GDPR hasn't sparked rise in spam - so far
Report reveals spam is still a problem, although number of junk emails is down
The arrival of the General Data Protection Regulation (GDPR) has not caused spam to increase, despite experts predicting otherwise following the introduction of the EU law, research by Recorded Future has revealed.
Before the new data regulations were introduced at the end of May, privacy commentators predicted that spam may rise as security researchers wouldn't be able to use WHOIS information they had previously turned to in order to find, name and shame culprits.
Although the number of spam emails sent out has reduced since GDPR was introduced, according to email tracking service Cisco Talos, spam accounted for 85.14% of all emails - a slight decrease compared to the beginning of May when 85.28% of all emails were flagged as spam.
Spammers often register lots of domains in order to send their unwanted emails to lots of recipients, but Recorded Future added that the number of domain registrations have also fallen, suggesting those wanting the bend the rules are either waiting for the GDPR dust to settle or are seeking other ways to send unsolicited communications.
Another hypothesis is that spammers are instead using Top Level Domain (TLD) registrations to run their campaigns. But these seem to have dropped too, with the most commonly abused TLDs dropping as a total percentage of all registered domain names. Although TLDs increased as a percentage of total new domain registrations in the period after GDPR, these don't seem to have been put to work as spam masks just yet.
"ICANN's response to GDPR has effectively granted default anonymity to domain registrants," explained Tim Chen, CEO of DomainTools. "While it is heartening that, over the first 90 days, we're not seeing a spike in spam, it is important to evaluate the full spectrum of cybercrime, cyber espionage and generally bad behavior online before concluding this new law does not impact internet security."