William Jackson | Stats offer a clue to one more way of fighting spam
- By William Jackson
- May 14, 2009
Spam is on an upward trend, topping 85 percent of all e-mail in April for the first time in 19 months, according to the latest monthly threat report from e-mail security firm MessageLabs — now a part of Symantec. This is a sharp uptick from the 74 percent spotted in March, and it represents a rebound from a recent low of 68 percent in late 2008.
A lot of this unwanted or downright fraudulent traffic is image spam, which uses messages in the form of an image rather than text to avoid some filters.
Behind these apparently gloomy statistics, however, is a clue about a potentially effective tool for squelching spam. Maybe — just maybe — forcing the registrars of Internet domain names to act responsibly could deprive the spammers of the corners of cyberspace in which they operate.
Spam volumes took a nosedive in November 2008 after the shutdown of McColo, a hosting company based in San Jose, Calif., that was identified as the source of a lot of unwanted e-mail messages. This did not eliminate the problem, of course, and spammers immediately began retooling.
“Over the long haul, there is no reason to think that the decline is going to continue,” Sam Masiello, vice president of information security at MX Logic, said in March.
The figures for April show that Masiello was right. But they also show something else. Many of the top-level domains (TLDs) in which the spam images are being hosted are registered in China’s .cn domain. This probably is a result of the McColo crackdown, MessageLabs said.
“This may be as a result of many affiliates of the main TLD registrars associated with registering spam domains having to clean up their act and make it much harder to register such domains,” the report states. “As a result, spammers are forced to register domains overseas with registrars that seemingly do not have such stringent controls in place.”
So on one hand, spam is as bad as ever and getting worse. But on the other hand, shutting down one notorious hosting company forced many spammers to move offshore. This indicates that depriving bad actors of name space could help control the problem. If they moved to China because of less stringent controls, enforcing controls there could force them out of China, as well. True, at first, this could resemble a game of Whack-A-Mole. But over time, the number of holes available for these moles might be reduced to a more manageable number.
Silver bullets are unlikely, and this method is no exception. It works only when bad actors operate openly enough to be identified and are denied access to domains. Over the years, spammers and online criminals have shown a remarkable ability to adapt and fly under the radar of the best security tools. And there will always be hosting companies and registrars willing to turn a blind eye to questionable behavior of clients and customers.
But effective enforcement of existing policies still could be a powerful weapon in the ongoing battle against spam and other malicious online activity.
William Jackson is freelance writer and the author of the CyberEye blog.