Has the Spam War Been Won?

I would argue that your declaration of victory is premature, but not for the obvious reason that spam in the inbox has been reduced. In that respect, spam in my inbox (and my spam folder as well) has gone way down in recent years and that is welcome.

However, two problems remain. First and foremost, there is still the problem of false positives. I still have to check my spam folder because the filters will occasionally falsely flag a legitimate email. Once I do find a desired email, I can flag it as non-spam to teach the filter and add the sender to a white list, but that is reactive. If you're receiving hundreds of spam emails a day, as you wrote, I imagine more than a few false positives slip by you.

Additionally, as an entrepreneur, sending email from a new company like mine that hasn't established itself with the many filters out there to be very time consuming and inefficient. If there was a proactive way for a legitimate sender to register itself and either post a bond or pay e-postage, I think that would clean up a lot of email inboxes. I know e-postage proposals haven't gotten very far in the past, but if the spam response rate is now down to 0.00001% then the postage can be a lot lower as well.

The second reason we can't declare victory just yet is the very fact that the spammers and their resources, both botnets and humans, remain alive and well. If email spam continues to become less and less profitable then they will simply send spam in other forms such as on Twitter, Facebook, etc. Individual computers continue to get infected and people still foolishly click on requests from Nigerian princes. Unfortunately, we have to continue to apply technological fixes to our networks and teach people not to be so gullible.

Believe me, I wish me could declare victory, but we're not there yet.

If the spammers have lost, no one has told them. My gmail spam box is still filled with thousands of filtered messages. I've heard statistics quoted saying that over 95% of email sent is spam and it's still increasing.

Clearly, enough people respond to the few messages that slip through the filters to make it worthwhile for the spammers to continue their onslaught. The war is still on and the spammers are still winning.

Take a look at this:
http://freakonomics.blogs.nytimes.com/2009/12/21/where-has-all-the-viagra-spam-gone/

and:
http://www.secureworks.com/research/blog/index.php/2010/02/10/spam-and-the-changing-business-model-of-cyber-criminal/

What about the problem of messages that do not reach the recipient? Spam control is sometimes done by just rejecting messages, keeping them from arriving at their intended destination. The recipient has no knowledge that this was done (and the sender may also be uninformed). Looking at one's junk folder will not uncover false positives that were never received. [Examples: Sites that reject all email that contains a clickable URL. Sites that reject all email that contains an .exe or .zip file attachment. Sites that reject email based on "content." Sites that reject all email from certain IP numbers.]