Security software giant McAfee recently published the results of an interesting month-long project aimed at putting a fix on just how bad the issue of unsolicited e-mail remains — along with gaining added insight into some geographic and content-based trends around the ever-present nuisance messages.
In a novel approach to tracking the flow of spam, the company distributed fresh laptops and email addies to a group of 50 users based all over the globe, then encouraged the individuals, who ranged from savvy journos and software developers to stay-at-home moms and retirees, to go about using the machines and responding to spam e-mails with no regard to the potential security and usage headaches that would surely result from the behavior.
Dubbed S.P.A.M., or short for Spammed Persistently All Month, the initiative turned up some compelling results regarding the behavioral, social and regional issues that continue to drive the proliferation of unwanted e-mail.
“By running the S.P.A.M. Experiment, we gave everyday people permission to go where most Internet users would not dare. For anyone that has ever wanted to “click” and find out if an offer really is “too good to be true,” the McAfee S.P.A.M. Experiment satisfies that curiosity, without any of the risks,” Jeff Green, senior vice president of McAfee’s Avert Labs research group said in the project’s final report. “On a more serious note, the experiment also educates people and helps them to identify spam e-mails and highlight the risks associated with opening or responding to unsolicited e-mail.”
Green noted that the project was launched in part to mark the 30th birthday of spam, and not the kind that comes in a can.
Once the study got underway, participants began receiving large amounts of spam almost instantly, as on average the users were being hit with roughly 2750 of the messages per day only five days into the initiative.
During the first week alone, the 50 individuals had attracted a grand total of 104,832 e-mails, receiving an average of 2,096 messages each day as a group, and approximately 70 of the messages per day.
Five users were recruited into the program from 10 different countries, respectively, and, you guessed it, those based in the U.S.A. garnered the highest volumes of unwanted e-mails, attracting 23,233 spam messages in total, almost 22 percent of all the missives tracked in the effort.
Das Germans received the fewest number of messages, attracting only 2331 e-mails, or merely 2 percent of all the content.
Global Spam League Rankings:
U.S. – 23233 Brazil – 15856 Italy – 15610 Mexico – 12229 U.K. – 11965 Australia – 9214 The Netherlands – 6378 Spain – 5419 France – 2597 Germany – 2331
Some other interesting results:
Top 10 Most Spam Individual Rankings:
Bill (U.S.) 9160 Giuseppe (Italy) 6490 Geraldo (Brazil) 6000 Simon (U.K.) 5414 Rodrigo (Mexico) 5221 Gabriella (Italy) 5019 Evan (U.S.) 4224 Jose (Spain) 4034 Katya (U.S.) 3897 John (Australia) 3759
Percentage of Phishing Emails per country:
Italy – 22 percent U.S. – 18 Mexico – 17 Brazil – 11 Australia – 9 U.K. – 8 Netherlands – 7 Spain – 4 France – 3 Germany – 1
Top Ten Most Popular Spam Categories:
1. Financial 2. Advertisements 3. Health and medicine 4. Adult 5. Free stuff 6. Credit cards 7. Education 8. Money making, “get rich quick” schemes 9. IT related 10. Nigerian scams
Unsurprisingly, the U.S. also led in the amount of adult-themed content tracked in the project, by a lot. U.S. participants landed 27 percent adult-oriented spam, while people in France (where the adult industry is less regulated by the government) attracted only 3 percent adult content.
Overall, three of the American participants landed in the project’s “top 10” list of people who attracted the most spam.
As a rule, the people who worked with McAfee on the initiative said that they learned quite a bit about the nature of spam via their participation. Cited by Green in his summary were the observations of one user, Libby, located in France, whose feelings were representative of many of those who undertook the study.
“What have I gained during these last 30 days? Well, at least I got rid of this itch, this curiosity, clicking on any and everything on the World Wide Web just to see the outcome,” Libby said. “Clearly clicking on a flashing window or signing up for diet advice in the form of a newsletter as anticipated is foolish. I will continue to be more diligent paying much more attention to where I enter my personal e-mail address, as well as my contact information.”
McAfee also offered up some tips on avoiding spam as part of its conclusions:
1. Do not post your email address on the Internet.
2. Check to see if your e-mail address is visible to spammers by typing it into a Web search engine such as www.google.com.
3. Many ISPs also offer free spam filtering. If this is available, enable it.
4. When filling in Web forms, check the site’s privacy policy to ensure it will not be sold or passed on to other companies.
5. Never respond to spam.
6. Do not open spam messages wherever possible.
7. Do not click on the links in spam messages, including unsubscribe links.
8. Never buy any goods from spammers.
9. Make sure that your anti-virus software is up to date.
10. Never respond to e-mail requests to validate or confirm any of your account details.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.
