Looking back at the first spam messages sent in the 1800s, Virus Bulletin editor Martijn Grooten said that in the 1980s spam was impolite, in the 1990s it was a nuisance, in the 2000s it was a threat but in the 2010s spam was apparently ‘solved.’
He said that statistics have proved that email spam was “something we could not keep up with no matter how good your spam filter is.”
Grooten said that spam “exists as people like to break the law” and the issue of dealing with unsolicited bulk email remains a challenge as solutions do not work. He pointed to “solutions” such as only accepting email from people you have previously approved, calling this “unworkable as you would need global approval system, and some sort of PKI.”
From the defense side, Grooten said that IP blacklists, a list of bad senders and IP addresses that should not send email, can work if the sender’s reputation is more advanced. Actively scanning attachments and links also works, as well as practices such as reducing open relays, closing port 25 for home users and standards like SPF, DKIM and DMARC. On DMARC, Grooten said that this can be cost prohibitive, but while the impact of DMARC on spam and other kinds of filtering is subtle, he said “it is one of the great success stories.”
He concluded by saying that he wished all emails were end to end encrypted, but there seems to be no desire to do that.
As for stopping targeted email attacks, Grooten said that this was not possible, but defenders can tackle the problem by raising awareness about clicking on links, assuming some emails will get though so build defenses accordingly with options like 2FA and multi layered approaches, or by watching out for breaches in the headlines and “be ready to contact Mandiant and keep an eye on Krebs in case he mentions you.”