Sometimes I hear people or read writers that say things about spam that are incorrect.  I thought I would clear those up in this blog post.

  1. December is spam season

    When the holidays roll around, people start warning other people to watch their inboxes – December is spam season!  By that, they mean that more spam than normal flows around the Internet.

    People say this because December is the holiday season.  Since spam is another form of advertising, and advertisers pepper us with ads during this time, then spammers must do the same.

    It makes sense except it’s not true.

    There are some years where spammers send more mail, but not every year.  To measure this, I compared the month of December’s spam volume to the preceding three months, and the three months following.  Below are the results for the past 6 years:

    image

    The red text above indicates where spam increased in December and fell off the next few months, which is what we would expect to see if spam really were seasonal.

    The graph above shows that sometimes spam increases, but sometimes it doesn’t.  It’s not consistent at all, and if it’s not consistent, then you can’t say that December is spam season.

    Spam volumes may go down because it’s the holiday season; with more people out on vacation, their computers are turned off (at work) and therefore, the number of bots in the spammers’ botnets are smaller and therefore they send out fewer spam messages.

    Whatever the explanation, Christmas is not the spam season.


  2. Most spam is about porn

    When people tell jokes about spam, they’re either about Viagra (or similar drugs) or about x-rated material.  When I first started working as a spam analyst in 2004, I saw lots of x-rated spam.  But I noticed that it was a smaller and smaller part of total mail.

    In 2009, I started keeping track of categories of spam.  Below are the results of how much porn spam accounts for:

    2009 – 5%
    2010 – 4%
    2011 – 4%

    It isn’t negligible, but it’s not even in the top 5 (it trails Pharmaceuticals, Products, 419s, Financial [refinance your mortgage, work from home] and Gambling – and has for years). Thus, while spam started out as a way to get people to buy x-rated services, today it’s mostly free.  Why buy it (kind of like music and movies)?  When that realization sunk in, spammers moved to more profitable ventures.


  3. IPv6 is a ticking time bomb and a bonanza for spammers

    The primary line of defense in spam filters are IP blocklists.  They improve spam effectiveness, save on bandwidth (because you can reject mail at the edge without accepting it), don’t waste server resources filtering unwanted mail, and don’t need mail servers to store spam in a quarantine.

    Because IPv6 adds so many IP addresses, it will be impossible to use IP blocklists:

    - IPs get onto blocklists because they send spam to honeypots.  Because there are so many IPv6 addresses, a spammer could send one spam per IP and then discard it forever.  It wouldn’t matter even if they hit honeypots because the IP would never be re-used.

    - Even if spammers re-used IPs, blocklists would be so large that back end servers would never be able to store, transfer or process them efficiently.

    Since the world is on a march to IPv6, it’s only a matter of time before spammers use it as a floodgate to avoid IP blocklists and mail servers around the world become inundated under spam.  The end is near.

    Except it’s not true.

    It’s definitely true that IPv6 enables more devices to connect to the Internet, but there’s a big difference between connecting to the Internet and connecting to the Internet to send email.

    All email receivers know about the two problems I outlined above.  Thus, while pointy-haired bosses around the world all want to be on the cutting edge of IPv6 (Look at how state-of-the-art we are!), nobody who receives email is enthralled about potentially receiving it over IPv6.

    Because of this, large email receivers are not planning to blindly receive email over IPv6 the way they do with IPv4.  Doing so would be swallowing a cyanide pill. It’s crazy!  Maybe something like a central whitelist will be created wherein if you want to send mail over IPv6, you have to be registered on that list to do it.  This is the model of “block the world and punch holes for your friends” but it’s more or less the same thing that Spamhaus’s PBL does.

    How many legitimate email services are there today?  10 million?  20 million?  There’s more people in the world, but not everyone needs their own email server.  And that’s the point – the problem is manageable if we all agree to not accept mail from anonymous sources on the Internet.

    Given how all mail receivers have skin in the game, and given that we worked together with DMARC, the future’s not as bleak as we think.


Those are three things I wanted to clear up.