My Spam analysis for last week shows an 8% decline

[Wiz Feinberg]

For those who didn't know, I publish a blog that is centered around spam and security threat analysis. I just finished posting my weekly analysis of Spam and found that it has declined 8% from last week, which was already down 2% from the previous week. That makes a 10% decrease in spam levels over a two week period. This could be the result of Bot Masters losing access to their Command and Control Servers, or because of mass disinfection of zombie PCs in spam Botnets, or it could be a tactical decision by Bot Masters to stay under the radar for a while.

You can read my Spam Analysis for March 29 - April 4 on my blog. It is broken down into categories that are based on my own MailWasher Pro filters and blacklist. Any of you who are using MailWasher Pro a spam filtering front-end for your desktop email client may want to use my filters and blacklist entries, if you're already doing so. There are links in my blog article to my custom filters page.

If you don't know about MailWasher Pro and are bothered by too much spam, read about the program on my MailWasher Pro web page. Note, that it works with stand-alone desktop email clients (desktop programs that compose, send and receive email), not browser based web-mail.

[Bill McCloskey]

I think this has a lot to do with ISP's moving from IP reputation to domain reputation. There have been a lot of algorithm changes at the major ISP's over the summer, particularly Yahoo and AOL.

[Wiz Feinberg]

I think this has a lot to do with ISP's moving from IP reputation to domain reputation. There have been a lot of algorithm changes at the major ISP's over the summer, particularly Yahoo and AOL.

Huh?

[John Cipriano]

So everyone is catching up to Gmail, then

My understanding is that typically spam scores are assigned based on IP address, that is "how many emails from this IP address do our users immediately mark as spam?" But certain domains implement DKIM, so mail originating from them has cryptographically signed headers and the spam algorithm can be sure it's coming from where it says it's coming from. In that case you can worry about signed mail coming from the domain (I think that unsigned mail from that domain becomes a clear forgery) instead of the IP.

Bill, (a) did I get that right and (b) wasn't that supposed to happen with AOL a couple of years ago?

[Bill McCloskey]

Last summer both AOL and Yahoo started changing the method they used to determine if something is spam or not. DKIM is an authentication system designed to cut down on spoofing but wasn't used for spam scoring. But ISP's have begun using the actual domain itself and ignoring the IP address. Old method, if you spammed the heck out of your reputation, you got a new IP address and you were back in business. Not so with the new methodology. A not of advertisers has seen their emails blocked because they are sending promotions from companies whose domain is blocked by Spamhaus.

From what I understand from my friends in the email delivery business, ISP's are moving toward user determined behavior: in other words, your reputation is determined by what the person does with your email: if they put it in the spam folder, or don't open it, the ISP could start blocking that email from being delivered in the future.

[Bob Bowden]

Spam has not been a problem here for a while. Both my main email accounts are gmail-based and then forwarded to my local ISP account. Any spam that slips past gmail usually gets caught by the spam filters on the local ISP. Almost anytime that spam slips through, it is via an obscure old email account that isn't going through gmail.

[John Cipriano]

Bob, I have a split deployment where a few users have Google Apps accounts and a larger number of them have a more traditional hosted mailbox with SpamAssassin + ClamAV. It's amazing how different the spam rates are. Similarly, my school used to use something in-house and recently moved to Google Apps, and what was once completely unusable is now spam-free. I'm pretty sure Google is omniscient.