In today's Security Levity, I've got more on the outbound spam problem. Back in April, I argued that it's critical for networks to block outbound spam, to protect your reputation and the deliverability of your email. I also said that outbound spam can be a symptom of far more damaging problems, specifically malware that could damage your business. Today, I want to talk about an independent study that sheds more light -- and hard data -- on these issues...
Osterman Research conducted a study that clearly illustrates the threat posed by outbound spam. In the study, Michael Osterman concludes, "Outbound spam is a serious issue and it is getting worse."
In many ways, Osterman goes further than I did back in April:
There are a number of sources that can generate outbound spam, including compromised accounts, zombies and malicious users. Conventional anti-spam techniques and technologies are not effective in the fight against outbound spam and can result in a very high level of false positives, disgruntled customers, higher costs and lost business.
The report is backed by a survey that adds hard data to the conclusions. For example:
- Almost 40% of ISPs said that their IP addresses "have been blocked or blocklisted at some point during the last 12 months."
- More than 85% of ISPs "are actively battling zombies in their networks."
(In fact, that first statistic is misleading: it of course refers to the number of ISPs who know that they were blocklisted; but many will be unaware of the fact. The truth is that almost 100% of ISPs had blocked IPs in the last year.)
For ISPs, an emerging risk is churn: customers will switch service providers if their current provider isn't effectively addressing the outbound spam problem. You can no longer assume that users are ignorant of the problem, or that the grass may be greener at one of your competitors!
- More than 10% of ISP users "are currently part of a botnet that is being used for sending out spam."
- 55% of end users said that they would "probably" or "definitely switch to a new provider that blocked only zombies, not innocent users."
Osterman argues that outbound spam is a serious issue and it's getting worse. It's not good enough to simply take an anti-spam solution that's designed for inbound filtering and "spin it around" to filter outbound spam. Although the two tasks share some similarities, they are distinctly different.
Spam destinations are diverse and not within the spammer’s control. However, the source -- i.e., the zombie or compromised account -- can be monitored by the spammer. Spammers can try some test sends to other accounts to which they have access.
As I explained last month, if the messages are blocked at the source with outbound spam filtering, the spammer can modify the messages and try again. Rinse and repeat until they're no longer blocked; then send the spam campaign.
In order to block such spammer tricks, an outbound spam filtering solution needs to:
- React to changing patterns in real time.
- Block the spammer, not just the spam.