Global email spam levels have taken a dramatic downturn in the past few months, as the graph on the right from Symantec shows.  Levels reached nearly 250 billion messages per day in August 2010, but were down to under 50 billion by December.  Interesting that a downturn such as this would happen just before Christmas, when online spending is at an all time high and you would expect spammers to be hawking their wares in anticipation of this. Such dramatic decreases are not unusual, and often marks an impending change in tactic or content by the spammers (similar to any advertising agency focusing on a new campaign).

Whilst I’m all for anything that decreases spam (and hopefully is sustainable) I think this decrease may just mark the re-focus of spammers to forums and other media at the moment. I am moderator / admin for a few forums covering various topics around the internet, and I’ve noticed a massive increase in spam on the forums over the past few weeks.  One high traffic forum that usually would received 1 or 2 per day, is currently getting upwards of 100 a day.  Whilst it’s nowhere near the billions levels that have changed in emails, it is significant enough to have quite an impact on the forums.

With much less sophisticated systems in most forum installations (as compared to email systems) for detecting and blocking spam after the initial sign up of the account, these spam postings are much more of an annoyance. Forums don’t have a ‘Junk’ folder the way your email does, and spam has to be manually deleted by the forum administrators and moderators.  Even with re-captcha or other anti-bot sign up methods installed the spam accounts are still getting through, and spreading their crap. Part of the problem with systems like re-captcha etc, is the lack of timeout of the response, which can lead to the following situation:

1) Bot goes to sign up to a site and gets presented with a captcha of some format.
2) Bot saves a copy of the captcha, and re-issues it on a free porn site (or similar) sign in.

…Bot can then wait for as long as it takes, seconds, minutes or hours as captcha doesn’t expire till submit is hit on the form….

3) A human person tries to use free porn site, gets the captcha, and answers to porn site
4) Porn site forwards the answer back to the bot
5) Bot puts in the human answer and continues with the registration.
6) Bot starts spamming the forums

I hope I’m wrong, and the botnets are not getting re-trained on forums at the moment, and it’s just a spike in forum spam which is unrelated to the email spam decrease, because if I’m right then forums are about to become quite annoying and spam laden and I’m not sure most forums have anywhere near enough moderators to deal with any significant increase in spam postings.

I’d be interested to hear what people think in the comments, especially if you moderate any forums and can give your experience of forum spam at the moment.

~Shepy