The worst source of spam in the UK in June was cloud server provider iomart, according to figures from Cloudmark.
Email security firm Cloudmark monitors spam received by its clients and, based on its own data, it found that certain iomart servers are responsible for 14 percent of the spam that originated from UK IP addresses.
The servers in question were rented by spam marketers who then sent out tens of millions of spam messages, mostly to recipients outside the UK. Andrew Conway at Cloudmark said: “We could see some IP addresses [at iomart] that were sending out continuous, solid spam for a long time.”
Conway told SC that, overall, the world spam picture was improving as hosting companies tightened their anti-spam policies but iomart, by failing to implement appropriate controls, had become a statistical standout.
“If we look at the sources of spam [in the UK] in more detail, a single source stands out as sending several times as much as any other. The iomart Group, a Scottish hosting company, is responsible for 14 percent of all the spam originating in the UK,” Cloudmark stated in its report. “iomart is a company with a fine social and environmental record, and we hope their social responsibility will soon extend to more aggressive measures against spammers.”
iomart was not the worst of the European spam houses – that honour falls to a few European hosting companies such as OVH which sent more spam as a proportion of their total mail output.
iomart responded to the claims with this statement:
“iomart is one of the largest hosting providers in the UK with ten data centres in all and as such we take a robust and serious approach to the quality of all the services we provide. This report has highlighted an issue that exists within a small part of our business – the dedicated server market – in which a number of our smaller brands operate. These companies provide thousands of physical and virtual servers to resellers and other customers across the world. With this volume comes the risk that some of the mail they send is considered spam.
“The spam highlighted in this report is not judged to be malicious but is of high volume. iomart has a robust management system and responds appropriately to any abuse cases. If anyone is reported to be sending spam from our infrastructure they are breaching our Terms and Conditions and our Acceptable Use Policy and we take action immediately.”
Conway said the type of server didn't matter. “I don't care whether it's a dedicated or managed server, if a spammer has sent spam from your network then the hosting company has to take responsibility for that,” he said. “Our recommendation for dedicated servers is to put the outbound mail port through a silent proxy so you can apply outbound spam filtering on that. I don't want to make this a sales pitch, but we have a product that can do that, others have products or you can grow your own – it's not that hard.”
Conway recommends that hosting companies follow the Message, Mobile and Malware Anti-Abuse Working Group (M3AAWG) guidelines to prevent their systems being compromised by spammers. Its report, M3AAWG Anti-Abuse Best Common Practices for Hosting and Cloud Service Providers (PDF), aims to “educate providers about methods they can adopt in order to more efficiently use their resources to fight abuse”.
We asked iomart if they were aware of M3AAWG or its recommendations, but they didn't respond to this question.
Overall, the UK sends more legitimate email than spam and ranks well against other countries measured in the report. “However, there is significant room for improvement as a few hosting companies with inadequate spam filtering are making things worse for everyone,” the report said.
Overall, Cloudmark's Q2 2015 report identified a number of trends in spam including:
- Fake CV spam targeting small businesses with ransomware – more of a problem for US small businesses than European businesses
- A 79 percent decrease in diet spam following US Federal Trade Commission action against Sale Slash, LLC, a California company selling diet aids
- Abuse of newly created top-level domains, especially the less expensive extensions
- Abuse of redirectors and URL shorteners – t.co is being abused less often than before while bit.ly appears to be suffering more.