PGTS PGTS Pty. Ltd.   ACN: 007 008 568

point Site Navigation

point Other Blog Threads



  Valid HTML 4.01 Transitional

   Download Kubuntu Today

   Ubuntu

   The Power Of KDE + Ubuntu






PGTS Humble Blog

Thread: Internet Security/Malware/Spam

GP JPG
Gerry Patterson, The man who almost invented humble sarcasm tags(Invisible to non-sarcastic browsers)

Spam Statistics June 2012


Chronogical Blog Entries:



Date: Thu, 28 Jun 2012 20:30:58 +1000

As reported in May 2011, Spam seems to have peaked in 2010. Current figures indicate that the volumes of spam have declined from the 2010 peak and may have now reached a "steady state", with a pronounced seasonal variation.

In a previous blog post, your blogger proposed that spam may have peaked in 2009 and/or 2010. Unfortunately it is not possible to get an accurate picture because of changes in the way that data has been gathered.

The latest figures seem to confirm the trend observed in 2011. Spam seems to now follow a pronounced annual cycle with a large peak in September and an even larger peak in February. These peaks would co-incide with the end of Winter and the end of Summer in the northern hemisphere ... Or possible the end of Winter in the northern and the end of Winter in the southern hemisphere (?)

Spam
    Stats PGTS
Consolidated Stats PGTS Mailhub.

The measures used against spam at the PGTS mailhub have evolved over the years ... Initially the only defence consisted of RTBL technology and a manually maintained ACCESS list.

Soon it became apparent that an additional content filter was required. After some initial testing Spam Assassin was deployed in production across all inboxes (with procmail).

A final defence was added to integrate the firewall with Spam Assassin and reported incidents.

Unfortunately the records from RTBL rejections prior to May 2010 were not archived. The changes in configuration and archiving of records makes it difficult to compare the different figures.

This is because records prior to 2007 are from the manually maintained ACCESS list, and don't really compare well with the Spam Assassin list (post 2007).

The nearest thing to a consistent record since 2007 is the Spam Assassinated list (below):

Spam Stats
    PGTS
Spam Assassinated Stats PGTS Mailhub.

The peaks in Spam Assassinated data seem less prounounced ... It is probably fair to say that the Spam Assassinated mail has been more carefully crafted and has been dispatched from mail clients or servers that are better maintained than the general noise that is swatted down by RTBL.


There were some surprising results when total spam for the half year (Jan to June 2012) were compared with the country of origin (as calculated by IP address). Spain came out as the clear leader:

Spam Stats
    PGTS
Total Spam by Country Stats PGTS Mailhub.

Overall it seems that spam has levelled out. This is more likely due to economic and business constraints than the efforts of law-makers ... Most of which is a simple waste of space.


Is There Method In Their Madness?

Early in the previous decade, your blogger started some research into Spam arriving at the PGTS Domain. This resulted in a series of articles, which contained predictions about spam.

Some of the predictions were correct. However quite a few of them proved incorrect.

One of the trends your blogger noticed at the time was the adoption of spam by organised cyber-crime. A trend that has continued to the present day. This is probably one of the reasons that spam traffic now appears to conform with economic constraints ... Cyber-crime is a business after all, and like any commercial enterprise must make a profit in order to survive.

And it might be possible that these days, spam is considered old school? Perhaps all the modern cyber-criminals are busy constructing bots to crawl facebook pages?

Still there's no school like the old school, as they say ...

A recent article by Cormac Herley from Microsoft Research, proposes that the over-all viability of the business model for (so-called) Nigerian spammers is highly susceptible to time-wasting (false positives). This is because once the (so-called) Nigerian spammer has identified a mark, he/she must open email negotiations with the potential victim to prepare them for "the sting". And this preparatory work represents a considerable investment of time and effort. If the mark fails to convert after negotiations have commenced, the cost to the Spammer (in time and effort) can be considerable.

Herley uses possibly too much mathematics to prove the bleeding obvious. However he proposes the interesting thesis that the poor grammar and spelling, the improbable choice of role names and scenarios are in effect an anti-false-positive filter ... In other words the only person who would fall for it is likely to be ignorant and/or naive about the Internet and probably dull-witted ... Which is exactly the target audience! After all the scammer does not want to engage with someone sharp-witted and well informed about 911/Mail Fraud and Internet scams (Note: the same thesis would apply for penis enlargement scams which often include the strategy of sexual arousal -- a time honoured method of making human males dull-witted).

Whether the scammers have deliberately contrived their spam to appeal to the bottom rung of the IQ ladder, or whether it has naturally evolved this way by old-school Darwinian selection is of academic interest only. Spammers have to make a profit, and wasteful or unprofitable activities might force them to seek other employment ... Mr. Herley has an interesting thesis and it certainly may explain the apparent stupidity and banality of 911 emails.

It also suggest that spam-baiters, if they can pass themselves off as less intelligent may end up costing 911 scammers a lot of effort.

Of course there is always the worrying possibility that some spammers keep on spamming because they just love their work ...


Other Blog Posts In This Thread:

Copyright     2012, Gerry Patterson. All Rights Reserved.