Easiest Prediction Ever: Spam Will Suck in 2010

by J.D. Falk
Director of Product Strategy, Receiver Services

Hey there, fellow spam fighters. Read this quick, because any second now all those infected machines that were powered down over the holidays will boot up, get fresh orders from their bot masters, and start sending spam again. Most of ’em already have.

We’ve published a bunch of predictions recently, because that’s apparently the cool thing to do. Here are our thoughts on how those same trends (plus a few more) will affect you, the spam fighter, as you work to reduce how much unwanted crap your users see in their inboxes.

Email Still Isn’t Dead

You’ve seen the stats: Facebook and Twitter aren’t replacing email, they’re sending email. This will continue in 2010, and become more complex now that Facebook wants application developers to ask users for their email addresses in order to send them notifications them directly.


This’ll be the year when your bosses finally give you the resources to get serious about outbound spam from your users (including those same Facebook app developers).

If it’s not already in your budget, send ’em MAAWG’s Common Best Practices for Mitigating Large Scale Bot Infections in Residential Networks, and Best Practices for the Use of a Walled Garden, and remind them how much good press Comcast got for their Constant Guard walled garden pilot project.


Whiskey Tango Foxtrot? Oh, apparently we’re talking about “not spam” votes, user reputation so you know whether their votes are worth counting, panel data, and all that stuff. Apparently some people in the deliverability consulting industry have just now realized that you’ve got logs, and aren’t afraid to use ’em.

But this kind of data is far more important for reducing outbound spam. Oh, you’re not yet mining log files to determine whether a particular webmail session is controlled by a human or a bot? You’re not watching authentication logs to catch modems hopping between IP addresses? You’re not tracking how many new accounts were opened with the same stolen credit card? In 2010, you’ll start.

DKIM & Reputation

DKIM has been around for a while now, but very few of the big brands have been willing to lock down all of their outgoing mail & ensure that it’s all signed — which they must do before you can safely block the unsigned stuff. This’ll improve somewhat in 2010 as new tools become available (including one from Return Path), but there’ll still be thousands of name-brand domains for the bad guys to spoof — and they will.

Meanwhile, the marketers are getting hot for domain reputation. What they may not realize is that it’ll only help them if they’re sending mail that already deserves a good reputation. You’ll keep working on it in 2010 to help reduce false positives, but your big honkin’ IP reputation system ain’t going anywhere — and neither is ours.

International characters in domain names

Υер, thiѕ’ll fоοl mסѕt uѕеrѕ.

Complaint Feedback

Your users already love to complain, and it’s never been easier to send those complaints to the people responsible. This year, we expect the IETF will remove the cruft from ARF and finally elevate it to an official standard.

Sharing is Caring

Now that you’ve created an informative postmaster site, established a complaint feedback loop, and started using our Certified whitelist, you’ve done enough for the email marketing industry. The rest is up to them (perhaps with our help.)

Instead, we predict that ISPs will share more ideas and information with each other in 2010 through MAAWG, the ETIS anti-spam cooperation group, the Anti-Phishing Working Group, maybe a couple others. We’ll also see more cooperation between those groups.

Another way you’ll be sharing is through our reputation network — the same network which powers the Sender Score, the Blacklist, and other data-driven products. This gives you a window into the larger world so you can see what your peers are suffering, rather than reacting only after the same thing starts hitting your own network.

IPv6 Doesn’t Matter Yet

Though the first few spam messages have been detected, there still won’t be enough email transferred over IPv6 networks in 2010 for you to need to rejigger your tools. That said, you should still start getting ready because in 2011 somebody big — probably Google or Comcast — will start moving over.

One idea we’ve heard floating around is to require a valid DKIM signature on all mail sent over IPv6, and establish a default-deny regime whereby only authenticated mail from whitelisted domains is accepted. Again, it won’t happen in 2010, but perhaps in a few more years.

Interactivity (it’s in the GUI for you and me)

We’ll see more experiments in 2010 as your pointy-haired product managers (hey, I kinda resemble that) chase the elusive shiny and try to make desktop, web, and mobile MUAs feel more like social networking. This could be very cool if it takes off, because if users only see messages from their chosen “friends” then they’ll never see the spam. I don’t think this’ll become commonplace in 2010, though. Maybe in 2012, after the Mayan calendar converges with IPv6 address notation and dread Cthulhu rises from the deep to consume our minds.


Hipsters have begun to rediscover Hormel’s SPAM™, and eat SPAM™ musubi ironically. In 2010 they’ll realize it actually does taste good (as long as you don’t think about what it’s made of), so SPAM™ will start to explode like bacon, peaking in 2012 right before dread Cthulhu consumes our minds (see above).


Yep, spam will suck in 2010, just like every year. Fighting it isn’t just a tough, thankless job — it’s your tough, thankless job, and we’re here to help.

Now stop wasting time on blogs, and get back to work.

minute read

Popular stories



BriteVerify email verification ensures that an email address actually exists in real-time


The #1 global data quality tool used by thousands of Salesforce admins


Insights and deliverability guidance from the only all-in-one email marketing solution

GridBuddy Cloud

Transform how you interact with your data through the versatility of grids.

Return Path

World-class deliverability applications to optimize email marketing programs

Trust Assessments

A revolutionary new solution for assessing Salesforce data quality


Validity for Email

Increase inbox placement and maximize subscriber reach with clean and actionable data

Validity for Data Management

Simplify data management with solutions that improve data quality and increase CRM adoption

Validity for Sales Productivity

Give your sales team back hours per day with tools designed to increase productivity and mitigate pipeline risks in real-time