Spam Is All Your Fault, Says Study

March 8, 2008 – 3:59 PM

So says the Radicati Group, which Wednesday released preliminary results of a survey showing that it’s bad behavior on the part of users — us, in other words — driving the spam and virus threat.

And you thought it was spammers and hackers.

“Frankly, it surprised us that users are still responding to [spam], and opening [unsolicited] mail,” said Sarah Radicati, the chief executive of the Palo Alto, Calif.-based market research firm which conduced the online poll.

According to Radicati’s survey, 31 percent of those polled have clicked on embedded links within spam at one time or another.

“Clicking on embedded links helps spammers determine ‘live’ accounts, which encourages repeated spam attacks,” said Radicati. And enterprises can be compromised by a single miscreant. When an active account with a domain is identified, organizations are at greater risk of follow-up directory harvest attacks.

Eighteen percent of users admitted that they’d clicked on the “unsubscribe” link in spam, another behavior that’s exploited by spammers, who then know the address, and perhaps the entire domain, are active and so potential targets for follow-on spam campaigns. Even worse, spammers sell and trade lists with virus writers eager to accumulate bots, so by telling a spammer they’re “live,” users increase their risk of later receiving worms and viruses.

But the most stunning statistic, said Radicati, was the last: more than 10 percent of the respondents have purchased products advertised in spam.

“With the near-zero cost of sending out huge volumes of spam, the fact that more than one in ten users are purchasing products is clearly continuing to drive the economics of spam,” said Radicati.

“Although one person’s spam may be another person’s information,” she said, “it’s clear that education isn’t working. Either the spam product offers are just too good to pass up, or users still have an enormous lack of awareness of the danger of clicking on e-mailed links.”

Companies need to do a much better job, she said, of educating their employees. “They’re not,” Radicati said. “They may say ‘don’t do this’ and ‘never do that,’ but there’s simply not much formal training.”

Our continued bad habits, she said, explains why e-mail security threats — spam, worms, phishing — continue to explode.

“Anti-spam technology routinely achieves 90 percent plus catch-rates, yet no technology in the world can protect an organization if users exercise bad e-mail behavior.”

You must be logged in to post a comment.