The 2009 ENISA Anti-Spam Measures Survey Report

The report of the 2009 ENISA Anti-spam Measures Survey is now available:

In 2009 ENISA launched an Anti-Spam Measures survey, asking e-mail service providers in Europe about the measures they take to combat spam in their networks. This survey provides a view of how the fight against spam has evolved since the last survey two years ago.

The survey aims to determine how e-mail service providers are combating spam on their networks. It helps identifying the state of the fight against spam and helps service providers to learn from their peers throughout Europe. Overall, we hope that this research will aid the industry’s understanding and development of best practices in the fight against spam.

Some of the key findings:

  • less than 5% of all email traffic is delivered to mailboxes;
  • most mail providers not only take care of protecting their customers from receiving spam, they also avoid sending spam to others;
  • fighting spam has reached maturity although continuous adaptation to new techniques is needed.

The survey report with detailed information about the measures is available for download.

Slides of the main survey results.

I would like to publicly congradulate ENISA on the methods they used to conduct this survey.

  • They sent a couple of preparatory emails asking if I would like to participate in such a survey and co-operate with a third party (asking for express permission to share my email address with another organization).
  • The actual survey, hosted on a dedicated site, had very easy to complete registration and clean/direct questions.
  • They sent a nice  «thank you for participating» email.
  • As soon as they processed the answers, they sent a preview of the results to the participants, including personalized answers! The preview report contained the survey’s key results and a custom comparison of my answers with the survey average. I didn’t have t remember my answers, they did it for me!

Well done ENISA people and thank you very much for your work!


Time to disconnect?

Food for Thought – Time to Disconnect?

Copied from ENISA Quarterly Review Vol. 4, No. 2, Apr-Jun 2008
by Nick Coleman and Pernilla Skantze

It seems widely accepted today that we should regularly check SMS and e-mail on our mobile devices during most meetings. The best situation is when there is wireless broadband access in a meeting room, as we can then do our ‘real’ work (i.e. checking e-mail) while attending the meetings or conferences that for some reason we do not consider demand the same level of attention as e-mail.

Wireless broadband solutions and fixed-mobile functions make it easy to be connected even when we are on vacation, regardless of whether we spend our holidays on a mountain top in the Alps or on a distant beach. When we go for lunch or leave work we can still answer the numerous messages from a person with phone – and we do. Many people say that it takes them several days of vacation to control the urge to check their e-mail. It’s a bit like giving up cigarettes. Only worse…

At the same time, parents all over the world are fighting to tear their children away from their computers or games consoles to go out and play with their friends instead and to do ‘normal’ things that we used to do in the time before all children and teenagers had a computer on their desks.

Or is that really it? In a minor study carried out in the northern outskirts of Europe recently, a number of people were asked to refrain from mobile phone use for a couple of weeks. It turned out that, besides the fact that they had to plan their days much more rigorously, what they missed the most was the alarm clock, the radio function and the fact that they never knew
what time it was.

So the question is, is this healthy? Are we increasingly in an ‘always on’ culture, where we take our Blackberry, mobile phone or laptop with us over the weekend and on holiday as well? Another piece of research suggests taking the laptop on holiday means it may come back with new malware from children accessing sites with new security risks!

So should we all be disconnecting for the summer – throwing away our devices and switching off from work? In the new Sex and the City movie, the main character in the film, Carrie, throws her mobile phone into the sea.

This action of strong emotional distress only happens after she has received numerous messages from a person with whom she has fallen out, and probably many of us have felt the same urge at one control the urge to check their e-mail. It’s point or another. Especially nowadays, when we can’t slam the receiver down in anger any more – pressing “no” doesn’t really have the same effect.

Although many of us still remember a life without mobile devices, was it really any better? Or are all the scares about our dependency on new technology just reactionary, while our lives constantly improve?

And when we go abroad we know transport and hotel rooms can be arranged from a nice bar or beach, without spending time in endless queues. And adding all the other functions we need – camera, clock, wake-up call and music player – our advice to you would be – don’t forget your mobile phone this summer!

Pernilla Skantze ( is a lawyer specialising in IT-related issues, working for the Swedish Ministry of Enterprise, Energy and Communications, and a member of the ENISA Management Board.

Nick Coleman ( is the former Head of Security Services for IBM across Europe, the Middle East and Africa, he is currently the Independent Reviewer of information assurance and security to the UK Government and is a member of ENISA’s Permanent Stakeholders’ Group.

inbox-outbox minutes

Μόλις κυκλοφόρισαν τα πρακτικά του anti-spam workshop που είχα παρακολουθήσει το Νοέμβρη στο Inbox-Outbox.

"The workshop was set up in order to bring technical and non-technical
anti-spam experts together to give an overview about current situation
in the area of anti-spam. Professionals from both sides gave
contributions about spam trends, current legal and technical anti-spam
issues and newest research results.

Discussions during the workshop made clear that providers are fighting
spam, but need support from different areas. In general, support from
legal experts is highly appreciated by providers. They often seem to
stumble in difficult legal aspects regarding email or virus filtering.
This workshop made clear which measures are actually desirable and
required by policy makers. Moreover, providers welcomed the efforts from
research institutes developing new anti-spam technologies.

All in all, the results of the workshop and ENISA's upcoming deliverable
on provider security measures give a comprehensive overview about
current anti-spam best practice. However, during the workshop it raised
up that spam should be considered as a symptom of network abuse. Solving
spam therefore requires, next to current efforts, also approaches to
mitigate net abuse in general. As a consequence, ENISA will concentrate
next year on resilience as a main part of its Working Programme 2008 and
put forth efforts making network abuse more transparent to legal and
technical experts."

Thanks Pascal ;)

ENISA Quarterly Magazine Q4 2007

ENISA Quarterly Magazine is always good to read.. The 4th Quarter 2007 issue is now available online at ENISA’s website.
In this issue the focus is on Secure Software. Here is a quick sample of the articles you will find in this issue:

  • From the World of Security Experts
    • Cycles of Software Crises
    • The Whys and Hows of Assuring Secure Software
    • Technology Leaders Tackle Software Assurance
    • The 10 Most Common Sins of Software Developers
    • Security Skills of Software Developers
    • Leading the Way to More Secure Software
    • Providing Assurance for Security Software ? Insights into the Common Criteria
  • From our own Experts
    • ENISA Position Papers: Network and Information Security risks affecting Social Networks, Reputation Systems, and Botnets
    • Towards a European Information Sharing and Alerting System
  • Food for Thought
    • Stop using the Traffic Analogy for NIS!

inbox-outbox nov 2007

Μετά από πρόσκληση του ENISA παρακολούθησα την περασμένη βδομάδα (27-28 Νοεμβρίου) το inbox/outbox.

ENISA, the European Network and Information Society Agency, organises in the context of the Inbox Outbox event a workshop on anti-spam measures. The aim of the workshop is to bring together key European stakeholders to debate about the effectiveness of current and future anti-spam measures and their compatibility with existing privacy regulations.

More specifically the workshop will address filtering methods, emerging anti-spam approaches, spamming trends and privacy of users.Invited speakers represent the European Commission, regulators, ISP providers, anti-spam software vendors, research and privacy experts. ENISA will present during the workshop the findings of a recent study on security and anti-spam measures.

Πραγματικά πολύ ενδιαφέροντα θέματα, για τα οποία μπορείτε να κατεβάσετε τα presentations σε ηλεκτρονική μορφή. Το καλύτερο ήταν οι συζητήσεις μεταξύ των sessions βέβαια :)