The high water mark for spam was reached in July 2010 when approximately 230 billion spam messages were in circulation each day, accounting for 90% of all email traffic. This has now declined to 39.2 billion messages per day, accounting for only 72.9% of all email.
The question is why?
Graph of spam volume, global estimated spam sent, billions of messages per day, 15th June 2010 to 14th June 2011.
There are many different factors that appear to be working together to make sending spam more difficult and less profitable for criminal gangs. In September 2010 the Spamit web site announced that it was ceasing operation due to “numerous negative events”. Spamit provided affiliate marketing services, allegedly helping to pay spammers for promoting many spam advertised web sites, notably the “Canadian Pharmacy” operation which was one of the most spam advertised brands.
The demise of Spamit corresponded with a large drop in spam volumes, from approximately 100 to 75 billion spam per day from the end of September to mid November 2010. It is not known exactly what the “negative events” are referred to by Spamit, but it is thought that these may be associated with increased attention by regulatory bodies and law enforcement in the activities of the group.
Nevertheless, spam had been dropping before this event. It may be that increased surveillance of spammers by authorities had pursuaded spammers to seek other economic activities legitimate or illicit. Or it may be that the peak of spamming in July 2010 was unsustainable for the spamming industry, there just weren't the number of customers to warrant such a high level of activity.
A few months later, in December 2010, the largest botnet at the time, Rustock suddenly stopped sending spam. At the time, this single botnet was responsible for 47.5% of all spam, sending approximately 44.1 billion spams per day. The botnet soon resumed its activity in January in 2011, but in March it ceased operation entirely and was dismantled due to concerted action by a partnership of industry and law enforcement. Since then, the other botnets have not significantly increased their spamming activity to maintain the same total levels of spam. Indeed, one of the largest botnets, Bagle, has decreased the amount of spam that it sends from 8.31 billion spam per day in March 2011 to 1.60 billion spam per day in June 2011.
This decrease in spamming activity may be evidence that increased investigation of the spam underworld has both disrupted the affiliate networks, such as Spamit, that pay for spam campaigns, and led to botnet controllers looking to keep their heads down to avoid the attention of the legal authorities. Interestingly, during the same period there has been a reported rise in distributed denial of service attacks, which can also be undertaken by botnets. It may be that the botnet owners are looking to other modes of operation to maintain their revenue, while moving away from the now less profitable and more risky business of spamming.
Data taken from Symantec Intelligence, previously Messagelabs Intelligence.