Interestingly, Google also notes that image spam, which is generally filtered out quite well by modern spam detection software, has seen a major resurgence. Amanda Kleha, a member of Google's message security and archiving team, theorizes that this might be due to new spammers getting into the market after the shutdown of McColo and 3FN, and these new players are starting out with well established methods, even if they are not very effective. Kleha also notes that spammers might just be testing how well the current generation of spam filters handles these messages in order to perform statistical analysis based on which subject lines and content make it into users' inboxes.

Google also notes that one of the largest spam attacks in the last quarter was based on an old school "newsletter" template (with malevolent links and images thrown in there for good measure). This attack unleashed about 50% an average day's spam volume in only 2 hours. So while it might not have been highly sophisticated, there was surely a massive network behind it that was able to send out this huge amount of spam in such a short time.

According to MessageLabs, Google Sites spam only accounts for 1% of all spam at the moment, but they expect this technique to become as popular as similar techniques being used to distribute spam using other free Google online services, including Google Docs, Google Pages, and Google Calendar.

The benefit to using Sites for spamming is that it's harder to block the resulting URLs generated by the service. Unlike Google Pages, whose URLs are in the format of accountname.googlepages.com, a Sites URL begins http://sites.google.com/site/. The format of these URLs, which contain "google.com," are more difficult for traditional signature-based anti-spam tools to block. At the tail end of the URL, the spammers' sites will contain site names that are composed of random letters and numbers.

Sites is certainly not the only Google product that has been adopted by spammers. For example, I noticed an increase in Google Groups-related spam messages arriving in my Gmail inbox recently. Google Sites looks to be more of the same. Spammers are certainly clever, so it's up to the makers of anti-spam technology to combat this latest threat of "Google Spam." Clearly, just because something is hosted at google.com, it should not automatically be considered safe or trustworthy.

The bigger question here is how the rise of Google spam is being addressed by Google themselves? Surely, they are concerned about their name becoming associated with sites hosting malware and spam?

Google would not confirm how they were addressing this specific problem or how they address spam in general, saying that they needed to be careful not to provided spammers with any clues as to what they do. However, they did say that they expect spammers to use every means possible to try to send spam and that they have a very robust spam-fighting effort at Google. They also claim that they disable these accounts immediately and will continue to do so.

"Two years from now, spam will be solved," said Bill Gates in 2004 addressing World Economic Forum in Switzerland. But 2007 will go down as the worst year yet for spam, a trend that has held for the past four years, according to Rebecca Steinberg Herson, vice president of marketing at Commtouch, an email security firm.

In an interview last month with USA Today, Gates reminded that though the volume of spam has increased, more of it is being deleted by spam filters. "Sure, there's a lot [of spam] out there, but software is deleting 99.9% of that anyway," he said, though Microsoft has revised that claim to 85% - 95%.

Gates does have a point -- spam filters are getting better. For example, last January, 50% of all spam was image based, but due to better filtering technology, Symantec now says that the percentage of image spam has dropped to just 8%. These quick advances in spam-fighting technologies force spammers to constantly change and update their methods. Eventually, researchers believe that better filters will begin to reduce spam from a colossal pain to a minor annoyance.

"As more people have inboxes protected by better and better spam filters, their experience of spam gets closer to Gates' vision," Richi Jennings, lead analyst at email security at Ferris Research, told USA Today. "He was a bit overaggressive with the prediction, of course. But spam isn't an easy problem to solve."

Last month we reported on a study from research firm IDC that predicted that 2007 would be the first time that spam out numbered legit email. Our readers didn't think that sounded right: surely spam outnumbered legit email years ago. "Spam sure as hell surpassed legit emails in my inbox -- years ago. Mine. My mom, dad, sisters, brothers, aunts, uncles, every single friend I've talked to about it, my cat and dog, Boobo my hamster, everyone..." wrote one commenter.

Barracuda's report corroborates those feelings and calls into question the IDC report. Certainly, from my own personal experience, it is a lot easier to believe Barracuda. I use three email accounts on a regular basis, and across them, I get about 2500-3000 pieces of spam each week. I get a lot of legit email, as well, but not enough to outnumber the unsolicited stuff. Luckily (for most users), I am in the minority. According to the report, 65% of email users get less than 10 pieces of junk mail per day (half get less than 5). Just 13% find themselves in the unhappy position of receiving more than 50 spam emails per day.

