The country contributing the most to the spam and phishing problem is the U.S., according to the June 2014 threat report issued Wednesday by Intel Security (formerly McAfee). The security vendor said the U.S. holds the title for hosting the most phishing URLs with 55 percent of them globally. The U.S. also sends out the most spam, accounting for 37 percent of all spam URLs.
Security experts say the security industry has been good at filtering out spam but they warn that the unwanted messages pose a traffic strain on the Internet backbone, with some ISPs reporting nearly 99 percent of email traffic identified as spam.The Spamhaus Project, an international organization that tracks email spam and maintains block lists used by security firms and ISPs, considers the U.S. CAN-SPAM act and other attempts to regulate -- rather than ban -- the practice a mistake because they often lack an enforcement mechanism.
Speaking at a security conference this week, Eugene Spafford, a noted computer security expert and professor of computer science at Purdue University, said he feels that the growing amount of spam and the phishing attacks and malware that it spreads is reaching a breaking point.
“The load is continuing to increase every year and it's huge amounts of wasted bandwidth and disk space," Spafford said." All indications point to it not getting better at all."
IT Weapon's MacBean calls the Canadian law admirable in its intentions. For example, an IT Weapons analysis of one of its client's email systems found only 3 percent was legitimate business email. The rest of the inbound traffic was caught in spam filters, he told CRN.
"The spirit of the new CASL legislation is admirable: to protect people and businesses from the growing problem of spam and malware and phishing scams inundating our inboxes," MacBean said. "Asking businesses to take better care in managing their databases and controlling the volume and quality of communication is a good thing."
Expect true spammers to ignore the law, MacBean said. "We all know the real bad guys never cared about existing privacy and legal constraints when they sent their junk mail, spam, phishing scams from ghost addresses, and off-shore domains," he said.
The current CAN-SPAM act in the U.S. is consistently ignored or not adhered to properly, said Jeremy Scott, a senior research analyst at Solutionary, a managed security service provider subsidiary of NTT Group. The Canadian rules will likely get the same treatment, said Scott, adding that legitimate marketers have been able to use subtle ways to skirt the U.S. law.
"Unsolicited emails hit our inbox every day," Scott said. "The actual problem is not the law or act but the lack of enforcement of such a law."
PUBLISHED JUNE 25, 2014