Home / Blogs

Collecting Cybercrime Data: Can Signal Spam Be a Piece of the Puzzle?

The gathering of coherent data on cybercrime is a problem most countries haven’t found a solution for. So far. In 2011 it is a well known fact that spam, cybercrime and botnets are all interrelated. The French database Signal Spam may be a significant part of the solution to gather, analyse and distribute data on spam, phishing, cybercrimes and botnets, but also be a forum in which commercial mass e-mail senders and ISPs can work on trust. On Monday 14 February 2011 Signal Spam was presented in the Netherlands. The idea behind the day was that The Netherlands can copy the French system and thus have a spam reporting centre from which information is derived that the different stakeholders can use and respond to. Here is an impression and some thoughts.

Signal Spam

Signal Spam is, in short, a French public—private partnership that upholds a spam reporting database in which end users can report all forms of spam, suspicious looking unsolicited e-mails, phishing e-mails and unsolicited software. They register once with Signal Spam and add a plug into their e-mail program. With one click on the button they report the unsolicited messages to the database. Here analyses takes place on the aggregated data and information is linked. Reports on complaints and other data are sent to the different stakeholders. E.g., senders, vendors, ISPs, LEAs, banks, etc. They can take appropriate measures after receiving a report from Signal Spam. This can range from unsubscribing a recipient, to an investigation on breaches of the law or a public—private cooperation to disrupt the business of a foreign criminal organisation or the termination of a phishing site. Signal Spam is financed by the participating commercial parties, while privacy issues are over-viewed by the CNIL, the French data protection agency, who actively participates.

There is a greater implication to Signal Spam as spam messages are a major means that is used for criminal ends. Information gathered in the database could also be of use to botnet detection centres, cybercrime fighters and anti-terrorist organisations within and beyond French borders. Thus it could be one of the layers in a national cyber security initiative.

Where are we after 14 February 2011?

Presentations were given from very divers angles. Despite the fact that senders, ISPs, banks, vendors and LEAs all have a different angle of interest on the Internet, it was quite clear that they all share concerns and wishes. What I took back from the meeting was a sense of momentum in general. All parties present seemed to give of a message that something needs to be done, although it may not be clear exactly what. Next to that all are very much interested in a better information position from which to act. Despite the fact that the word “hostile” was used jokingly quite often, albeit with a serious undertone, it was quite clear that most in the room were looking for a way to trust each other. This could save cost and efforts in security all around. The proposition that empowering the end user could lead to information and aggregated data that will lead to a better information position for all was also commonly shared. In conclusion, this is a basis that justifies further investigation into Signal Spam adoption in the Netherlands.

Let’s not forget that The Netherlands has dropped out of the world wide spam top 10 from 2004 onwards coming from the number 3 spot in 2003. That identifiable Dutch language spam is not a common thing in mailboxes and that spam, at least for me, whether in my ISP mailbox or the international ones, is an exception. It led me to conclude that industry present in the room as a whole must be doing something right. Whether in subscriptions to and unsubscribing from lists, filtering and enforcing. This does not mean that these efforts can not be bettered.


Signal Spam offers several possibilities. Data gathered will better the information position of all parties concerned. Senders receive instant reports on messages perceived as spam by end users. This makes it possible to check on false positives and for possible abuse. ISPs and vendors can match this information with and better their filters. ISPs receive information on possible infected IP addresses in their networks. Hosters receive information on security breaches by one of their customers. Banks are warned about fishing attacks. LEAs better their information position as they receive reports on breaches of the law and can thus prioritize better. In general the low hanging fruit will disappear fast because of these efforts. Should all this come to be, this could create the environment in which the sought after trust between partners in Signal Spam comes about and security costs go down.

There is a prerequisite to all this. It is necessary that the different stakeholders participate in this initiative and take it forward.

The way forward

In the Netherlands the day ended non-committal. Most present shared the suggestion that the idea of Signal Spam was sound and deserved support if it was to be implemented. A first goal was achieved. Different stakeholders were together in one room and discussed their issues together. They will have to decide on a follow-up soon.

From what you could gather, Signal Spam is a product that can be shared with other nations. If you are interested to know more, visit the website and get into contact with the Signal Spam organisation. The more countries that join, the better the information position of stakeholders concerned will become. More data can be processed, analysed and linked, ensuring more cooperation, more problems handled and cases solved. Signal Spam may actually be able to make the world a bit safer for the end user.

By Wout de Natris, Consultant internet governance

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



New TLDs

Sponsored byRadix

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global


Sponsored byDNIB.com


Sponsored byVerisign

Domain Names

Sponsored byVerisign