Barracuda's report also found that spam is not only annoying, but it is the most annoying form of junk advertising. 57% of respondents to a survey question asking what the worst form unsolicited advertising was said spam, compared to just 31% for postal junk mail and 12% for telemarketers.

Unfortunately, spammers continue to evolve their tactics to beat the filters. In 2006 there was a rise of image spam and botnets. This past year, spammers were seen using attachments (like PDF files) as well as using more advanced identity obfuscation techniques.

The good news is that spam filtering technology is evolving right along with the spammers, and it works well. Thanks to filters, I only see about 3-4% of the spam I get (which is still a lot given the immense volume). Here's to a spam free 2008 -- hey, a guy can dream, right?

Both the DM email service and the keyword-based spam-blocking feature look like excellent ideas. In addition to blocking spammers to your account, SocialToo will also alert Twitter's @spam account whenever you block somebody and flag them as a spammer (TweetDeck, we should note, offers a similar feature).

Fighting Twitter Spam

SocialToo, of course, was responsible for quite a few of these spam messages in the early days of Twitter; though this February, SocialToo's CEO Jesse Stay announced that the service would end support for auto DMs, and SocialToo had been already offering some basic tools to fight auto-following spammers. Others have now jumped into this market, and the problem is getting more pronounced by the day. Of course, the problem of Twitter spam in general is getting worse, too, and we are still waiting for a good third-party solution to filter spam messages in our regular Twitter stream or for Twitter to put its foot down and implement better spam filters itself.

Looking Forward: More Viruses

For 2009, Google assumes that this upward trend will continue and possibly accelerate again, as malware and link-based attacks become more effective. During the second half of 2008, Google noticed that virus volume in email increases six-fold from the first half of the year. While the overall volume of these messages is still small, Google assumes that spammers will increasingly rely on these viruses to rebuild the infrastructure that became unavailable after the McColo shutdown.

Symantec's MessageLabs has been seeing a similar rise (PDF) in spam during the last two months of 2008, and also attributes this to the the rise of new and better botnets.

Google's video sharing site still hasn't instituted as much as a captcha requirement in order to send a message through its service, something that even MySpace did only last week. If the proliferation of spam blogs on Google's Blogspot is any indication it may be a long time before YouTube does anything about spam emails driving users back to their site.

Regardless of all that, unless increasingly high-profile social media outlets like YouTube take effective steps to stop both messaging and content spam we can expect not only more unsolicited email but also a pile of media coverage on the topic. I just thought I'd get in on the news cycle early and put it in context.

Check out a summary of the week's Web Tech action on Read/WriteWeb with our Weekly Wrapup!

They've been working on a solution to cleanse the stream of Twitter spam; their new product tags and blocks computer-generated tweets with a minimal margin of false positives. BotKiller is a product of Rarefied Technologies, an open-source company that implements advanced algorithmic classification for enterprise applications.

The company claims that its "specialized lexical parsing" can find and block computer-generated content by analyzing the metadata and the conversations and relationships between post authors and the larger network.

Currently, the service is focusing on spam filtering for real-time UGC, and Twitter provides a case-study playground for the the product's accuracy and effectiveness. Overall, the company cites a 95 percent accuracy rate for spam filtering with a set of false positives equal to less than one percent of all blocked tweets.

Here, we can see a sampling of blocked tweets from a sample of about 3 million tweets:

Clearly, there are still false positives, some of which do appear to be auto-tweets about new blog posts. Rarefied CEO, Gabriel Ortiz, wrote to us in an email this afternoon, "We haven't really made a decision regarding auto-tweeted blog posts, right now we're trying to tag the ones that are from obvious spam blogs, such as those selling prescription drugs or promoting multilevel marketing scams, but we're not yet blocking ALL such blog post tweets, as some of them might be more legitimate."

