97% of email is spam, says Microsoft

Spam and phishing attacks make up 97% of the email that is sent, according to an information security report from Microsoft. The figure is a three percent rise on the previous year.

Microsoft said that 97% of the email sent around the world was blocked as being spam, phishing attacks or carriers of malicious software in the second half of 2008. In the same period of 2007 94% of email was blocked on that basis, its report from the previous year said.

"More than 97 percent of e-mail messages sent over the internet are unwanted: they have malicious attachments or are phishing attacks or spam," said Microsoft's Security Intelligence Report for July to December 2008.

It said that trends in the content of spam were staying stable.

"As in previous periods, spam [during this period] was dominated by product advertisements, primarily pharmaceutical products (48.6 percent of the total)," said the report. "Together with non-pharmacy product ads (23.6 percent of the total), product advertisements accounted for 72.2 percent of spam [during the period]."

Microsoft's spam filters blocked 97.3% of messages in the second half of last year, down from 98.4% in the first half of the year.

"This decline is due to a significant decrease in the volume of spam received in November and December, following the disconnection from the Internet of McColo, a major hosting provider used by spammers," said its report.

As well as pharmaceutical product advertising, spam related to get rich quick scams, gambling, fraudulent diplomas, dating and sexually explicit material and messages only made up of images.

"In an effort to evade content filters, spammers often send messages consisting only of one or more images, with no text in the body of the message. Image-only spam messages accounted for 7.3 percent of the total in the last six weeks," said Microsoft's report.

Microsoft said that the financial downturn had even affected the content of spam messages. "In relative terms, the most dramatic change was seen in the category of stock-related spam, such as 'pump-and-dump' stock schemes," it said. "Mirroring the economic downturn experienced by much of the world in 2008, stock-related spam all but disappeared from [our] content filters [during the period], dropping to 0.6 percent of the total from 9.6 percent in [the previous year]."

Microsoft also said that spammers were sending out spoof email newsletters designed to mimic those of major news organisations such as CNN.

"The messages closely or exactly replicate the format used by the legitimate newsletters and typically feature a mix of real headlines and provocative-sounding false ones. Recipients who click the headline links are taken to Web pages that host spam advertisements or malware," it said.