Despite fears that GDPR restrictions could hinder researchers’ ability to identify and shut down spammers, it does not appear that junk email campaigns have accelerated their operations since the sweeping data privacy regulations took effect in Europe on May 25.
In a blog post published today, researchers at Recorded Future have noted that average spam levels did not increase between May and Aug. 1, while the number of domain registrations actually declined slightly from May 25 through July 2. (The spam statistics were actually gathered in separate researcher by Cisco Talos, while Recorded Future collected the domain registration numbers.)
Concerns have arisen that GDPR could have unintended negative consequences because the regulations are incompatible with WHOIS, an online identity service and protocol, governed by ICANN (Internet Corporation for Assigned Names and Numbers), which allows people to look up domain names’ registration information, including owner name and contact information. Researchers often use this WHOIS information to gather details on suspicious websites, linking them to threat actors. But it’s possible that a growing number of domain registrars may shun this service over fears they may be in violation of GDPR, making them subject to huge fines.
Some security experts have wondered if the sudden unavailability of WHOIS as a research tool might entice spammers to redouble their efforts, knowing they will be harder to identify and track. But early results indicate that this is not the case, say Recorded Future blog post co-authors Allan Liska, senior security architect, and Bruce Liska, professional services team member.
Citing Cisco, the blog post notes that on May 1, 2018, 85.28 percent of all emails were spam, compared to 85.14 percent on Aug. 1 — a negligible difference, post-GDPR (actually, a minor decrease). “In other words, spammers are not — at least at this time — rushing to launch new campaigns because of GDPR-enforced WHOIS privacy rules,” the blog post explains. “Spam is still a big problem, but it has not become a bigger problem…”
Meanwhile, Recorded Future notes it collected an average of more than 223,500 new domain registrations per day in the month leading up to GDPR, and only 213,300 per day from May 26 through July 2. In other words, there is no evidence to support that spammers were even rushing to register new malicious spam domains in preparation for a future campaign that hasn’t occurred yet.
Additional numbers also do not support the notion that spammers have been increasingly registering new domains within already existing, commonly abused generic top-level domains (as identified by Spamhaus).
“While there is, rightfully, a lot of concern about other types of malicious activity, it appears that in the very narrow category of mass spam, not only has there not been an uptick, but spam has fallen slightly,” the blog post concludes. “In addition, spammers are not taking advantage of the potential new anonymity afforded by GDPR to register new domains as part of new spam campaigns, at least not in the gTLD space.”
“Obviously, this can change at any time,” added the post, in a note of caution.