NordVPN Promotion

Home / Blogs

Different Focus on Spam Needed

It is surprisingly difficult to get accurate figures for the amount of spam that is sent globally, yet everyone agrees that the global volume of spam has come down a lot since its peak in late 2008. At the same time, despite some recent small decreases, the catch rates of spam filters remain generally high.

Spam still accounts for a significant majority of all the emails that are sent. A world in which email can be used without spam filters is a distant utopia. Yet, the decline of spam volumes and the continuing success (recent glitches aside) of filters have two important consequences.

The first is that we don’t have to fix email. There is a commonly held belief that the existence of spam demonstrates that email (which was initially designed for a much smaller Internet) is somehow ‘broken’ and that its needs to be replaced by something that is more robust against spam.

Setting aside the Sisyphean task of replacing a tool that is used by billions, proposals for a new form of email tend either to put the bar for sending messages so high as to prevent many legitimate senders from sending them, or break significant properties of email (usually the ability to send messages to someone one hasn’t had prior contact with).

Still, if spam volumes had continued to grow, we would have had little choice but to introduce a sub-optimal replacement. The decline in spam volumes means we don’t have to settle for such a compromise.

Secondly, current levels of spam mean there is little threat of a constant flow of spam causing mail servers to fall over.

At the same time, one would be hard-pressed to find a user whose email is not filtered somewhere—whether by their employer, their provider, or their mail client.

Thus, looking at the spam that is sent isn’t particularly interesting as it provides us with little insight into the actual problem. What matters is that small minority of emails that do make it to the user—whether because their spam filter missed it, or because they found it in quarantine and assumed it had been blocked by mistake.

Equally important is the question of which legitimate emails are blocked, and why—and what can be done to prevent this from happening again in the future.

It is tempting to look at all the spam received by a spam trap, or by a mail server, and draw conclusions from that. They certainly help paint a picture, but in the end they say as much about what users see as the number of shots on target in a football match says about the final result.

Despite the doom predicted by some a decade ago, email is still with us—and we have won a number of important battles against spam. But if we want to win the war, we need to shift our focus.

By Martijn Grooten, Email, web security tester

Filed Under

Comments

Focus on what? Alessandro Vesely  –  May 1, 2013 11:09 AM

I agree that focus has to gradually change, but the article doesn’t seem to make the point clear.  It contains a couple of questionable or partial statements:

> The first is that we don’t have to fix email.

We have to fix email.  And we are doing it, albeit at a significantly slower pace than, say, http enhancements.  Email authentication and abuse reporting, for example, are currently experiencing some achievements.

> Still, if spam volumes had continued to grow, we would have had little choice but to introduce a sub-optimal replacement.

I’m not clear on third conditional there.  Spam and phishing are continuing to grow, at least in a cumulative sense.  A number of by-country sub-optimal replacements exist.  Their own local nature prevents them to be global solutions, but the risk of switching to such kind of infrastructure is non-zero.  The edges of those government-endorsed walled gardens can be joined in a way similar to how ITU standardized telephony several years ago.

> Despite the doom predicted by some a decade ago, email is still with us — and we have won a number of important battles against spam. But if we want to win the war, we need to shift our focus.

I share the optimism, and look forward to a second installment to explain what the new focus is.  A number of battles are not yet fully won, though.

We have to fix email. And Martijn Grooten  –  May 1, 2013 11:24 AM

We have to fix email. And we are doing it, albeit at a significantly slower pace than, say, http enhancements.
I'd say these are enhancements, not fixes. By fixes I would think of something that would replace SMTP, like HTTP 1.1 can be seen a fix for HTTP 1.0. I think enhancements of email are a good thing, and many of them are needed.
Spam and phishing are continuing to grow, at least in a cumulative sense.
But that's irrelevant, isn't it? It doesn't matter if a trillion, or a quintillion email messages have been sent in the past. No one has to deal with them any more. What matters is what happens now.
A number of battles are not yet fully won, though.
Sure - I agree with that.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Brand Protection

Sponsored byCSC

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix

DNS

Sponsored byDNIB.com

Cybersecurity

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

Threat Intelligence

Sponsored byWhoisXML API

NordVPN Promotion