Ivo Dijkhuis

Spam Over IPv6 - Eight Years Later

Ivo Dijkhuis
2

A long time ago we published an article on the amount of spam we receive over IPv6. Now, eight years later, we were curious to see if the spam landscape has changed.


We used the same methodology as eight years ago, as documented in this RIPE Labs article: "Spam over IPv6". Additionally we need to mention that emails sent from within our own infrastructure were (obviously) ignored.

As it is hard to (automatically) decide what is spam, we've decided to count all emails with a SpamAssassin score of five or higher as spam. This seems to be a widely used default setting for spam detection using SpamAssassin.

The previous article evaluated one week's worth of data. For this article we decided to expand the scope to one whole year (2017). We aimed to have more accurate results.

Figure 1: Total number of emails received in 2017 (%)

We noticed that in the last eight years the number of emails we've received over IPv6 has dropped from 14% to 11.2%. The reason behind this is unclear to us. It might have to do with the sample from 2010 only covering one week's worth of data.

When we look into the trend over the whole year (2017), the amount of emails received over IPv6 looks quite stable.

 

 Figure 2: Number of emails received over IPv4 (blue) and IPv6 (red)

We see that there are some spikes, especially for emails received over IPv4. The graphs above also include received spam messages over IPv4 and IPv6. Let's have a look at some spam statistics.

 

Figure 3: Number of spam emails received in 2017 over IPv4 (blue) and IPv6 (red)

The spikes in the amount of received spam emails are rather similar to the total amount of received emails, suggesting that these spikes could be caused by spam. However, when normalising the data by removing the spam emails from the total amount, the trend displayed in the graph doesn't change significantly. What stands out is the rather stable number of non-spam emails we receive over IPv6.

Figure 4: Number of emails - normalised 

We observed that there is still a significantly higher number of IPv4 spam emails, compared to IPv6.

Figure 5: Total number of spam emails received in 2017 (%)

 

Conclusion

In 2010, we observed that 1.89% of all spam emails were received over IPv6. The number has now gone up to 3.4% of the total. This is an increase of more than 55%, although the numbers are still relatively low compared to the amount of spam we receive over IPv4.

Some protocol specific statistics:

  • Of all emails received over IPv4 in 2017, 20.6% was considered spam, which is considerably less than the 31% of IPv4 spam in 2010.
  • Of all emails received over IPv6 in 2017, 5.7% was considered spam, which is slightly more than the 3.5% of IPv6 spam in 2010.

We have not investigated the (potential) reasons for these changes. It is our aim to publish these spam statistics more frequently from now on. 

2

You may also like

View more

About the author

Ivo Dijkhuis Based in Amsterdam

I am the information security officer of the RIPE NCC since 2009. Before that, I've worked for more than a decade for several Internet related companies in various technical and security related roles. I'm interested in all aspects of information security, especially in privacy topics, incident response, intrusion detection, penetration testing, digital forensics. Love to do 'hacking' and digital forensic challenges.

Comments 2