According to Ortiz, the BotKiller product is currently just a proof-of-concept for their real-time spam classifier. As such, whether the service will be free for end users or how pricing would be tiered is yet to be determined. "We're hoping we can partner with someone who has a desktop or mobile Twitter client to deliver the filtering service to users," he wrote. "It would also make a lot of sense for Twitter themselves to license our solution so they could just mark as private tweets which are likely to be spam, thus keeping them out of the public search and trending topics without stopping people who wish to read messages of that nature from doing so."

Says Darya Gudkova, Head of Content Analysis & Research at Kaspersky Lab, "naturally, this type of advertising is more interesting and gets more hits." That's bad news for YouTube because when something works, spammers keep at it... with a vengeance. Once word gets around that video spam is more successful than traditional methods, there's no doubt that it will only increase.

How Would YouTube Handle Video Spam?

So what will YouTube do if video spam becomes a real problem on its network? We would like to think that it would take the offending content down, but that could be easier said than done. After all, this isn't like the copyrighted content that their Content Identification tool can easily identify and remove. That tool works by comparing unique signatures somewhat like a digital "fingerprint" from a content owner's copyrighted file to user uploads across the site. Then, if a match occurs, the copyright holder has the option to have the video taken down.

Identifying a spammer's video would be much harder. Just because someone is using YouTube to sell something, that doesn't necessarily mean it's video "spam." That moniker should only be reserved for videos which are truly undesirable messages where fraudulent activities are underway. The question is, how would YouTube know?

Assuming that video spam takes off, the best thing the site could do to police online content is to include a "report spam" button for videos themselves, as it now has for video comments only. 

Of course, for potential victims of video spam, the best thing is not to get duped into visiting YouTube in the first place. Spam filters will simply have to adapt to this new technique. Unfortunately, that will be yet another challenge for Google, which, in addition to owning YouTube, also offers a feature in its webmail product Gmail that automatically embeds any YouTube videos referenced in the email directly in the message itself. That makes it even more convenient for video spammers, who wouldn't have to convince their victims to leave their inbox and launch a new browser window: just click a button on the video embedded below.

Title: Please ignore any Quechup.com Invites - It's a spam engine

Message: I am writing this with profound embarrassment.

I was recently tricked by a spam engine posing as a new social network. I got an invite from someone I knew and trusted, signed up to see what was about. Two days later, Quechup sent out SPAM to my entire address book.

Please ignore or delete all emails claiming to be from me that mention a site called Quechup.com.

Please also accept my apologies for any inconvenience this may have caused you.

I won't mention the name of the person who sent this message, because it isn't their fault. Clearly Quechup has broken the golden rule of social networks and abused the trust of their users. Quechup's tagline is "the social networking platform sweeping the globe" - however it seems to be doing that via an email spam campaign.

Our recommendation: stay away from Quechup. You may also adopt my own current rule and not sign up to new social networks unless there's a clear - and new, unique - benefit to you. After all, how many social networks do you need?

Darren Rowse calls Buy Blog Comments "one of the worst business ideas [he has] heard for a long time," and I am obliged to agree. This is not only a monumentally poor idea, but one that is potentially dangerous for the blogosphere as a whole.

Buy Blog Comments charges $.20 per comment for what they say are "quality blog comments." To write truly quality blog comments that won't be flagged by site owners as spam like the site promises one would have to find related blog posts, read them, and compose thoughtful, on-topic replies that subtly weave in a marketing message with a link that is worthwhile to readers. If we can assume that takes at least 10 minutes per comment, then this site is paying its writers probably less than a $1/hour. That makes me skeptical that the site could deliver on its promise of comments that don't look like spam. But I'll let the site speak for itself and you can judge the "quality:"

We dont use people who cant even speak english. It is important to have well written blog comments so that they wont get deleted by the blogger. All of our trained staff are currently from the USA and Canada and speak english very well.

The site is run by Jon Waraas, a 20 year old entrepreneur who in the comments of Darren Rowse's site admits that he's "just not very ethical." Waraas adds to the shadiness of an already suspicious endeavor by quoting himself on the Buy Blog Comments web site in a manner that looks like a customer testimonial. The site itself says that it specializes in selling to "blackhatters" (a term used to describe people who use search engine optimization techniques that are frowned upon by the search engines or outright against their terms of service), which is a good way to attract negative attention from Google.

