Botnets and viruses and phishing, oh my!

MessageLabs released their monthly report on email threats yesterday. Many media outlets picked up and reported that 41% of spam was from a the Rustock botnet.
Other highlights from the report include:

  • Spam accounts for over 92% of all email.
  • 95% of spam was sent from botnets at the end of July 2010.
  • One in 327 emails contains malware and one in 363 emails is a phish.
  • The number of rustock infected machines is falling, but the amount of mail each one is sending is increasing.
  • More than 107 billion emails are being sent through botnets every day.

The end of the report things that, to my mind, should be of significant concern to legitimate marketers. Spammers are adopting tactics from marketers in order to hook users and probably evade detection by ISPs. These include personalizing email (examples) and using image only spam (examples).
One of the recommendations that I’ve repeatedly made here is that legitimate senders should not do things that make their mail look like spam. Sending image only emails is one way for marketers to look like spammers.
The other thing that stands out to me from this report is how small the percentage of legitimate marketing email is. 92% of email is spam. Let’s assume that no one reading this blog is part of that 92%, that means only 8% of mail is not-spam. How much of that is marketing is probably up for debate, but I don’t think that more than 50% of legitimate email is marketing (the other 50% is mail from friends and family, social networking notices and discussion groups).
With those numbers, I can understand why ISPs don’t focus as much as some marketers might like on false positives with spam filtering. In percentage terms it is a tiny fraction of mail and most consumer ISPs provide end users with the ability to override bulk foldering if the recipients really want that mail.
ISPs are the front line against criminals on the Internet. Blocking email is one of the primary ways they protect people. Given the extent of spam and malevolence of spammers they are to be commended for creating systems that have such a low percentage of false positives.

Related Posts

And the ugly…

Getting back to my series on the good, the typical and the ugly in the ESP field, and there is some very ugly out there. I have 3 examples of the ugliness out there and what ESPs and legitimate senders are competing with.
The fake ESP
A spammer approached me early on in my consulting career, asking me to help him set up a fake ESP. He wanted to set up his corporate network so that to an outsider it would look like he was selling ESP services and thus had a large number of customers. There wouldn’t be any customers, however, all the mail would be coming from his company. When the blocking got bad enough, and it would as he would purchase addresses from anywhere, he would “disconnect” the responsible customer. My role was to help him come up with a plausible sounding acceptable use policy and then contact the ISPs when he “disconnected” the customer. I declined to participate in this scheme. This doesn’t appear to have stopped him, though, if the rumors I hear are to be believed.
Waterfalling
Related to the fake ESP scheme is waterfalling. Spammers acquire lists of email addresses and then begin the process of cleaning them by mailing. In some cases, they mail through fake ESPs, as above. In other cases, they actually spread their traffic out across legitimate ISPs. As they mail the lists through the ESPs, they remove unsubscribes, bounces and complaints. When the list reaches a set cleanliness, they move it to another ESP. They repeat this, gradually moving through cleaner and cleaner ESPs. Eventually, they move the list to their own network and sell mailings to it as an opt-in list. It’s not opt-in, it’s just cleansed of all negative responders.
The companies abusing ESPs to clean their lists do tarnish the reputation of ESPs. While the responsible ESPs do disconnect the waterfallers, they usually do so after problems are detected. That being said, there are some companies that are constantly looking for “partnerships” at ESPs and the ESPs turn them away during the sales cycles.
Affiliates
While not necessarily an ESP problem there are some large companies out there that hire spammers to send acquisition email for them. They also send their own mail, both marketing and transactional, through ESPs. The issue for ESPs come when the URL blocks happen and the bad reputation of their customer’s mail bleeds back to the ESPs IP addresses. The ESP becomes known as “one of those places that mails for X” and their reputation falls accordingly. In some cases, even if the mail through the ESP is clean and opt-in, the ESP finds itself blocklisted for just doing business with a company that hires spammers.
I’ve had a couple clients recommended to me by ESPs because the ESP was dealing with a persistent spam block around this particular customer. The mail the customer sent through the ESP was opt-in, but the client was using an extensive network of affiliates to send spam for them. I collected a lot of examples of their spam from various affiliates, even gave them a couple of examples from my own email addresses. One of those addresses has not been actively used in 6 years. My client tells me they talked to their affiliates and that the affiliate assured them I had signed up, I just forgot. The client chose to believe the affiliate over me, despite the fact that I had many other examples. That client lost their ESP (and good for the ESP) but is still sending spam. I just got one advertising their stuff yesterday, at the same address I gave to them years ago, all images, hashbusters, domain hidden behind proxy, coming from a snowshoer network.
All of the companies I’ve talked about here describe themselves as legitimate email marketers. Even the company telling me I opted in to their mail was defending themselves and their affiliates as legitimate email marketers.

Read More

Bad year coming for sloppy marketers

MediaPost had an article written by George Bilbrey talking about how 2010 could be a difficult year for marketers with marginal practices. George starts off the article by noticing that his contact at ISPs are talking up how legitimate companies with bad practices are causing them problems and are showing up on the radar.
This is something I talked about a few weeks ago, in a series of blog posts looking at the changes in 2010. The signs are out there, and companies with marginal practices are going to see delivery get a lot more difficult. George lists some practices that he sees as problems.

Read More

Legitimate mail in spamfilters

It can be difficult and frustrating for a sender to understand they whys and wherefores of spam filtering. Clearly the sender is not spamming, so why is their mail getting caught in spam filters?
I have a client that goes through this frustration on rare occasions. They send well crafted, fun, engaging content that their users really want. They have a solid reputation at the ISPs and their inbox stats are always above 98%. Very, very occasionally, though, they will see some filtering difficulties at Postini. It’s sad for all of us because Postini doesn’t tell us enough about what they’re doing to understand what my client is doing to trigger the filters. They get frustrated because they don’t know what’s going wrong; I get frustrated because I can’t really help them, and I’m sure their recipients are frustrated because they don’t get their wanted mail.
Why do a lot of filter vendors not communicate back to listees? Because not all senders are like my clients. Some senders send mail that recipients can take or leave. If the newsletter shows up in their inbox they may read it. If the ad gets in front of their face, they may click through. But, if the mail doesn’t show up, they don’t care. They certainly aren’t going to look for the mail in their bulk folder. Other senders send mail that users really don’t want. It is, flat out, spam.
The thing is, all these senders describe themselves as legitimate email marketers. They harvest addresses, they purchase lists, they send mail to spamtraps, and they still don’t describe themselves as spammers. Some of them have even ended up in court for violating various anti-spam laws and they still claim they’re not spammers.
Senders are competing with spammers for bandwidth and resources at the ISPs, they’re competing for postmaster attention at the ISPs and they’re competing for eyeballs in crowded inboxes.
It’s the sheer volume of spam and the crafty evilness of spammers that drives the constant change and improvement in spamfilters. It’s tough to keep up with the spamfilters because they’re trying to keep up with the spammers. And the spammers are continually looking for new ways to exploit recipients.
It can be a challenge to send relevant, engaging email while dealing with spamfilters and ISPs. But that’s what makes this job so much fun.

Read More