Project Honeypot just published a report of their experience in processing 1 billion spam messages. Highlights for the impatient:
For the past 5 years, spam "bots have grown at a compound annual growth rate of more than 378%. In other words, the number of bots has nearly quadrupled ever year."
The top 5 countries which host bots are: China (11.4%), Brazil (9.2%), United States (7.5%), Turkey (6.3%), and Germany (6.0%).
Top 5 countries with the best ratio of security professionals to spam sources: Finland, Canada, Belgium, Australia (yay!), and the Netherlands.
The corresponding bottom 5: China, Azerbaijan, South Korea, Colombia, and Macedonia.
Top Spam harvesting countries: United States, Spain, the Netherlands, United Arab Emirates, and Hong Kong.
- Fraud is rising as a cause for spamming:
On the other hand "Fraud" spammers -- those committing phishing or so-called "419" advanced fee scams -- tend to send to and discard harvested addresses almost immediately. The increased average speed of spammers appears to be mostly attributable to the rise in spam as a vehicle for fraud rather than an increasing efficiency among traditional product spammers.
As an anecdote to reinforce this, on one site i administer, i set up a dedicated subdomain which was purely designed to catch spam. I placed some addresses in that domain on a web page, and within 1 day they had been harvested and 1 spam had been sent to each email address. No email to that subdomain has been seen since.
Check out Project Honeynet's full analysis.