Who’s winning the spam wars?

For most of us, our interaction with spam is limited to occasionally overrun email accounts or strange messages being sent from our email and social- media accounts.

As a nuisance, it’s tolerable enough. Internet users have grown accustomed to dealing with emails about cheap Viagra from oddly named senders, or the occasional need to change passwords, an inconvenience that is far less annoying than cancelling credit cards or changing a phone number.

But on the other side of these daily and generally futile interactions, a battle is being waged between spammers and those trying to police them – and it is disrupting the very infrastructure of the internet.

It's an ongoing battle, fought without too much excitement, but came to wider attention this week when Spamhaus, a nonprofit organisation that seeks to halt spamming organisations, was the victim of a huge cyberattack thought to have been made by CyberBunker, a Dutch hosting company that facilitates spamming.

Since the middle of the month, Spamhaus has been fighting off enormous DDoS – distributed denial of service – attacks, a common cyberattack that involves sending so much traffic to a website that it clogs the server, crippling its functionality, a bit like a busy kitchen being so overwhelmed with orders that the chefs collapse.

Spam takes many forms, but the standard definition is that it’s sent in bulk and is unsolicited – emails you receive that are not the result of an existing relationship or something you signed up to.

There are the confidence-trick “411” scams: the Nigerian prince who emails you looking for help in getting a vast amount of money out of a country and into your account. (All he needs are your credit-card details.) There’s phishing spam that appears to come from a legitimate source, such as your bank, trying to get you to click on something or enter your details in order to glean information or get access to your accounts. There’s the more obvious spam selling porn or Viagra, the junk mail of the internet.

How does the spam end up in your inbox? It’s pretty simple to write a piece of code that will generate pot-luck email addresses; eventually, some of them will be real.

There’s also a lot of automated scraping of email addresses, so if your email address appears somewhere online, you can get regular spam.

The older your email address is, the more you’ll be targeted. Spam works on the principle that if enough muck is thrown at a wall, some has to stick. So if spammers send two million emails, they just need a small percentage to get through and a smaller percentage responded to in order to make money.

Some of the cash is generated by referrals. For example, many porn sites work on an affiliate basis, whereby if you refer someone who successfully signs up, you get a cut. This is a goldmine for spammers who send sign-up emails. If it’s €5 a referral and you’re getting 20 referrals a day, you can make a living. And that’s speaking in very small numbers.

Michele Neylon, the chief executive of Blacknight Internet Solutions, which hosts hundreds of thousands of domains, works with people in the pharmaceutical industry to combat spam related to fake drugs.

“The websites selling fake pharma are turning over billions,” he says. “The guys doing the spamming as part of that food chain are making millions.

“We are dropping about 95 to 96 per cent of all inbound email because it’s spam. At certain times it’s as high as 98 per cent. On an average day we’re rejecting millions of emails every single hour, at peak.”

What happens when someone is seriously disrupting this moneymaking racket is what happened to Spamhaus. It’s a strong attack, but DDoS attacks are ongoing.

“The reality is the blacklist provider Spamhaus and other companies that take decisive action against these criminals are targeted by them in turn,” Neylon says. “If you’re seen to take action against these guys it’s like having a great big bullseye on your back.”

Neylon says it’s essential to keep your computer’s software up to date and to run checks to make sure everything is functioning as it should be.

The more spam and DDos attacks that occur, the more clogged the internet will become, leading to some having difficulty accessing websites and a slower experience overall.

So who’s winning this war? So far the network of anti-spam tools and organisations are holding it together.

“There aren’t any clear winners,” Neylon says. “You’re still able to use the internet: it’s not going to go away overnight. At the moment the good guys are still winning, but it’s far from over.”