DENVER Aug. 10, 2005 MX Logic, Inc., a leading provider of innovative email defense solutions that ensure email protection and security for businesses, service providers, government organizations, resellers and their customers, today reported that, for the third consecutive month, “zombie PCs” accounted for more than half of all spam.
An average of 56 percent of all spam filtered by the MX Logic Threat Center in July was sent from neglected, “always-connected” broadband PCs that spammers hijacked by installing a spam Trojan. Hijacked PCs represented the source of 62 percent of all spam in June and 55 percent in May.
“These statistics indicate that hijacked PCs have become not only the preferred distribution tool for spammers, but also a primary source of Internet pollution,” said Scott Chasin, chief technology officer, MX Logic. “Zombie PCs impose a huge cost on Internet Service Providers, businesses and consumers, whose hijacked PCs identify them as a source of spam and result in their being blacklisted.”
Once infected with a spam Trojan, zombie PCs provide worm authors with remote command-and-control spam-distribution capabilities, allowing them to create a legion of zombie computers that can pump out unwanted email and initiate Denial of Service (DoS) attacks.
In May the Federal Trade Commission (FTC), along with 35 government partners from over 20 countries, unveiled “Operation Spam Zombies.” This international campaign is designed to educate Internet Service Providers (ISPs) and other Internet connectivity providers about hijacked computers.
In addition to its data on zombie PCs, MX Logic also issued the following statistics on email security.
Spam-Sending Domains Represent Biggest Users of SPF and Sender ID
In a sample of more than 19 million unique email messages that passed through the MX Logic Threat Center from July 17 through July 23, 2005, MX Logic found that:
– 9 percent were from domains that had published an SPF record, 83 percent of which were spam-sending domains; and
– 0.15 percent was from domains that had published a Sender ID record, 82 percent of which were spam-sending domains.
“Just because an email has a published Sender ID or SPF record does not mean it is a legitimate email,” Chasin said. “Nevertheless, widely deployed domain-based authentication is a key building block in creating accreditation and reputation services that can vouch for the domain’s SPF or Sender ID record, as well as its email-sending history.
“Ongoing industry cooperation on these two protocols, along with recent discussion in the Internet Engineering Task Force on DomainKeys Identified Mail (DKIM), represents progress in the development of effective domain-based authentication protocols.”
SPF, Sender ID and DKIM are emerging email authentication protocols intended to help verify the origins of email at the domain level, making it more difficult for spammers and phishers to “spoof” email addresses.
4 Percent of Unsolicited Email in July Complies with Federal Anti-Spam Law
MX Logic also reported that in a random sample of 40,000 unique unsolicited commercial emails that passed through the MX Logic Threat Center, 4 percent complied with The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act. This compares with 3 percent compliance in June.
MX Logic has tracked compliance with the CAN-SPAM Act since the law went into force on Jan. 1, 2004, by examining a random sample of 10,000 unsolicited commercial emails each week. On average, only 3 percent of unsolicited email has complied with CAN-SPAM since the law went into effect. Compliance hit a peak of 7 percent in December 2004 and reached an all-time low of 0.54 percent in July 2004.
Monitoring billions of messages per month for over 6,000 organizations worldwide, the MX Logic Threat Center combines advanced, accurate and up-to-the-minute email defense technology and human-messaging expertise to protect MX Logic customers from spam, viruses, worms, phishing attacks and other email threats.
About MX Logic
MX Logic, Inc., provides innovative email defense solutions that ensure email protection and security for businesses, service providers, government organizations, and resellers and their customers. The company’s feature-rich solution suite is the industry’s most comprehensive, flexible and easy to use.
Founded by messaging industry pioneers, MX Logic has delivered numerous industry firsts to the enterprise spam market, including becoming the first managed service provider to: leverage Bayesian Statistical Classification; provide spam beacon (“Web bug”) blocking; offer quarantine management via email; provide corporate-level quarantine release reports that help reduce inappropriate email while decreasing corporate liability; and deliver a solution for tracking URL click-throughs from email to the Web, providing increased corporate control and security.
MX Logic processes billons of messages each month for over 6,000 organizations worldwide including EnCana, Hyundai Motor America, Internet Initiative Japan ServiceMaster, The Sports Authority, Verio Inc., and YMCA. In addition, MX Logic is the only email defense company to offer both a managed service and a turnkey, carrier-grade software solution for service providers. For more information, visit www.mxlogic.com.