Wednesday, November 19, 2008

The great spam drought

Just a brief, anecdotal observation about spam. McColo, a US 'web host', was shut down last week. Said to be a major originator of spam, there were wildly varying estimates of the subsequent drop in spam traffic, from 50% to 88% down.

I have an older email address and a newer one. The older one was compromised at least five years ago, and I barely use it now. Current status: three spams in the past week.

With the newer email address, I was more cautious about giving it out willy-nilly. I only used it for sites/contacts I felt I could trust, reverting to the old one for sites I couldn't trust so well, but which wanted an email address.

This worked well for some time. But eventually the newer address was compromised, despite my best caution. Dead curious to know how this came about, but I guess I'll never know.

Earlier this year, I started using Spamfighter, which builds and updates its own database of email to block (said to be based on "a community filter where the users help each other to report spam"), as opposed to the traditional Baynesian (or similar) algorithms used to attempt spam detection. This tool came at the right time, because this year the trickle of spams to my newer email address became a torrent. Most of that was useless Russian-language emails, with a smattering of Viagra-type hawkers. Curiously, the Nigerian-style scammers didn't appear here - but they had slowed down substantially at the old address anyway.

McColo was shut down Wednesday 12 November (Sydney time). The recent spam record is as follows (nearly all these were caught by Spamfighter):
November 3rd: 5
November 4: 5
November 5: 17
November 6: 5
November 7: 10
November 8: 9
November 9: 15
November 10: 16
November 11: 17
November 12: 9
November 13: 2
November 14: 2
November 15: 0!
November 16: 3
November 17: 3
November 18: 1
November 19: 1
November 20: 0

- that's 10 in the past 7 days, compared to 78 in the 6 days prior. Roughly a drop of 87%. The estimates of professionals vary depending on methodology, which may relate to honeypots and how old the population samples are - ie the server shut down may have been responsible for the more recent proliferations of spam.

Although it's sobering to note that that loose community known as spammers will regroup around other servers, maybe we're in for a breather for a while. And it's good to know that one simple action can have such a beneficial effect. It would be rather pleasant to see spam reduced to a minor annoyance rather than a deluge.

No comments: