I started hearing various people comment about lower spam volumes sometime in mid December. This isn’t that unusual, spam volumes are highly variable and someone is always noticing that their spam load is going up or going down. The problem is extrapolating larger trends from a small selection of email addresses. There’s too much variation between email addresses and even domains to make any realistic assumptions about global spam volumes from mail coming into a particular address or domain. And that variation is before you even consider that spam filters prevent much of the spam from actually reaching people.
There are organizations, though, that have access to extremely large groups of addresses they use to track spam. Those numbers tend to be more representative of the actual spam volumes and are very good for tracking trends.
The news seems good. During the second half of 2010 there was a consistent and steady decline in the amount of spam received by the Senderbase network. In fact, December levels went below 100 million emails.
The CBL also publishes numbers and shows a steady decline in volumes during 2010.
Related to the inquiries I started hearing in December, there was a clear dropoff (spammers going on Chrismas vacation?) in volume at the end of December. It’s harder to see in that graph, but is clearly demonstrated if we look at the CBL graph for Q4. There is a precipitous drop around Christmas. The traffic volumes reflect some of the drops seen when major botnets are taken offline, however there were no reports of arrests or takedowns around that time. It’s unclear if this decrease will be sustained or not.
An article posted yesterday by Threatpost about increased activity from the Storm botnet indicates that botnets aren’t necessarily dead yet. It also indicates old botnets may be evolving yet again.
There are a lot of possible reasons that volumes are down, from vacations to arrests through to spammers finding more effective ways to get their messages out. Anecdotally, a lot of spammers are moving to social media networks, especially twitter. This may work better for spammers, who rely on immediacy rather than a consistent or coherent message.