Reading like a teaser from an unwritten Joseph Heller novel, the architects of the Internet could never have been expected to see it coming. The global collection of networks, so expensively and thought-consumingly put together to further the cause of human inter-communication, is now being used to transport trillions of messages nobody wants to read.
Hour after hour, day after day, these messages circulate and proliferate, and even the software industry that has sprung up to counter the nuisance can only give us a general idea how much of it there is, at what rate it is increasing and how much damage it might (or might not) be doing to people’s confidence in the medium.
If nobody wants to read all this electronic verbiage then why continue to let it be sent? At the moment the answer seems to be the core of a Helleresque absurdity. To continue to send and receive the communication we do value we must tolerate – and indirectly pay for – a vast amount of stuff we don’t value. We have come to think of spam as a sort of “white noise” tax on meaningful communication.
In fact, spam is now far from a passive medium that merely annoys us. It has become the favoured means of spreading viruses, initiating the download of increasingly sophisticated Trojans, and of opening a channel for information theft. The sub-plot of criminality is rapidly growing to take over the whole spam story.
What we do know is that there is a lot of it. Estimates of the total number of emails being sent daily vary considerably but it is in the billions for sure. How much of this is actually bulk spam is hard to gauge, but the most recent estimates from anti-spam vendors, MessageLabs, Tumbleweed and Symantec Brightmail range from 67 percent to 90 percent or more.
Vendors use different methods to determine spam volumes (setting up “honeypots” to attract it, for example), and it also appears to matter whether you measure traffic through ISPs - where much is now filtered out - or to corporate email servers, where filtering is somewhat less established. There is some evidence that spammers are now targeting company workers. An increasing volume, and possibly the majority, now comes from so-called “zombies” – ordinary PCs hijacked to re-mail a spammer’s messages.
It might be hard to guesstimate whether actual spam volumes are rising as rapidly as in the recent past, but there is no doubt that the volume motivated by organised criminality is growing steadily. MessageLabs puts fraud and scam email at a quarter of overall spam volumes, and some estimate it to be higher still. This is the figure that needs to be watched beyond the catastrophic predictions that bulk spam will account for close to all email in short order.
In an industry that likes to frighten people, it is surprising to swap emails with one Stephen M. Canale, “anti-spam evangelist” for anti-spam service provider OnlyMyEmail . He agrees with the pessimistic view that spam now consumes a large percentage of the total email volume, but is conservative in his estimates of its criminality. Straight phishing now accounts for 1.45 percent of all email traffic through the company’s servers (which he claims to be large) in a recent 2-week period, with easily identifiable fraud now accounting for a further 3.49 percent.
This sounds like good news against the much higher figures, but consider the wider context. One in twenty of all emails is now criminal in intent, a front for organised theft of money or information. What sets this five percent apart is not its volume but how likely it is to succeed. The potential for spam to undermine email as an application is now the risk it poses not the apparent mindlessness with which it multiplies.
You hope somebody somewhere is collecting spam, because one day in the future students of “spam studies” will find it all quite telling. They’ll ponder the curious parallels between all this unwanted email and global society’s deeper anxieties. Health and sexual neurosis, consumerism, debt, pornography.
They’ll also note how it helped transform underground scamming into a realm of super-industrialised criminality that set out to mug each and every person unfortunate enough to have an email address.
Thoughts, impressions, disagreement? Mail [email protected]