Spam Down, Users Still At Risk

Brian Krebs recently posted on his blog, Krebs on Security, that spam has decreased significantly in recent years. Using data from Symantec’s MessageLabs, Krebs created a graph that shows spam volumes since 2007, and the peaks and valleys associated with bot takedowns and other major events are clearly visible. What’s also clear is that spam volumes are as low as they’ve ever been, and have been consistently low for over a year.

So, shouldn’t we all go celebrate? Has our blood, sweat, and tears finally resulted in user inboxes that are full of wanted email, free of spam, as well as safe and secure? Regrettably, no, that’s not the case. Anybody in the anti-abuse business knows that volume numbers never tell the whole story. Sure, users receive less of the blast spam of yesteryear – pharmaceuticals, stock tips, xxx – but that’s not where the story ends. On the plus side, getting rid of that junk means users have a better experience in their inboxes. Unfortunately, this makes them more trusting of the mail they receive each day, less able to tell the good from the bad. Add to this the fact that cybercriminals have become more sophisticated and phishing email is no longer reliably going to be from a bank you don’t even do business with.

Modern phishing campaigns are more targeted, and cybercriminals are less interested these days in getting your banking credentials. No, these days they want more. They are compromising individual user accounts, using those to gain the credentials of more accounts, to send spam, and to distribute malware.  As the volume of spam goes down, the threat level seems to go up.

The anti-abuse industry should be be thrilled at the progress they have made in fighting email spam. As Krebs mentioned, coordinated industry efforts have led to disconnecting rogue ISPs and taking down major botnets. But there is still much to do. Mailbox providers and senders need to work together to authenticate mail and reject suspicious mail that fails authentication. This protects users from receiving at least some of the phish email. And mailbox providers need to take it a step further and increase their efforts to curb outbound abuse by protecting users from compromises and stopping the creation of fake accounts. The more mailbox providers we can get to implement authentication and outbound abuse, the safer email users will be.

Here at Return Path, we provide tools to help mailbox providers do just that. To find out more about our Fraud Protection Services, or for assistance implementing authentication, please contact us.

minute read

Popular stories



BriteVerify email verification ensures that an email address actually exists in real-time


The #1 global data quality tool used by thousands of Salesforce admins


Insights and deliverability guidance from the only all-in-one email marketing solution

GridBuddy Cloud

Transform how you interact with your data through the versatility of grids.

Return Path

World-class deliverability applications to optimize email marketing programs

Trust Assessments

A revolutionary new solution for assessing Salesforce data quality


Validity for Email

Increase inbox placement and maximize subscriber reach with clean and actionable data

Validity for Data Management

Simplify data management with solutions that improve data quality and increase CRM adoption

Validity for Sales Productivity

Give your sales team back hours per day with tools designed to increase productivity and mitigate pipeline risks in real-time