As Search Engine Journal notes, there is value in comment links, but paying someone to spam blogs (or doing it yourself) is not the way to go about building backlinks.

While that number seems pretty questionable, PCMag's Appscout points to a related survey from Forrester in 2004 that found 20% of people say they have bought from spammers. In other words, if you believe these studies - it's getting worse, not better.

Marshal (no relation) says that global spam volumes are around 150 billion messages each day and have doubled for the year ending June 2008. We wrote in December about another study, also from a vendor in the anti-spam market, that concluded that 90 to 95% of all email is now spam.

"A common misconception is that 'regular' people don't buy from spam. But, you have to consider the types of products people are buying," Marshal's Bradley Anstis wrote in the company's release today. "It's pirated software, knock-off watches, counterfeit designer goods, cheap drugs and prescription medicines, pornography and other adult material. The Internet provides convenience and a degree of anonymity to people who want to buy illegal or restricted goods. It is a black market and spam has become a conventional means of advertising to a willing audience of millions of people who are purchasing from spam."

The announcement of the study concludes with these funny lines, from Anstis again: "The other way to look at this situation is from a spammer's perspective. There are approximately 250 million people out there who are interested in these kinds of products and have made purchases from spam in the past. That's equivalent to double the population of Japan mixed in with every other Internet user. As a spammer - how do you reach that market without knowing specifically who these people are and with the bare minimum of expense? Easy, send lots of emails to everyone."

Has The Market Spoken?

If you buy Marshal's numbers, and they have a vested interest in painting a large threat, perhaps the market has spoken. It sounds like people want spam, after all. What other e-commerce channel would 30% of respondents admit having bought something from? Doesn't sound like something that needs to be illegal.

Of course these numbers should be taken with a giant grain of salt. The study was of just over 600 respondents who visited the Marshal website. The question they were asked appears to have been framed in a pretty presumptuous way. "What purchases have you made from spam?"

This author has never bought anything from spam. I swear.

The percentage of people who have clicked on a topical looking ad on a spam blog that showed up in search is probably even higher. The satisfaction with that spam is probably much higher than satisfaction with email spam.

Those of us who want to use online communication channels for serious purposes, and I don't mean serious like S&M fantasies, may be forever forced to wade through a sea of people who are less discerning and the spammers who email us all in order to find them.

The TweetBlocker dashboard allows you to unfollow and block users individually or as a group. You can also hover over a user's avatar and see their last couple of tweets - just in case you are not quite sure if somebody is really a spammer.

Grades

Overall, TweetBlocker works just as advertised. We noticed, however, that while it did really well for those Twitter users it gave a C or D to, there were quite a few false positives among those users it graded with an F. These are supposed to be the worst of the worst spammers, but far too often they just turned out to be hapless Twitter users or people who had abandoned their accounts after a short time. 

APIs, Bookmarklets, and Integration

While the website is obviously the central focus of TweetBlocker, the company also provides an API for developers, as well as a bookmarklet that allows users to report spammers to TweetBlocker directly.

As a standalone service, TweetBlocker is already quite interesting. Things might get a lot more interesting in the near future, though. Jonathan Nelson, the product director of Hashrocket, tells us that Tweetie, the popular Twitter app, will integrate TweetBlocker with the next version of its application.

Note: Whenever you suspect that somebody is indeed a spammer, you can also send a direct message to @spam, Twitter's own spam fighting account.

Ironically, if anyone's to blame for spamming our Twitter timelines, it's the marketers themselves. They've managed to trick our friends into spamming us with their messages instead.

We're not sure where anyone, marketer or not, gets off telling Twitter that it's their responsibility to filter the content that flows through their service mainly because Twitter is already doing so. The company itself currently addresses the spam issue by providing an @spam account where you can report spammers and other abusers in the Twittersphere. If the account in question is indeed a spammer, Twitter boots them from the service. That sounds good to us. Simple and effective...at least for the end user. (It's probably a nightmare to deal with at Twitter HQ).

