Race between spammers and anti-spammers
By chienr on Apr 22, 2008
In recent months, several companies have released their statistics and outlook on spam.
- Postini blocked 47 billion spam messages, over 320 Terabytes of spam in October 2007 alone.
- Barracuda Networks reports that up to 95% of Emails are spam in 2007.
- Sophos suggests that 92.3% of email sent during the first quarter of 2008 was spam.
- Symantec Brightmail calls Europe the new King of Spam, taking the title from North America for the third month in a row.
- Google says incoming spam to Gmail is declining. Some disagree.
The race between spammers and anti-spammers has been going on for years, and spammers have the upper hand now and for the foreseeable future because their opponents are constantly playing defense.
As amazing as computers are at pattern recognition, randomizing a pattern is still magnitudes faster and cheaper than to resolve one. Take CAPTCHA for example. Or consider the number of turns it takes to scramble a Rubik's cube and to unscramble it.
The problem with current spam detection techniques is that they are largely built on pattern recognition, be it phrase filtering, Bayesian, fingerprinting, DNSBL, heuristic analysis or profiling. As soon as an anti-spam algorithm finds a reliable way of countering a certain kind of spam, all it takes for spammers to defeat that and to launch a new wave is to randomize their attack further, and it's back to playing catch up for the blockers. With the vast amount of resources these spammers have, their operation can only become more and more efficient.
Anti-spammers can't win by this strategy, no matter how good they become at it. If they want to win the race, they must start playing offensive, and by that I don't mean legal actions, because spammers are not regulated by any country.