Spam metrics
At the beginning of this report it was noted that spam is evolving. Although there are many different sources providing data on the amount of e-mail categorised as spam, the percentage of viruses and the number of phishing scams sent through electronic messages, the information is not easily comparable, and diverging results are reported. This is due to lack of a common international definition of spam, and to the different methodologies used to measure the amount of spam, which depend on the various filtering technologies employed.
Most of the data on spam originates from industry, in particular from anti-spam solution providers, but also by Internet Service Providers (although the latter data are not usually available to the public). Data gathered by these players are difficult to compare as they relate to a different user base and are founded on different parameters. This raises a number of questions about the completeness of data, what is being measured, and if industry should be encouraged to develop a single methodology for data collection. In addition, Internet Service Providers are often unwilling to disclose information which is sensitive for the company and may damage their competitiveness.
Filtering companies and ISPs (using filters) collect data from their customers that provide measures on the amount of spam detected by the filters. These data provide an indication of the growth of spam relative to the total volume of e-mail, the different possible content, and the affected countries. Anti-spam organisations and bodies related to consumer or privacy protection also measure spam. In addition, but to a limited extent, data on spam are collected by some governmental or public organisations which have the responsibility to develop anti-spam policies or regulations.
Statistics prepared by anti-spam solution providers show that in 2005 the average percentage of spam e-mails decreased slightly, reaching 68.6% of total e-mail, compared to 72.3% in 2004.96 AOL declared that already between 2003 and 2004 the number of spam messages blocked by their filters had declined by half, and so did the number of spam complaints from their customers. Different sources noted that spam is affecting users to a lesser extent, often thanks to the utilization of spam filters and anti-virus protection, and to educational and awareness campaigns, which teach users how to deal with the phenomenon. The change in the spam trend, which had been growing in previous years, demonstrates that the implementation of appropriate technical solutions, coupled with an aggressive approach to spammers (legal suits, investigations), can bring results. Rresearch from the Finnish Statistics Institute concluded that households in Finland are generally moderately concerned about spam. Similarly, according to research of the Pew Internet and American Life Project, 22% of users say they spend less time on e-mail because of spam, down from the 29 per cent in 2004.97
Statistics can also provide relevant information to policy makers with respect to burdens that spam imposes on network operators. For example, according to VeriSign, the manager of the .com and .net domains, during the three-month period from 1 July to 20 September, 2004, spam represented 80% of
Measurement is key to evaluating the evolution of spam and the effectiveness of anti-spam solutions and educational efforts, to be able to determine if a strategy is effective, and eventually what changes are needed in policy, regulatory and technical frameworks.
In order to better assess the current status of spam, and provide data on the amount of spam which passes in the network, the Messaging Anti-Abuse Working Group (MAAWG), in the context of the Task Force work, developed an E-mail Metrics Program and agreed on a series of ISPs spam indicators to measure:99
• The total number of dropped connections resulting from IP blocking (while this parameter may be imprecise, it gives a sense of the magnitude of the amount of messages which are not penetrating the networks).
• The total number of blocked or tagged inbound e-mails and percentage of e-mails going through the ISPs (excluding blocked connections) that are identified as spam.
• The focus is therefore on “unwanted” e-mail, so that the difficulty of defining spam will be avoided.
For the last quarter of 2005, the total number of inbound emails filtered is about 203 billion. Of these, the delivery of more than 61 billion has been refused using RBLs (Real Time Blacklists) or other methods, while another 142 billion have been successively blocked or tagged using ASAV (Anti-Spam/Anti-Viral) framework, MTAs (Mail Transfer Agents) and other recipient- or message-based rules. This does not include additional filtering at the MUAs (Mail User Agents) level.
This means that for the last quarter of 2005 there have been:
– Approximately 500 dropped connections per mailbox.
– More than 1.5 dropped connections per unaltered delivered e-mail.
– More than 1 000 blocked/tagged inbound e-mails per mailbox.
– Approximately 4 blocked/tagged inbound e-mails per unaltered delivered e-mail or 80% of total number of inbound messages.
If we factor in 1 abusive e-mail per dropped connection, the ratio of blocked/tagged inbound e-mails per unaltered delivered e-mail increases to 5.6 emails or 85% of inbound messages (see Figure 2).
Figure 2. Percentage of spam e-mails at ISPs level (4Q2005)
Number of blocked/tagged inbound e-mails Number of unaltered Delivered E-mails Minimum number of uncounted email due to dropped connections
20%
80% 59%
15%
26%
Number of blocked/tagged inbound e-mails Number of unaltered Delivered E-mails Minimum number of uncounted email due to dropped connections
20%
80% 59%
15%
26%
Source: MAAWG Email Metrics Program, March 2006.
The report will be updated on a quarterly basis in an attempt to identify trends over time. Mailbox operators voluntarily decided to participate and commit to supply confidential data for two years on a quarterly basis.100 Data will be available on the MAAWG Web site (www.maawg.org), or on the OECD anti-spam pages at: www.oecd-antispam.org, under “Statistics”.
ISPs’ data can be compared with measurements of spam as it is perceived by the user, in their inbox after the application of filters and other technical solutions. In order to obtain a more detailed analysis of the spam phenomenon, France undertook a statistical study based on «inbox spam». The preliminary results of the study, based on public statistical rules, suitably complete the existing statistical information.101 The mentioned approach is different as it does not measure the spam “in the pipeline”, but spam which reaches the end-user and is perceived by the latter as being spam. This type of measure provides a more sociological analysis of what users consider spam, and how concerned they are by the phenomenon.
Regarding the first issue, about 90% of interviewees consider spam any commercial e-mail from a sender they cannot identify or a commercial e-mail from a sender to whom they certainly did not give their e-mail address. In addition, 74% consider unsolicited (non-commercial) messages sent by political parties or trade unions as spam.
Notwithstanding most of the users can easily identify spam e-mails and eliminate them, still 8% of respondents affirmed they bought a good or service advertised in such a message. A large part of the interviewees are aware of the necessity to take precautions to avoid being spammed. In particular, protecting personal e-mail addresses and using anti-spam filter services are the most common procedures.
The second issue relates to how concerned people are about spam. The survey showed that while most users received a small amount of spam, and therefore were not very concerned with the problem, about 10% of users receive 70% of the total volume of spam, and consider it to be a major annoyance.
Resources and data are available on the OECD Anti-Spam Web site, linking to the MAAWG Web pages and to other online statistics.