Global spam volume has seen a big increase in February over past months: Cisco’s Senderbase shows a rise of 64% from January, from 77.3 Billion to 126.9 Billion emails. The effect of shutting down many spam operations by the authorities in cooperation with companies like Microsoft, Google and others has been watered down by this increase, sadly.
Last year, global spam volume had seen a steady decline from May 2012, dropping to a low point of 77.3 Billion emails in January this year.
The sharp increase in spam volume in February however has also seen many new malware-including emails being sent. This includes weight loss emails but also Facebook Services emails including links to shady websites.
Spam volume up? Quit email, security company says
A European security company called ‘The European Network and Information Security Agency’ even went as far as saying there should be a campaign to stop using email. The main reason noted is that email is insecure, and the receiver currently cannot correctly assess whether the email would be a threat or if it would be safe.
I don’t know about them, but I can’t think of a better communication method for businesses right now than email, even with all the bad stuff involved including spam, scam and phishing emails and such.
The ROKSO list, or the Register of Known Spam Operations, is a list of roughly 100 spam operations managed by Spamhaus. Spamhaus notes on the ROKSO page that about 80% of all spam received by internet users in Europe and North America originates from this group. The group consists of 1 to 5 spammers per operation, which makes the total number of people involved between 300 and 400.
Below is part of the ROKSO list as of 19th Feb, 2013:
Luckily for first time offenders or non-professional spammers (that is, marketing departments that don’t know how to handle their lists correctly) there’s a 3 strikes method of putting spammers on the list. This means that you / your company must have been terminated by your ISP for at least 3 times for AUP (acceptable use policy) violations. After that, one gets listed on the ROKSO list, and IPs under control of the spam operation will be added to the Spamhaus Block List (SBL).
Spammers involved are those that see ISPs simply as throwaway resources: if and when they get caught, they’re already preparing to move their operation to a different ISP where they have already set up new IPs and domains.
For more information, check out the ROKSO faq on the Spamhaus website.
A botnet known as ‘Grum‘, responsible for sending out 18% of all spam has been taken offline by Atif Mushtaq from the malware intelligence lab called FireEye. After Cutwail and Lethic, it was the third most active botnet in the world.
Atif has posted the main characteristics of Grum in a blog post:
Grum has two different types of CnC servers:
CnCs that are responsible for serving configuration files and initial registration. I would refer to them as master CnCs.
CnCs that serve spam related activities. I would refer to them as secondary CnCs.
Grum uses hard-code IP addresses instead of domain names.
Grum is divided into small segments i.e., different malware builds talk to their own assigned set of CnCs.
There is no fallback mechanism once the main and secondary CnCs are down. That particular segment will be without a master. Read more
It seems as US federal government is really pushing forward on taking down botnets. After Rustock it’s now Coreflood being taken out of business. Also on deliverability: dead email addresses becoming spam traps by Benchmarkemail. Lastly the ClickZ article on risk vs reward of ESPs is definitely worth a read.
This week in email marketing news there’s a great email guide for the tourism industry, great news from the anti-spam front and some email template designs that have been reviewed on Twitter. Other than that there’s some great charts on mobile marketing as well. Take a look: