is the end near for spam?

Security developers all seem to agree: spam is on the decline! But even if the volume of spam has diminished since its glory days, does this really mean spam is dead? Not quite. The beast is still kicking, and is now using more insidious methods.

a notable drop in “traditional” spam

How do we observe this decline? Security developers often publish an annual threat report. Some, like Symantec, even provide weekly spam reports. Rankings are compiled based on observed spam. Developers then analyze trends based on these rankings.

According to Kaspersky, spam reached a five-year low in 2012. By the average annual rate, only 72.1% of e-mail is spam! That’s a far cry from just a few years ago, when the spam level reached 95%.


why is spam on the decline?

1 – battling the botnets

Developers agree that campaigns to eliminate certain botnets have helped cut down on spam considerably. According to some estimates, shutting down two command servers on the Grum network in summer 2012 led to an 18% drop in spam. But these figures are hard to confirm, especially since Spamhaus and Symantec have unfortunately found that as soon as one botnet is shut down, another takes its place. In this case, Grum’s downfall led to the rise of Festi. And now that Festi is lying dormant, we can only wonder what’s next.

2 – e-mail is no longer top dog

E-mail is no longer the preferred method for transmitting viruses. The percentage of attachments containing viruses has plummeted. According to Cisco and Kaspersky, only 3-4% of spam still contains attachments with viruses.

3 – protective measures are increasingly effective

Anti-spam measures used by businesses often combine antivirus software, blacklists, DNS request analysis, lexical analysis and heuristic analysis: it’s becoming increasingly difficult to get spam through all these layers of defense.

spam 2.0 on the horizon?

The fight against spam has upped the cost per click (the amount spent for each click on a link in a spam message) for spammers. This has forced spammers to find new ways to keep costs down.

Showing good economic sense, spammers have learned a few tricks from viral marketing and have made the following realization: you have to take advantage of message systems powered by social networks and use viral techniques that remain largely unmonitored. For example, you post an offer for a smartphone at a low price and then let the social network go to work. The more likes and reposts your post gets, the more it will be seen by users who will then open the ad and pass it along.

Spammers quickly realized it was much cheaper to create fake commercial websites, post real ads on legitimate web 2.0 sites and take advantage of the power of social networks to launch their gimmicks. This is the biggest trend in the new form of spam 2.0!

One last figure: according to Kaspersky, the price per click for traditional spam is as high as $4.45, compared with just $0.15 for a real ad for a fake site on Facebook!

We might ask, when will we see effective anti-spam measures on our browsers and social network message systems? The answer is certainly soon.

It’s not all peaches and cream just yet, but we can still relish the positive side of all this, that traditional spam is on its way out and no one is going to miss it!


This blog post was originally published in French here.

photo credit: © Kromosphere -

Philippe Macia

After previously working as a training manager, on-site IT officer, pre-sale technical officer, and customer service manager, I joined the Orange Business security team as a product manager. I’m very committed to the user experience and easy administration of the solutions we create. My watchwords: knowledge sharing, logic, pragmatism and simplicity.