal analyst in Symantec's anti-spam engineering department, told SCMagazineUS.com on Friday that spammers are constantly revising their techniques to push junk mail past security controls.
Unwanted email was first delivered in 1978, when Gary Thuerk, owner of Digital Equipment, sent an unsolicited message to users of the U.S. government-run ARPANET, predecessor of the present-day internet. The message encouraged recipients to come to two product demonstrations for his company in the Los Angeles area.
Since then, spam has constantly evolved to evade defenses such as content scanning and reputation-based filtering. Just in the last couple of years, users have been barraged with image, PDF and MP3 spam.
“It's a very dynamic problem,” Harnett said. “The format and the way that messages are delivered is constantly changing.”
Laws such as the CAN-SPAM Act and the prosecutions of several well-known spammers, including Robert Soloway and Alan Ralsky, have shown that legislators and law enforcement are not accepting the problem lying down.
But, experts said, as long as recipients are falling for the bait, the operation will be remain lucrative.
“Murdering is against the law too, but we still have murderers,” Peter Firstbrook, a research director at Gartner, told SCMagazineUS.com on Friday. “There's always someone who is willing to take that risk if there's cash involved.”
Firstbrook said spam will continue to rear its ugly head because it is free and anonymous and almost all junk mail is sent by bot-infected computers, allowing remote controllers to unleash messages in massive bursts without much oversight.
“Until we solve the PC security problem, we're never going to solve the spam security problem,” he said.
Internet service providers are in the best position to deal with rising amounts of spam because they could detect which of their end-users' machines are infected with malware and thus sending out unwanted messages, Firstbrook said. The ISPs are in a position to isolate infected machines from the internet.
But ISPs refuse to take on this burden because doing so would expose them to additional help-desk inquiries from users wondering why their machines are unable to access the internet, he said. Any bandwidth savings would be outweighed by these additional costs.
“The one group that is actually enabled to fix the problem has no incentive to fix the problem,” Firstbrook said. “We're stuck in this perpetual problem. I think we'll be dealing with spam for another 30 years.”
Harnett said businesses should deploy content and IP reputation filtering in concert with other anti-spam technologies to fight the problem. They also should realize their obligation to ensure none of their employees' machines are serving as bots, he added.