Spam is a major operational problem for all professionals because of its waste of bandwidth; it is a significant nuisance even for non-professionals, contributing to computer-based crime and increasing doubts about e-commerce. I recently interviewed Cloudmark CTO Jamie de Guerre via e-mail and am pleased to convey our discussion in a two-part report.

How’s the spam? We hear estimates of anywhere from 75% to 90% of the total bandwidth of the Internet is being wasted by unsolicited commercial e-mail; what do the experts find?

Cloudmark provides spam filtering for the world’s largest e-mail providers including 11 of the top service providers in North America. Over 96% of all e-mail sent to these operators is spam today.

Are there regional variations in spam? That is, are different parts of the world receiving different amounts of spam and are there differences in the origination frequency by geography?

Yes, there are differences in both the amount of spam received and generated by different regions.

North America is definitely the leader in receiving spam. As I mentioned, over 96% of all e-mail received by large North American operators is spam. That number is quite a bit lower in Europe – only around 85% of all e-mail received by large European operators is spam. In Asia, the number is similar, around 80% of all e-mail received by major Asian operators is spam.

This graph shows the percentage of spam generated by several of the top sources of spam in the world, by country.

Has the legal situation improved any? Some years ago, I wrote a column with my favorite title of all time: “Can CAN-SPAM can spam?” Obviously, it hasn't. Are there any legal measures that you think would be of any use at all in fighting spam?

Yes, the legal situation has improved; however, the impact is negligible. Efforts by organizations to track down attackers have increased. There have also been some successful prosecutions. However, these actions have had a relatively small impact on the amount of spam and on the attackers. The rate of successful prosecutions has been slower than the growth of the attacking community by orders of magnitude.

The attacking community is now a sophisticated, mature market economy. The combination of widely available services from advanced researchers enabling anyone with malicious intent to join the attacking community has dramatically lowered the barrier of entry for a wide network of wannabe hackers to conduct sophisticated and malicious attacks. While the legal situation has improved, at this point, the outlook is grim for any hope of it having real impact.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services. CV online.