Of course, Twitter doesn't want their service overrun by spammers - no one would. However, they're probably more concerned with wasting their resources to support these fake accounts than they are with the annoyance it causes for their users. But do they have it under control? Perhaps not - fighting spam is sort of like fighting computer viruses. You block one and someone makes a new one. The same goes for spammers - kill one spammer and another appears to take his place. It's an ongoing fight, not a plague that can be wiped out overnight through some magic filter.

Besides, what you consider spam, I may consider "valuable information about a product." Probably not, but there is a gray area there that has to be taken into consideration. Some spam is out-and-out spam, but other stuff may just be "hot deals" from a legitimate company. However, if you didn't want to see said hot deals, you might consider them spam. Still, how would you see them unless you actually followed that account to begin with? Or maybe you turned on auto-follow using a service like SocialToo? If that's the case, it's a little ridiculous for you to get annoyed when half your timeline turns into a slew of "buy this" messages - you only have yourself to blame for that.

Where Actual Spam Hurts Us

The only place that honest-to-goodness spam can really affect you on an everyday basis is not in your own personal timeline of friends' tweets, but when viewing a trending topic's stream or when doing a keyword search. In these cases, spammers hijacking a currently popular hashtag may show up in the timeline, potentially diluting the results with irrelevant information. For this reason alone, we support Twitter's spam-fighting efforts.

Even More Dangerous? "Tweet to Win"

What's actually more concerning than spam, however, is the new trend we'll call "tweet to win." Legitimate companies have begun using Twitter to promote a message - essentially an advertisement about their business' offerings. To cajole twitizens into "spamming" their followers in this way, they're offering prizes or the chance to win prizes in return. (Full disclosure: this author did this once and still regrets it).

This situation hasn't gotten out of hand just yet, but it seems like it's only a matter of time before it does. Because really, how many of you could resist yourselves if all of a sudden a company started giving away free Macbook Pros? Oh, apparently not too many of you because you've already spammed up trending topics today with #moonfruit. What's Moonfruit? Why, it's a company that's giving away a free Macbook Pro every day for 10 days. Is this a brilliant social media promotion (as Adam Ostrow of Mashable claims) or just a new, inventive way to junk up the twitterstream with advertisements? We think it's closer to the latter.

The only consolation in this particular case is that Moonfruit doesn't care what your tweet says, so it can just be appended to any ordinary tweet. That's not usually the case - most companies provide a message for you to re-tweet.

What's frightening about this "it's not spam, it's a message from your friend" is that it's really not. My friend isn't actually telling me that Moonfruit is this great new company they have just heard about and that I really have to check out. This isn't a word-of-mouth recommendation - my friend just wants to win a new laptop. They know this, I know this, and the company knows this. And that makes the message just as spammy to me as any other in-stream tweet from an actual spammer.

So, what can be done? Well sure, I could unfollow that so-called friend, but why would I? It's not like they do this regularly and 99% of the time, I like what they have to say. But while one day that friend is tweeting to win a Macbook, another may be tweeting to win something else. Even if only a small percentage of an ever-shifting group of my friends tweeted a promotional message every day, it would be enough to junk up my timeline.

Sadly, that's one kind of spam that Twitter can't really block. And neither can I.

The service is not a spam filter - it just protects against abuse of your email address. This offers you the ability to track what services can be trusted versus which ones can't. And, unlike spam filters, you don't need to worry about false positives.

How It Works

Basically, the way LiquidID works is this:

The service will create an email alias like alias1@liquidid.net for one site you want to log into and it will create alias2@liquidid.net for another site. As those sites send you messages, they will be automatically redirected to your inbox. This way, the sites can communicate with you, but they never have your personal information. If alias2@liquidid.net is ever compromised, LiquidID will block the messages.

LiquidID has been developed by Jeremy Wyn-Harris under the privately owned entity of Epic Digitial. Jeremy has ten years of experience with startups, beginning with Epic Digital which mass produced standalone internet cameras in Australia and Singapore. He later on participated in startups which included The OpenSauce, Builderscrack, and UpStartGo.

You can sign up for a LiquidID of your own from here.