Why It's So Hard to Can Spam
Spam costs U.S. companies billions in additional equipment, software and manpower needed to combat the problem. What can we do about it?
According to the 2007 Annual Communications Intelligence Report by California-based email security company Postini (acquired by Google (GOOG) earlier this month for $625 mln in cash), spam represented nearly 94% of all email at the close of 2006-the highest level ever recorded by Postini and up 12% from a year earlier.
In December alone, Postini intercepted 25 bln spam messages-an all-time high. Currently, Postini blocks approximately 12 spams for every legitimate email.
In 2006, the volume of spam rose 147%, says Postini. The increase resulted in a 334% increase in e-mail processing requirement for companies. It also says that nearly 80% of businesses experienced at least one communications outage of a half-hour or more in 2006, and 25% experienced three or more outages due to spam-related bandwidth "traffic jams."
"This is causing the e-mail infrastructure of many businesses to melt down," Postini's executive VP of worldwide marketing Daniel Druker told Information Week. "Nobody budgeted for four-and-a-half times more infrastructure capacity in one year."
Spam is not a new phenomenon. It's been around since the Internet was the Arpanet, developed by the Department of Defense's Advanced Research Projects Agency (ARPA) to allow communication between a network of government and university computers.
The ARPANET development team, 1969
On May 1, 1978, at 12:33 EDT, the first-ever spam e-mail was sent out to 600 ARPANET addresses on the West Coast by Gary Thuerk of the Digital Equipment Corporation. Thuerk chose his recipients from a printed directory of users, not unlike a traditional phonebook.
It read, in part:
DIGITAL WILL BE GIVING A PRODUCT PRESENTATION OF THE NEWEST MEMBERS OF THE DECSYSTEM-20 FAMILY: THE DECSYSTEM-2020, 2020T, 2060, AND 2060T.
WE INVITE YOU TO COME SEE THE 2020 AND HEAR ABOUT THE DECSYSTEM-20 FAMILY AT THE TWO PRODUCT PRESENTATIONS WE WILL BE GIVING IN CALIFORNIA THIS MONTH. THE LOCATIONS WILL BE:
TUESDAY, MAY 9, 1978 - 2 PM
HYATT HOUSE (NEAR THE L.A. AIRPORT)
LOS ANGELES, CA
THURSDAY, MAY 11, 1978 - 2 PM
DUNFEY'S ROYAL COACH
SAN MATEO, CA
(4 MILES SOUTH OF S.F. AIRPORT AT BAYSHORE, RT 101 AND RT 92)
Gary Thuerk, godfather of spam
Negative reaction was swift. Major Raymond Czahor, chief of the Arpanet Management Branch of the Defense Communications Agency, sent out a system-wide response:
ON 1 MAY 78 DIGITAL EQUIPMENT CORPORATION (DEC) SENT OUT AN ARPANET MESSAGE ADVERTISING THEIR NEW COMPUTER SYSTEMS. THIS WAS A FLAGRANT VIOLATION OF THE USE OF ARPANET AS THE NETWORK IS TO BE USED FOR OFFICIAL U.S. GOVERNMENT BUSINESS ONLY. APPROPRIATE ACTION IS BEING TAKEN TO PRECLUDE ITS OCCURRENCE AGAIN.
Today's spam has a much greater negative effect than Digital Equipment's "flagrant violation" ever could have. The Securities and Exchange Commission estimates that 100 million "pump-and-dump" email messages touting penny stocks are sent each week, with traffic rising by 66% last year.
A research report by Oxford University & Purdue University called "Spam Works: Evidence from Stock Touts and Corresponding Market Activity" found that before brokerage fees, the average investor who buys a stock on the day it is most heavily touted and sells it two days after the touting ends will lose close to 5.5%. For those touted stocks with above-average levels of touting, a spammer who buys on the day before unleashing touts and sells on the day his or her touting is the heaviest, on average, will earn 4.29% before transaction costs.
"By the time an investor realizes that the increase in stock price is the result of a phony and orchestrated campaign, it is too late to get out without taking a loss," said Purdue assistant professor of finance Laura Frieder.
Click here to enlarge.
Aside from spam that attempts to glean confidential information, like passwords, account numbers and the like from targets, spam also takes time to sift through and delete. Email expert Michael Osterman estimates that an employer can lose up to $1,500 of productive time annually for every email user. In an organization of 1,000 email users, that represents a loss of $1.5 million in productivity every year.
San Francisco-based Ferris Research estimates that, beyond lost productivity, spam costs U.S. organizations billions in additional equipment, software and manpower needed to combat the problem. Which is what e-security companies like McAfee (MFE), Symantec (SYMC), and IronPort (acquired by Cisco Systems (CSCO) in June for $830 mln in cash and stock) are banking on for their own growth.
Spammers are primarily members of organized crime syndicates, scattered throughout the world. The Spamhaus Project, an international non-profit anti-spam organization based in Geneva, Switzerland and London, and run by a dedicated team of 25 investigators and forensics specialists located in nine countries, publishes something called the "Register of Known Spam Operations (ROKSO)" which lists the worst of the worst professional spam operations worldwide for the benefit of Internet Service Providers and law enforcement agencies.
This week's top 10 includes:
4 spammers from Russia
2 from Ukraine
1 from Hong Kong
1 from Israel
1 from Australia
1 from the United States
The top 10 worst ISPs (by total number of known spammers operating on their networks)include some little-known names like mzima.net (#9) and cnuninet.com (#8). However, the #4 spot is taken by a familiar one-AT&T (T). Sitting atop the list is Verizon (VZ).
AT&T and Verizon surely aren't complicit in this. It's simply impossible to "put the toothpaste back in the tube," what with spam forums making it possible for anyone at all to learn how to "hijack" computers and control them remotely from the other side of the planet. In fact, a simple Google search turned up a posting from a group calling itself the SpYxTeaM of Bucharest, Romania, and offering to "crack any account made on this domains Yahoo, Gmail, Hotmail, MSN, AOL or Rediff. Our fee is the most cheap on the net - 40USD - because we have new technologies in getting a mail password, and usually we get a mail password in 1-14 days."
Subsequent posts from people showing interest came from, to list but a few, Bulgaria, India, Afghanistan, South Africa, Nigeria, and Cote D'Ivoire.
In the Asia-Pacific region, 88% of e-mails coming from the Philippines are spam-significantly higher than the worldwide average of 59%.
Filipino spammers should consider themselves (relatively) lucky. While American spammers like Robert Alan Soloway, indicted in May by the federal government on 35 counts, including mail fraud, wire fraud, money laundering, and aggravated identity theft, do time at places like the Sea-Tac Federal Detention Center, where he is awaiting trial as Inmate # 37427-086, those who get caught spamming in Manila, at least have the chance to do time at a place like this:
Copyright 2011 Minyanville Media, Inc. All Rights Reserved.
Daily Recap Newsletter