View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 30, 2014

Let’s talk about spam

Don't forget the threats seemingly innocent spam can pose to your business. Bloxx gives CBR the lowdown on 2014's biggest spammy threats...

By Ben Sullivan

Earlier this week CBR spoke to Jim Wilson, head of research at Bloxx. Bloxx is a web content filtering and security firm, and Wilson gave up some invaluable advice for anyone looking to protect their business from the dangers of spam email…

Does spam still represent a ‘serious’ threat to the average user and businesses?

I’m not sure that spam in its self has really ever been a serious threat to the"average user", it should only be a nuisance to most. It is only when we get to the sub-categories of spam like Phishing and Viruses do we start to get into areas where the "average user" is at risk.

Phishing has become a lot more sophisticated over the last few years with most spammers now creating websites that are identical to the login pages of systems for banks and other financial systems or sometimes even online games or shops. These emails and associated websites can be very difficult for the recipient to tell from the real thing, with some now trying to get round the two part authentication by attempting to get recipients to install "special" apps on their mobile phones to allow the interception of messages from the authentication services.

Businesses have a much more complex relationship with spam. The simplest problem is time wasted by employees as they filter through the various spam messages looking for the important business messages.

A bigger problem for businesses is when an organisation’s email server is badly configured. For example, if an email server is configured to notify the sender that the email has been rejected, then an email received from a spoofed sender address will result in the real address getting the rejection message alongwith the original spam message. For example, if a spammer uses as the sending email address, then will receive the notification email from the server. This is not as prevalent as it used to be but can still cause problems.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

An even bigger problem is where the organisation’s server is compromised and starts to send bulk spam emails or emails with links to phishing or viruses which damages the reputation of their email system causing other businesses to reject their important email as spam. This can cause the server to be blacklisted, can damage the organisation’s reputation and can take quite a bit of effort to clear up.

How has spam changed and adapted over the past couple of years? And what’s in store for spam in 2014?

The old 419 scams, V14gra and Russian bride spammers still abound but it’s now very rare for these types messages of messages to make it to most peoples in boxes. This is largely down to the fact that content analysis and reputation basedfiltering has improved vastly over the last few years mostly due to the huge corpus’s of spam available for analysis. Phishing type spam has increased with both wider ranges of targets and more sophisticated set-ups, viruses seem to be decreasing frequency (could just be better delivery systems) but the complexity and payloads are now a lot more geared toward financial profit for the creators either through control of machines for bot-nets or the very scary disc encryption ransom systems to name just a couple.

I expect that these ransom systems will become more prevalent in near future as they make enough money to fund more development or discovery of exploits. Phishing will continue apace I expect as again its can be highly profitable, we will need to see how the banks handle that with more sophisticated authentication methods.

It will always be better to stop these attacks before they get to their targets and I think it is worth considering what the impact on spam may be with the NSA hoohaa backlash. Many people are currently developing systems to ensure that the delivery of email is secure end-to-end. This will likely use both encryption and p2p to prevent snooping at the Internet level. However, despite this it’s almost guaranteed that spammers will also start to use these secure delivery systems to send spam.

If these new secure email delivery systems are successful and become common place or replace the current system then the only place that content analysis will be possible will be at the end points. Content analysis may be the only way to detect spam if p2p is part of the system, as the reputation of an IP address may be irrelevant if all IPs in the system are involved in the delivery of all messages and the originating server is hidden from participants in the p2p delivery. I don’t know what if anything will change with the delivery of email but it could be game changer for both the NSA and spammers alike.



Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.