How the Sender Community Can Help Fight Spam

Neil Schwartzman
By Neil Schwartzman
Senior Director, Security Strategy, Receiver Services

In my role as chair of the Canadian Coalition Against Unsolicited Commercial Email, I recently gave a presentation to law enforcement and policy makers in the European Union. The intention was to alert them to the seriousness of zombie botnets threatening the infrastructure of the internet.

Thinking back on what I said to that group, I realize now that the only way we are going to take back the internet is to do what the bad guys did a long time ago: Break down the walls between the good guys and get us all rowing in the same direction.

Spam has evolved from amateurish to professional in the last several years. There is disturbing evidence that organizationally the walls between the virus-makers, hackers, spyware creators and botnet herders have broken down. These previously disparate groups are now working in concert in a way that is leading to increasingly sophisticated, online criminal activity.

In 2001 spammers began the distribution and use of virus programs which would install an open proxy on infected machines, allowing them to send email via desktop computers, unbeknownst to the owner of the machine; effectively marking the first collaborative efforts between spammer and virus makers, putting the ability to infect massive numbers of computers by way of spam into the hands of hackers, and the ability to send mail from millions of infected computers into the hands of the spammers was a natural synergistic relationship.

Today we see tens of millions of infected computers, with the result being an unprecedented acceleration in the amount of spamming and phishing seen across the internet. Consider:

  • Symantec now sees 900 unique phishing URLs daily
  • Netcraft saw 41,00 phishing URLs in 2005. In 2006, they spotted an incredible 609,000 verified phishing payload sites online.
  • The Anti-Phishing Working Group saw a six-fold increase to 38,000 phish in October 2006 from the previous year.
  • AOL reported that they blocked half a trillion spam emails at the entrances to their network in 2005
  • Ironport reported an estimated average of 63 billion spam sent daily in October, 2006. In November they measured two daily mega-spikes hitting 85 billion

Phishing is impacting us all; the latest studies show that as many as 90% of consumers polled expressed deep scepticism in their ability to conduct business safely online.

So what can you do?

It is imperative that senders participate at the highest levels in the conversations around phishing and spamming. We can turn back the criminals who are threatening to take over the internet, but only with participation by all stakeholders. This includes technical, legal and government relations representatives, marketing, and mid- and executive-level administration staff members. All sectors – government (policy and enforcement), educational, infrastructure operators, financial institutions, and more must actively participate in coordinated efforts towards a solution.

Of course, one way for senders to help in this fight is to work continuously to keep their own email stream as clean as possible to help receivers distinguish the good from the bad. By keeping your list clean, maintaining a good infrastructure and implementing authentication standards, you are arming receivers with information that helps them identify the bad actors and block their access to the inbox.

And let’s be 100 percent clear about something: legitimate commercial senders should want receivers to block spam and phish from end users inboxes. These messages erode consumers trust in email and decrease its ability to drive response for good senders.

Senders can develop vastly better relations with the receiving community individually and by way of advocacy within their industry associations. In plain terms, it is time to start a dialog beyond deliverability issues. Spamming and phishing are problems that hurt both senders and receivers and we must work in concert to eradicate them.

You can read an expanded version of this post here.

minute read

Popular stories

Products

BriteVerify

BriteVerify email verification ensures that an email address actually exists in real-time

DemandTools

The #1 global data quality tool used by thousands of Salesforce admins

Everest

Insights and deliverability guidance from the only all-in-one email marketing solution

GridBuddy Cloud

Transform how you interact with your data through the versatility of grids.

Return Path

World-class deliverability applications to optimize email marketing programs

Trust Assessments

A revolutionary new solution for assessing Salesforce data quality

Solutions

Validity for Email

Increase inbox placement and maximize subscriber reach with clean and actionable data

Validity for Data Management

Simplify data management with solutions that improve data quality and increase CRM adoption

Validity for Sales Productivity

Give your sales team back hours per day with tools designed to increase productivity and mitigate pipeline risks in real-time