IETF Logo Mail Archive

Re: [Asrg] spam down?

Martijn Grooten <martijn.grooten@virusbtn.com> Sat, 26 January 2013 14:42 UTC

Return-Path: <martijn.grooten@virusbtn.com>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02AA921F84B9 for <asrg@ietfa.amsl.com>; Sat, 26 Jan 2013 06:42:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.185
X-Spam-Level:
X-Spam-Status: No, score=-8.185 tagged_above=-999 required=5 tests=[BAYES_40=-0.185, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YE6A-iMTvrF6 for <asrg@ietfa.amsl.com>; Sat, 26 Jan 2013 06:42:31 -0800 (PST)
Received: from mx6.sophos.com (mx6.sophos.com [195.171.192.176]) by ietfa.amsl.com (Postfix) with ESMTP id 2877E21F84B6 for <asrg@irtf.org>; Sat, 26 Jan 2013 06:42:30 -0800 (PST)
Received: from mx6.sophos.com (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id B74C37516B1 for <asrg@irtf.org>; Sat, 26 Jan 2013 14:42:28 +0000 (GMT)
Received: from abn-exch1b.green.sophos (unknown [10.100.70.62]) by mx6.sophos.com (Postfix) with ESMTPS id 90861751582 for <asrg@irtf.org>; Sat, 26 Jan 2013 14:42:28 +0000 (GMT)
Received: from ABN-EXCH1A.green.sophos ([fe80::67:3150:dacd:910d]) by abn-exch1b.green.sophos ([fe80::dc96:facf:3d2c:c352%17]) with mapi id 14.02.0247.003; Sat, 26 Jan 2013 14:42:29 +0000
From: Martijn Grooten <martijn.grooten@virusbtn.com>
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Thread-Topic: [Asrg] spam down?
Thread-Index: AQHN+8qOullVsN4E9UKSipftH4oAUZhbqwgp
Date: Sat, 26 Jan 2013 14:42:27 +0000
Message-ID: <0D79787962F6AE4B84B2CC41FC957D0B20B66F2A@ABN-EXCH1A.green.sophos>
References: <5103DC4E.4090004@mtcc.com>
In-Reply-To: <5103DC4E.4090004@mtcc.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.100.64.11]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [Asrg] spam down?
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Jan 2013 14:42:32 -0000

> First is there actual evidence that spam is on the wane?

I believe there is. Measuring spam is tricky, and different sources may use different definitions and methods, but all agree that the global volume of spam has declined over the past four years.

Note that a reduction from 80% to 67% would mean the volume of spam has halved, rather than reduced by 13%. I believe most sources claim that reduction, since late 2008 (the McColo shutdown), is even bigger than that.

> And if so,
> does it actually have to due in part with authentication? I'd be
> ecstatic to hear that the latter was true, but correlation is not
> causation.

I think it has little to do with that, but that it's mostly because botnets are able to spew out a lot less than they used to. The graph used here shows a strong correlation between drops in the volume of spam and big takedowns:

http://krebsonsecurity.com/2013/01/spam-volumes-past-present-global-local/

It's good to keep in mind that the spam "that's not being sent anymore" was relatively easy to block. See for instance:

http://www.lightbluetouchpaper.org/2009/07/17/how-much-did-shutting-down-mccolo-help/

Martijn.

________________________________

Virus Bulletin Ltd, The Pentagon, Abingdon, OX14 3YP, England.
Company Reg No: 2388295. VAT Reg No: GB 532 5598 33.

v2.23.0 | Report a Bug | By Email