Sudden Spam Drop Leaves Experts Baffled

Spam volume appears to have dropped to averages last seen in 2008 after an expected surge in bogus email over the Christmas period failed to materialize.

Estimating real spam volumes is notoriously difficult due to the tendency of spam to naturally ebb and flow over time and to the fact that no agency has a single view on the phenomenon. However, figures revealed in recent weeks by a number of companies that have compiled stats make curious reading: Every vendor's figures show a fall of some sort.

In 2010, according to Cisco's IronPort SenderBase, spam volume peaked in late summer before dropping by around a third month-on-month between September and December. The total volume in November and in December was noticeably lower than it had been for any other month during 2010.

Over at Commtouch, after a year-high spike in September, spam volume fell by around 30 percent between September and December 2010, mirroring a fall in the number of zombie PCs detected by the company during the same period.

Illustration: Stuart Bradford
The spam volume index that UK-U.S. outfit M86 Security measures using honeypot domains fell by as much as half during December when compared to the numbers for the spring and summer.

None of the vendors' numbers showed the expected surge in spam over the Christmas period, traditionally a time when spammers boost their output.

As yet, no security company has come up with a reason for the fall, which is larger than the fall registered in late 2009, but still modest compared to the historic plunge that happened in late 2008 after rogue ISP McColo was shut down.

Given that no large ISPs or botnets have been shut down in the corresponding period, it could simply be a seasonal lull. It could also mark a change in tactics by spammers towards using channels other than conventional e-mail, such as social media, to reach computer users. According to a report by Websense in November, noted a marked rise in spam on Facebook and Twitter with as much as 10 percent of status updates on the former containing spam.

Subscribe to the Security Watch Newsletter

Comments