Botnets and viruses and phishing, oh my!
MessageLabs released their monthly report on email threats yesterday. Many media outlets picked up and reported that 41% of spam was from a the Rustock botnet.
Other highlights from the report include:
- Spam accounts for over 92% of all email.
- 95% of spam was sent from botnets at the end of July 2010.
- One in 327 emails contains malware and one in 363 emails is a phish.
- The number of rustock infected machines is falling, but the amount of mail each one is sending is increasing.
- More than 107 billion emails are being sent through botnets every day.
The end of the report things that, to my mind, should be of significant concern to legitimate marketers. Spammers are adopting tactics from marketers in order to hook users and probably evade detection by ISPs. These include personalizing email (examples) and using image only spam (examples).
One of the recommendations that I’ve repeatedly made here is that legitimate senders should not do things that make their mail look like spam. Sending image only emails is one way for marketers to look like spammers.
The other thing that stands out to me from this report is how small the percentage of legitimate marketing email is. 92% of email is spam. Let’s assume that no one reading this blog is part of that 92%, that means only 8% of mail is not-spam. How much of that is marketing is probably up for debate, but I don’t think that more than 50% of legitimate email is marketing (the other 50% is mail from friends and family, social networking notices and discussion groups).
With those numbers, I can understand why ISPs don’t focus as much as some marketers might like on false positives with spam filtering. In percentage terms it is a tiny fraction of mail and most consumer ISPs provide end users with the ability to override bulk foldering if the recipients really want that mail.
ISPs are the front line against criminals on the Internet. Blocking email is one of the primary ways they protect people. Given the extent of spam and malevolence of spammers they are to be commended for creating systems that have such a low percentage of false positives.