How to Stop Spam!

I’m often asked, is the volume of spam rising and what can be done about it. The short answer of course is that the volume of spam continues to rise and the technologies used to block them continues to become more sophisticated, and at the same time the expectation from customers on spam detection rates continue to rise. In a previous role at another security vendor, the target was to achieve greater than 95% detection of spam. Now at SophosLabs we monitor the catch rate constantly aiming to keep it will above 99%.

Actual catch rates don’t really matter though to be honest. It’s how many spam messages get through that really counts. If a user normally gets five spam messages a day, and then it increases to 10 a day, the user doesn’t (and shouldn’t care) whether its because the spam volume has doubled or the catch rate has dropped. It’s all about perception.

But how can we stop this rise in spam volumes, how can we reduce the number of spam messages arriving in inboxes, consuming valuable user time, not to mention bandwidth and storage.

Well, I’m pleased to say I have the solution.

Stop clicking on links in spam messages and stop purchasing goods from the spammers!

Spammers make money, not by sending spam messages, but by users clicking on the links and subsequently purchasing goods. If people stopped buying from them, the spammers would go out of business. It’s simple economics.

Surely it can’t be that simple, surely nobody clicks on links in spam? Actually, they do, and they do it a lot!

As well as blocking malicious websites, the Sophos Web Appliance also classifies links seen in spam as ‘Medium Risk’. Administrators can choose to block these URLs. Customers also have the option to opt into reporting data back to SophosLabs. From this data we can find out how many times ‘Spam’ URLs have been accessed. The results are really quite surprising.

In the first 12 days of this month, 0.11% of URL’s visited, were to spam URLs. Now that may not seem like much, but it is less than 1 in every 1000 page requests. Considering a single website may contain several individual elements that are separate requests, this is a very high percentage of all web traffic.

So if a spammer sends out a million messages, and gets a similar ‘hit’ rate, they will get 1100 visits to the website. If just one of those people purchase goods of a $10 value. You can quickly see that the more spam messages sent, the better the return.

Now I realise the logic (and the math) is an over simplification, but the simple fact is, people DO click on spam links and people DO purchase spamvertised goods. That’s why there is spam.

Isn’t it time you took the Sophos spam pledge?