AppRiver points to new spam evolution

The interplay between spammers and the anti-spam organisations that strive to stop their work from reaching inboxes is a well-documented - and extensively acted-out - game of cat and mouse. The technological arms race has swung both ways, always growing more sophisticated and always inviting speculation.

But recent events, say some anti-spam operators, have led to new expectations among the anti-spam operatives for what the future may hold.

Scott Cutler, executive Vice President at anti-spam and email security firm AppRiver said this week that new patterns in spam behavior, some just a month old, paint a picture of an infrastructure behind the unwanted email that may be more larger and more capable than the Internet community had previously imagined.

Not so long ago, around the end of 2005 and beginning of 2006, says Cutler, spam numbers were slipping. And some analysts had been speculating since 2004 that the sophistication in anti-spam technology might mean the end of spam by 2006.

That was, needless to say, not to be. And since the slipping numbers of early 2006, the situation has shifted mightily in favor of spammers.

"I remember looking at our own data in that mid-September range of 2006," says Cutler. "Our volumes went up between 4 and 20 times what they had been at the previous highs. We really started noticing this [during the summer]. The summer is usually a slack period. It's like the spammers take vacation also. You see less spam during the summer period. But in 2006 it didn't happen. The volume we saw over the summer period was growing. And starting around September we saw the volume skyrocket."

Along with the volume, the number of new campaigns increased, and rate at which those campaigns were mutating to avoid detection by anti-spam rules.

"The spammers are getting better," says Cutler. "Effectively what they're doing is they're trying to make the spam just like person-to-person communications. The more they can get rid of the contrast between what a spam message looks like and what a regular human-to-human email looks like, the more difficult it is for us. So we spend a lot of time trying to find those nuances that tip us off that this is not like a regular person-to-person email. They spend a lot of time figuring out how to morph the message into what looks like [one]."

Every day, AppRiver issues thousands of new signatures for identifying possible spam messages - between 2,000 and 4,000 before breakfast. Ordinarily, some of those rules demonstrate a particular strength at catching spam, and are kept in circulation as AppRiver's strongest rules. But that has changed. In the last month, the number of maximum-strength rules has dropped off, almost to none. Cutler says it's a change the company has identified as taking place on about January 24.

"I think somehow," says Cutler, "they're seeing feedback on when we're capturing it and when we're not. And as soon as they see us capturing it, they're starting a new campaign. Otherwise those rules would get stronger and stronger, but they've fallen off."

Obviously, given the nature of the game, Cutler can't say what AppRiver plans to do with that realization. But in a sense, it's more of the same.

Anti-spam firms are always reacting to what spammers send out. Their research teams can attempt to predict what spammers might try next, and when they're right put themselves in a position to react more quickly to new tactics. But ultimately blocking spam is about responding.

And forget about spam being dead by 2006, or by 2007 or any other year. In fact, says Cutler, the last year has revealed there may be more than anyone expected behind the curtain from which spammers operate.

Spammers quite possibly have the potential to produce spam faster, and in greater quantities than they already are. It may actually be the spammers maintaining the status quo as a matter of self preservation and profit - generating enough to make money, but not so much that the Internet community would consider a drastic and disruptive change to the Internet's basic systems. Spammers may be sitting on years worth of ideas, waiting to introduce them at a rate that won't disrupt their businesses.

"I wouldn't be surprised at all," says Cutler, "if they have all kinds of tricks up their sleeves. And if you talked to our think tank guys, they'd be willing to believe that it's true. They have lots of tricks up their sleeves, lots of things they can do to continue to randomise and deliver email. But they deliver it at a rate that's consistent with their goals and doesn't overwhelm the infrastructure to the point where some radical change happens that makes their world a lot more difficult to play in."

print this article

Return to hosting news headlines
View Hosting News Archive

Share with: