Virus Bulletin, the independent security certification body, had largely good results in its May anti-spam comparative review: 19 solutions achieved a VBSpam award and there was a small increase in most products' catch rates compared with the previous test. The web hosting loophole is however worrisome, according to the firm’s researchers.
"A lot of the focus in the anti-spam industry has been on botnets of compromised home PCs," said VB's anti-spam test director, Martijn Grooten, in an emailed statement to media. "And while these botnets still send a lot of spam, spam filters have become quite good at dealing with it."
However, "various recent reports have suggested that spam is increasingly being sent from web hosts – many of which are compromised", he added. “Our results show that this isn't merely a shift in the way in which spam is sent, but it actually increases the likelihood of the spam messages making it to someone's inbox."
Among the 64,000 spam emails sent as part of the testing, it found that 19,449 emails (just over 30%) were sent from web hosts. It then found that the average email sent from a web host had a probability of 1.04% of being missed by a spam filter, compared to just 0.29% for other spam – meaning that web host-sent spam is 3.5 times more likely to bypass a spam filter.
“Of course, 0.29% and 1.04% are both small numbers, but it is good to keep in mind that spam is still sent in very large quantities,” said Grooten, in the report. “On a (very small) campaign of one million emails, this is the difference between fewer than 3,000 and well over 10,000 emails making it to recipients’ inboxes. It could be the difference between a spam campaign making a profit or a loss for the spammer.”
While its research team is unsure why web hosted spam is more effective at evading filters, Virus Bulletin was quick to point out that the difference also isn’t simply skewed by a small number of emails sent from web hosts that have a very high delivery rate. “If we restrict ourselves to those emails blocked by at least three-quarters of all solutions, we still find that spam messages sent from web hosts are [more likely to get through],” the report said, adding that “the difference in performance [also] can’t simply be attributed to the fact that IP blocking is less effective against web hosts.”