Did GDPR increase spam and dodgy domains?Researchers at security firm Recorded Future have looked at whether GDPR increased spam volumes and domain registrations. Both were widely predicted by security researchers to increase as GDPR offered increased anonymity for bad actors to hide behind.

In their blog, Allan and Bruce Liska conclude: “It appears that in the very narrow category of mass spam there has not only not been an uptick in spam, spam has fallen slightly. In addition, spammers are not taking advantage of the potential new anonymity afforded by GDPR to register new domains as part of new spam campaigns, at least not in the gTLD space.”

The researchers relied on the Cisco Talos monthly email and spam data report. They also monitored how may domains were registered daily. Both show positive signs over the 90 day period covered by the study. Whether that will be true in the long term remains to be seen.

Spam, email and domain registrations in numbers

The blog delivers some interesting facts and figures. Many of these will surprise those outside of the security research industry. For example:

  • Cisco Talos recorded 358 billion emails in July. 85.23% were spam. Even when email volumes drop due to holidays and other factors, spam stay at around 85%.
  • In July 2018 spam was sent from 230 different countries. Brazil, United States and China are the biggest senders of spam with each accounting for 8.6%. The Russian Federation (8.3%), Poland (8.2%) and India (8.1%) are close behind.
  • Just 100 spam operations account for 80% of global spam. 6 of the top 10 are based in the US (Source: Spamhaus)
  • Pre GDPR, an average of 223,500 domains were registered each day. This has fallen to 213,300 since May 25.
  • The global Top Level Domains (gTLD) used by spammers include [.]men, [.]fun, [.]data and [.]yokohama. All saw domain registrations drop by around 50% after May 25.
  • Spammers appear to be moving to more mainstream gTLDs. [.]com domain registration has surged since May 25 from 50.91% of all domains registered to 54.97%.
  • Only 4.8% of [.]com domains send spam compared to 42.4% of [.] biz domains.

What does this mean

The cyber security industry warned repeatedly that GDPR would significantly hamper its efforts to track spam and other cyber-attacks. This was down to increased privacy protection that bad actors could exploit to hide the domains that they own and use. In terms of spam and domains to distribute it, this report suggests that those fears were overplayed.

However, it is important to recognise the limited remit of this research. It may be that spammers, took a seasonal holiday. We don’t really know. The researchers have promised to redo this report in 90 days to see if anything has changed.

For email administrators facing a constant deluge of spam, its ability to stay at 85% or more of all email traffic promises no respite at all.


Please enter your comment!
Please enter your name here