When Microsoft Chairman Bill Gates infamously predicted in 2004 that spam could be eradicated in two years, he probably did not expect the onslaught that was to come.
Six years later, today, not only has Gates been proven wrong, unsolicited e-mail continues to infiltrate consumer and corporate environments and shows no signs of abating.
In Asia, spam seems to be casting an even larger shadow over the last two years.
According to Bjorn Engelhardt, Asia-Pacific and Japan vice president at Symantec Hosted Services, the 2008 spam rate in the region was about 5 percent below the global rate, but from the second half of 2009, the region overtook its counterparts in terms of spam received.
"The Asia-Pacific now has a higher spam rate than any other region, currently at 91.8 percent, versus Europe, Middle East and Africa (at 80.6 percent), U.S. (82.6 percent) and global (90.2 percent)," Engelhardt noted in an e-mail. "Clearly, compared to two years ago, [the Asia-Pacific region] is attracting more spam and users are more likely to encounter spam in their inboxes."
"The increase may relate to the fact that there is rapid uptake of broadband in the Asia-Pacific at the moment, and spammers know that there are many new opportunities to scam, steal [from] or infect users."
Raj Dalal, vice president of marketing and alliances at BoxSentry, told ZDNet Asia that globally, there are about 200 billion e-mail messages sent daily, with spam or phishing e-mail accounting for up to 90 percent.
As e-mail volumes are expected to reach 500 billion within the next five years, the number of malicious e-mail messages will continue to increase, Dalal said in an e-mail.
Asian companies, he noted, have been employing "increasingly sophisticated means to block the tsunami of malicious e-mail". The effectiveness of their efforts typically depends on a mixture of technology, policy and effective controls.
He noted that the challenge facing e-mail administrators is that they are often forced to make tradeoffs between "blocking as much unwanted and malicious e-mail as possible and producing the fewest errors", or false positives.
Asian companies need to instead "switch the paradigm" from one of blocking malicious e-mail to one of first allowing e-mail from legitimate senders then filtering out unwanted messages, he said.
"E-mail filtering solutions can then increase the aggressiveness and detect more spam without losing legitimate e-mail as part of the tradeoff," Dalal explained. "This issue will grow in importance with the increased adoption of IPv6 (Internet Protocol version 6)."
Legislation producing more spam?
Countries in the region, including Korea and Singapore, have put in place spam control regulations in efforts to stem the problem.
According to Engelhardt, such regulations are useful as they help define what is considered spam and make it easy for spam filters to identify and appropriately deal with unsolicited e-mail.
However, spam regulations are "not foolproof" as spammers often try to circumvent laws using different ways, he pointed out.
"Symantec's prior investigations on Korean spam found that most Korean e-mail [senders] complied with the law. However, there was also evidence of spammers trying to avoid spam detection by obfuscating the characters they are required to include in the subject header by mixing different character encoding schemes, or using slightly different characters to side-step automated detection of the text identifying the e-mail as an advertisement," he said.
Foreign spammers may also be unaware of local regulations and at the same time, they are not likely to be identified and prosecuted.
On top of that, the proportion of spam has increased in tandem with antispam legislation efforts, noted Engelhardt.
"For antispam laws to be truly effective, governments and authorities must work toward stricter enforcement of such laws and possibly consider imposing sanctions against lawbreakers."
At the end of the day, spam and phishing attempts "cannot be eradicated in their entirety", he said. However, enterprises in the region can take steps to protect their business, employees and customers.
Individuals, for instance, can unsubscribe from mailing lists they no longer wish to receive and refrain from publishing their e-mail addresses on the Internet. Alternatively, they can opt for "disposable addresses" when subscribing to such lists, Engelhardt suggested.
E-mail users also need to be more judicious in their e-mail habits, he added. Besides not replying to spam e-mail, they should not give out personal information or passwords via e-mail. "It is usually best to verify through telephone or with a company representative before [providing such] information," he said.