Spam catchers catching spammers better

After a decline in the capabilities of spam-catching software, it's heartening to see that the good guys are getting better

A year ago, the state of the spam-catching art was in dire straits. As I reported back then, spammers were getting better ("better" in the eyes of the beholder, of course), and spam filters were getting worse.

Virus Bulletin just released its VBSpam comparative review for May, and I'm very happy to report that the tables have (at least temporarily) turned. Nineteen of the 20 tested antispam products performed well enough to earn VBSpam certification. Two of the products -- Bitdefender Security for Mail Servers 3.1.2 and Fortinet FortiMail -- distinguished themselves by catching more spam with fewer false positives, thus earning VBSpam + ratings.

The test involves feeding each of the 20 products live spam, between April 27 and May 13:

77,993 emails were sent as part of the test, exactly 64,000 of which were spam. 54,668 of the spam messages were provided by Project Honey Pot, with the remaining 9,332 emails provided by, a product from Abusix. They were all relayed in real time, as were the 13,563 legitimate emails ("ham")

All of the VBSpam-annointed products caught at least 98 percent of the spam. There are penalties for false positives.

The report draws special attention to spam that originates directly from dubious Web hosts. Ken Simpson at Mailchannels recently published the results of an analysis of the origin of spam trapped by Abuseat. Ken looked at the sources of the trapped spam and came up with an odd observation:

It would be natural to expect those sources all to be Internet service providers, with the top positions occupied by ISPs in developing countries, where many people run cracked and thus unpatched versions of Windows XP -- a dream for botherers.

But no, that isn't what Ken found. The No. 1 source of spam in Ken's study is The Planet, a Web service offered by SoftLayer, a Web hosting company with 436 employees and an active abuse team. Second was a German firm, STRATO, also known for Web hosting. Third was yet another Web hosting firm, of dubious pedigree. Of the top 25 spamming sources in the study, only six were ISPs.

Why the emphasis on spamming through Web hosts, and not through ISPs? The trick works.

During this test we noticed that spam sent from Web hosts is three-and-a-half times as likely to make it past the spam filter than spam sent from other sources. This would explain why spammers appear to be keen to send spam from Web hosts -- some (unconfirmed) reports claim that as much as 50 percent of today's spam is sent in this manner.

So the bad guys are changing their route of attack, and the industry hasn't yet caught up.

That's the bad news. The good news is that spam catchers are getting better.

This story, "Spam catchers catching spammers better," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow on Twitter.