Friday, July 30, 2010

90% of all e-mail is spam

That's an incredible statistic that took me aback when I first saw it (in March from Symantec), which is why security vendors have been so successful in the development and takeup of anti-spam products – such as the ones that Google acquired and implemented into their Google Apps platform, where our customer mailboxes are now all hosted. Spam e-mail levels were also up 16% in the second quarter of this year compared to the first (according to Google).

Previously mailboxes for Virgin Media customers were hosted on three different platforms, all of which took a different approach to dealing with spam (and in fact viruses) coming as they did from the three ISPs that we ran before Virgin Media came together.

In the last few weeks, as the migration from the old platform to the Google one has completed, we've seen an increase in customers reporting an increase in spam – and I'd like to explain why this is, and what customers can do about it.

Our previous platform was configured to reject the most obvious of spam messages, so they would be either bounced or actually deleted without ever hitting a customer's mailbox or being seen by them – so, while customers may have noticed an increase in spam messages there's actually no more being attempted to be sent to them than there was on the previous platform, now they just appear in a user's spam folder on webmail.

The previous platform was classifying around half of e-mails inbound for mailboxes as spam – which is a heck of a lot of e-mail:
[Note: The volumes have dropped as mailboxes were migrated off this platform and to Google]

As you would probably expect, we always took a conservative approach to what was and wasn't classified as spam given that we didn't have the tools to allow a customer to 'fine tune' their own spam filter (unlike how we do now on Google) – but even then we were still deleting around 20 million messages per day of the most obvious spam without them ever getting to a customer's mailbox.

So, what should a user now on the Google platform do if they are seeing a noted increase in spam messages?

1. Tune their spam filter

In Virgin Media mail (i.e. webmail) you can tune the spam filter to tell it what a user considers to be both spam and not spam (as one person's spam is another's valuable e-mail).

This is easy enough to do, by opening the message and clicking on 'Report Spam' if it's a spam message delivered to a user's Inbox – like this one I received overnight:
[Note: Screenshot, like others, is of Gmail – where I import my Virgin Media Mail. Slightly different colours etc accordingly.]

Similarly if a user finds what is a genuine message appearing in their spam folder they should open the message in webmail and click 'Not Spam'.

Doing both these helps the platform learn what the end user considers to be spam and not spam and is used in the decision making process around e-mail delivery to them in future.

2. Add contacts

If someone regularly e-mails a user and they want the e-mails delivered rather than classified as spam, they should put them in their 'Contacts' (link on left hand side navigation of webmail) address book.

This also makes it a bit easier when typing e-mail addresses into webmail in future as it auto remembers them, as well as other features like being able to create a mailing list of people someone regularly e-mails.

3. Use filters

Once the spam filter has been tuned over time to a point where someone is confident that no genuine e-mail is being classified as spam, they might want to consider setting up a filter in Virgin Media Mail whereby any spam messages will be deleted rather than put into the spam folder.

There's more info on how to do this in the help pages on webmail (and we do advise to only do it when a user is confident no genuine mails are appearing in their spam folder), and I think this is something I must do myself this weekend given the amount of mail in my spam folder (which is down to my address having been used in public forums and on web pages for the last decade):A filter whereby mail from a particular user will never be classified as spam (in addition to adding them to the contacts list) can also be setup. This is done by following these steps:
i) Open a message from the e-mailer in question
ii) Click on the option to 'Filter messages like this' from the menu (use the down arrow) beside the 'Reply' link
iii) Enter the sender's e-mail address
iv) Click 'Next Step'
v) Select the checkbox beside 'Never send it to Spam'
Once done messages from that particular e-mail address will always be delivered straight to the Inbox and never appear in the Spam folder.

4. Prevent it in the first place!

Of course the best way to not get so much spam is to make sure it doesn't get sent in the first place - which is done by being careful where an e-mail address is used and who it is given out to, never replying to a spam e-mail and never buying a spammer's products.

Another good tip is to try and make life a bit more difficult for the automated software spammers use when you do post on the web such as on social networks. When posting on the web, use spacing around the '@' sign to do this – e.g. support @ rather than

These, and other good tips, are covered in this BBC article.

However, it is important to note that a user will not be able to prevent all spam – spammers have software that guesses e-mail addresses in huge volumes and sends them spam e-mail. This is known as a 'dictionary' attack and, while we filter huge numbers of these attacks into user's spam folders, some will always get through to Inboxes.

We're going to add some further advice to our website to beef up the advice on how to manage spam in the next few days to provide more assistance.

1 comment:

  1. This kind of problem is mostly encountered by online marketers. When they register in a certain website, they tend to check the "daily notification" on the last portion of the form.