StopSpamAlliance.org

San Francisco, March 24, 2010 – A significant percentage of consumers continue to interact with spam despite their awareness of how bots and viruses spread through risky email behavior, according to the Messaging Anti-Abuse Working Group (MAAWG) based on a new survey it released today covering North America and Western Europe. Even though over eighty percent of email users are aware of the existence of bots, tens of millions respond to spam in ways that could leave them vulnerable to a malware infection, according to the 2010 MAAWG Email Security Awareness and Usage Survey.

In the new survey, half of users said they had opened spam, clicked on a link in spam, opened a spam attachment, replied or forwarded it – activities that leave consumers susceptible to fraud, phishing, identity theft and infection. While most consumers said they were aware of the existence of bots, only one-third believed they were vulnerable to an infection.

“Consumers need to understand they are not powerless bystanders. They can play a key role in standing up to spammers by not engaging and just marking their emails as junk,” said Michael O’Reirdan, MAAWG chairman.

“When consumers respond to spam or click on links in junk mail, they often set themselves up for fraud or to have their computers compromised by criminals who use them to deliver more spam, spread viruses and launch cyber attacks,” O’Reirdan said.

The research findings on awareness of bots, email security practices, and attitudes toward controlling spam were generally consistent with the first MAAWG consumer survey in 2009 covering North America. The new 2010 survey was expanded to cover Western Europe and looks at consumers’ attitudes in Canada, France, Germany, Spain, the United Kingdom and the United States.

It Won’t Happen to Me Syndrome

Less than half of the consumers surveyed saw themselves as the entity who should be most responsible for stopping the spread of viruses. Yet, only 36% of consumers believe they might get a virus and 46% of those who opened spam did so intentionally.

This is a problem because spam is one of the most common vehicles for spreading bots and viruses. The malware is often unknowingly installed on users’ computers when they open an attachment in a junk email or click on a link that takes them to a poisoned Web site, according to O’Reirdan.

Younger consumers tend to consider themselves more security savvy, possibly from having grown up with the Internet, yet they also take more risks. Among the survey’s key findings:

• Almost half of those who opened spam did so intentionally. Many wanted to unsubscribe or complain to the sender (25%), to see what would happen (18%) or were interested in the product (15%).
• Overall, 11% of consumers have clicked on a link in spam, 8% have opened attachments, 4% have forwarded it and 4% have replied to spam.
• On average, 44% of users consider themselves “somewhat experienced” with email security. In Germany, 33% of users see themselves as “expert” or “very experienced,” followed by around 20% in Spain, the U.K. and the U.S.A., 16% in Canada and just 8% in France.
• Men and email users under 35 years, the same demographic groups who tend to consider themselves more experienced with email security, are more likely to open or click on links or forward spam. Among email users under 35 years, 50% report having opened spam compared to 38% of those over 35. Younger users also were more likely to have clicked on a link in spam (13%) compared to less than 10% of older consumers. Consumers are most likely to hold their Internet or email service provider most responsible for stopping viruses and malware. Only 48% see themselves as most responsible, though in France this falls to 30% and 37% in Spain.
• Yet in terms of anti-virus effectiveness, consumers ranked themselves ahead of all others, except for anti-virus vendors: 56% of consumers rated their own ability to stop malware and 67% rated that of anti-virus vendors’ as very or fairly good. Government agencies, consumer advocacy agencies and social networking sites were among those rated most poorly.

The survey was conducted online between January 8 and 21, 2010 among over a thousand email users in the United States and over 500 email users in each of the other five countries. Participants were general consumers responsible for managing the security for their personal email address.

Both the survey’s key findings and the full report are available at the MAAWG Web site, www.MAAWG.org. The 2010 research was conducted by Ipsos Public Affairs, and the full report includes country comparisons for many of the questions along with detailed charts.

San Francisco, Jan. 28, 2010 – With the participation of some of the industry’s largest ISPs, email providers and Internet companies, the Messaging Anti-Abuse Working Group (MAAWG) is focusing on how to better protect the end user from spam, bots and other messaging exploitations during its February meeting in San Francisco.  The three-day, multi-track event will feature experts from Google, Mozilla, Microsoft, all the major anti-virus vendors, social networking sites, and anti-spam researchers, among others.

The first of three MAAWG meetings this year, the goal of the Feb. 16-18 event is to encourage a frank discussion and share innovative techniques to better safeguard consumers, according to Michael O’Reirdan, MAAWG chairman.  MAAWG meetings are organized around a series of roundtables, expert presentations on groundbreaking work, and closed-door discussions on sensitive anti-spam issues.

Among the topics to be addressed at the meeting are:

• Web browser security
• The future of desktop and device email clients
• Domain registrar account security, such as problems that enabled the recent attack against a Chinese search engine
• Authentication and DKIM
• Wireless messaging abuse
• Bulk-email senders practices
• Initial results of the 2010 consumer email survey, expanded to cover both North America and Europe

The MAAWG ISP Closed Colloquium (ISPCC), held each day of the meeting, provides an opportunity for network operators to address confidential issues in private.  This session will be opened to all meeting participants the last day of the event, providing a unique opportunity for dialogue among ISPs, bulk senders and vendors.  Other MAAWG committee work will continue on best practices and white papers related to IPv6, port 53 issues, and feedback loops.  Financial Times journalist Joseph Menn will share his research into DDOS espionage, the basis of his new book Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet.

MAAWG meetings are open to members and invited experts only.  Registration and meeting information is available at www.MAAWG.org.

Information on the ITU Botnet Mitigation Toolkit website has been published today including a Powerpoint presentation overview of the project and background information on the toolkit along with botnet-related resources.