Spam growth will continue unabated, with e-mail security threats becoming more virulent. Spam e-mail will be recognized as criminal activity and treated as a security threat by corporate IT security groups. Marketers must be more aggressive in protecting their brand with authentication and accreditation. The price of failure is immense.
So here are my predictions:
Spam volume will climb. Twelve months ago, IronPort’s SenderBase network saw 68 percent of all e-mail as spam. After rising to 72 percent in the second quarter of this year, we estimate levels could reach 80 percent next year. Marketers will continue to see their messages fighting with spam for visibility in the inbox.
Corporate anti-spam spending will keep rising. Corporate anti-spam expenditures grew from $1 billion in 2004 to $3.4 billion in 2005 and are expected to reach $5 billion in 2006. As spam volumes increase, older spam solutions become ineffective, and corporations will invest heavily to minimize the effect on employees. Marketers must continue to invest in deliverability efforts to ensure that their messages are delivered reliably.
Phishing will worsen. Phishing is the act of social engineering using e-mail. An e-mail claiming to be from a financial organization requests recipients to provide credit card, Social Security or account login information. But the recipient is referred to a bogus Web site where login and credit card information is harvested and used for fraudulent transactions.
Phishing attacks are rampant, with millions of consumers falling victim yearly. An emerging threat is “spearphishing,” in which the phishing e-mail’s contents are targeted very narrowly at the recipient to increase the likelihood of gaining the recipient’s trust.
Blended threats will become the dominant security danger. A “blended threat” uses e-mail in conjunction with other protocols to infect the user’s PC with malware. For example, a spam e-mail may have a URL linking to a site used for a phishing attack, or the URL may be used to download a virus or spyware program via the Web browser.
Virtually all “spyware removal” tools advertised today in spam are actually used to propagate spyware. IronPort has seen a 200 percent increase in “blended threats” with a 100 percent increase in the past three months of e-mail-borne spyware.
Accreditation will be an imperative. With even greater need to identify their messages as above reproach, marketers’ adoption of accreditation programs such as Return Path’s Bonded Sender and Habeas’ SafeList will increase drastically.
Authentication will be the imperative. The two main authentication technologies, Sender ID and DomainKeys Identified Mail, have reached escape velocity. One-third of all e-mail has a Sender ID record, and Yahoo receives 350 million messages a day signed with DKIM.
Hotmail and MSN e-mail clients introduced a Sender ID pass/fail indication in June, and Yahoo, EarthLink and Google’s Gmail provide the same indication for DKIM in their clients.
While e-mail that passes Sender ID or DKIM authentication gets preferential treatment today, we estimate that e-mail not using these authentication techniques will begin getting negative treatment in mid-2006. Start your authentication projects now. Audit your mail server infrastructure and publish Sender ID records. Begin researching DKIM technology vendors to select the right solution.