The European Network and Information Security Agency (ENISA) recently published a follow up study on measures internet and e-mail service providers take to secure their services and limit spam and unsolicited e-mails. As less spam reaches its target (only 6% of all e-mail traffic actually reaches mailboxes), the public perceives the situation to be under control. The reality is, however, that spam is growing in quantity, size and bandwidth and remains a costly problem. Detailed responses from 30 providers (mostly from EU countries) show clear improvements in both organisational and technical practices. The survey aims to highlight the challenges providers face such as: viruses, spam, distributed denial of service attacks and worms, and the solutions applied – and which others may want to adopt.
The survey is divided into two parts focusing on the one hand on infrastructure security and spam on the other. Currently almost every provider in the study publishes contact details in order for the users to report violations, up from 60% in the previous study. Compared to 2006, there are vast improvements in terms of training and/or awareness campaigns, guidance to subscribers and free security software to name just a few. On a more technical note, every provider filters incoming traffic while over 90% filter outgoing traffic, representing increases of 15% and 46% respectively. Last year, providers relied mainly on customer complaints to detect anomalies whereas the current monitoring of traffic peaks represents a more proactive approach. While the processing of spam reports has increased since 2006, fewer providers are notified when spam is received from their network; analysing the origin of spam has also dropped. On average, providers use five different spam filtering methods. Spam is an international problem and different laws, time zones and languages make cooperation difficult. ENISA supports initiatives such as SpotSpam (www.spotspam.net/) which mitigate the problem by acting as an intermediary.
What is the significance of the survey? Internet and e-mail service providers play a key role in securing e-communication channels which are increasingly pervasive in business and European citizens’ everyday lives. Public confidence in, and utilisation of, e-commerce relies heavily on actions providers take in response to security threats and unwelcome marketing approaches. As ENISA Executive Director Andrea Pirotti and Security Policy Expert, Pascal Manzano, emphasise: “The measures internet and e-mail service providers take to protect their infrastructures and services are the first level of protection for users. Their role is, thus, critical to building user trust in channels central to
