Postini, the spam-catching and security-monitoring company, has released its report on the health of email for September 2006.

The company claims that spam now accounts for four out of every five emails that passed through the company’s scanners, an increase of 1.6% over August.

It also reports that,

at any given time, 50,000 unique computers on the Internet that were simultaneously exhibiting malicious behavior such as attempting to propagate spam, viruses, phishing and other attacks against email communications.

Virus-laden emails made up 0.44% of all emails that the company scanned.

Either I am particularly blessed or these reports are a bit of a beat-up.

Even when you read them cautiously (it only measures the email that Postini sees — c. 9 billion emails, and the company has a vested interest in talking the problem up), it seems so out of whack with the amount of spam than passes through my accounts.

I reckon that only 30-40% of my emails are spam. Perhaps my email service catches the rest, perhaps Australians are not desirable targets, perhaps things are worse in the corporate email world, perhaps personal experience is not the most statistically sound starting point.

Of course, that’s 30-40% too much but it’s not prophet of doom material.email, spam, phishing, viruses, internet, the end is nigh

Bounced emails cost their senders USD 5 billion a year, according to a report from the gateway security company IronPort .

The company studied global email traffic and concluded that only 20% of emails are legitimate. Spam makes up 67% of email and bounced emails account for 9%. Viruses infect 3% of email messages worldwide and phishing attacks are less than 1 percent.

Direct Marketing site DMNews reports that “Patrick Peterson, IronPort’s chief technology officer, said he was “shocked” when he first heard about the cost of bounced messages.”email, spam, bounced messages, viruses, phishing

Two interesting links in the war against phishers and online scammers.

Metrowest Daily News carries an interview with Michael Lamont, a software engineer who has attempted to play along with 419 Nigerian scam artists (“I am an official for Nigerian Oil. I have $140 million. Give me your bank account details and you can have 10%”).

Others have done this before (see the 419 Eater and 419 Baiter web sites), but I was interested to read the statistics about victims and the estimated total financial damage, and to learn that the Nigerian Government “blames Westerners’ greed for their losses”.

Another creative response to Phishing scams (deceptive hyperlinks in emails designed to trick you into revealing financial or personal information) is covered by C|Net News.

It has published an article about RSA Cyota, a company that fights phishing by flooding the scammers’ web sites with bogus user names and passwords so that legitimate information is harder to determine. A spokesperson for RSA Cyota explains:

The technique is called dilution: We generate a list of bogus credentials and feed the Web site with false usernames, passwords and credit card numbers. The fraudster may have obtained 30 genuine credentials out of 300–we are trying to make it less worthwhile and more risky for the fraudster.

Of course, Mail provides some protection against phishing attacks, so careful users can protect themselves.

Recent research on why phishing works (PDF ) , published by Harvard Postdoctoral Fellow Rachna Dhamija, suggests that the majority of users are not careful.mail.app, apple mail, spam, phishing, security, email, fraud

An updated version of SpamSieve released today offers several nice improvements:

• Most importantly, perhaps, Michael Tsai the developer continues to improve SpamSieve’s accuracy by counteracting various spammer tricks.
• The delay, when using Apple Mail on Tiger, between choosing “Train as Good” or “Train as Spam” and when training actually started is gone.
• Growl notifications from people in the address book now include the “To” address for mailing list messages, which makes it easier to decide whether to ignore the notification.
• It also features Improved the error messages, improved display of the demo time remaining and updated localisations

SpamSieve is available from the developer’s web site and is shareware (USD 25).spamsieve, spam, phishing, mail.app, apple mail, plugins

Ready to try a new way of catching spam? Spam Cube is a hardware box about the size of a pack of gum.

Plug it in between your modem and router and it claims to eliminate spam from up to four computers on a small network.

The device costs USD 150, but requires no monthly subscription fee.

Out of the box it offers spam and anti-phishing protection. For an additional USD 52 a year, you can buy access to a Symantec-powered anti-virus service as well.

The spam cube is an elegant compact device:

It claims to work with most Windows and Mac OS X email clients including Mail.app. It will also filter webmail accounts, if the email is downloaded into a email client.

Pre-release beta units have already sold out, but you can get in the queue to order one at Spam Cube’s web site where you can also see more pictures and read detailed tech specs.spam cube, spam, mail.app, apple mail, phishing, anti-virus, email

SpamSieve has been updated.

Apple Mail users will experience greater accuracy as SpamSieve gets smarter in general about spammer tricks and as a particular bug affecting accuracy in Mail.app has been corrected.

In addition, the new version features better analysis of attachments, improved phishing detection and faster execution of spam training commands in Tiger and Jaguar.

SpamSieve is available from the developer’s web site and is shareware (USD 25).spamsieve, spam, phishing, mail.app, apple mail, plugins

“Phishing” is the practice of using deceptive hyperlinks in an email. You click a link thinking that you are going to your bank or some other trusted site, when in fact the disguised hyperlink sends you to a scammer’s web site.

Scammers do this in order to trick people into parting with sensitive personal or banking details. (Wikipedia can tell you much more ).

The latest Security Fix column in the Washington Post explains how phishing scams are getting more sophisticated.

A recent phishing scam on customers of a credit union used SSL certificates to give an added sense of false security to potential victims. It also looked more legitimate by quoting part of a credit card number common to all customers at that particular bank.

There is no reason for Mail.app users to get caught out. Rob Griffiths at MacWorld provides a tutorial on how to avoid these phishing scams.

Plain text is your best defence. Failing that, the process for protecting yourself differs in Panther and Tiger Mail.

In short, it involves uncovering the hyperlink behind the visible text by clicking and dragging the URL in 10.3 or hovering the mouse over the link in 10.4 to reveal the actual URL underneath (as below):

Poor spelling and grammar are also sure signs that something fishy is going on.phishing, scams, email, hyperlinks, SSL certificates, mail.app, apple mail, spam