2009: Spam's Share of Email: From 5% to 85% and Back Down

By The EmailCloud Team |
2009 Spam History

There’s a chart that every email security professional knows by heart. It starts low on the left, rises with the steady inevitability of a fever chart, peaks at a truly absurd number, and then — against all expectations — actually comes back down. It’s the chart of spam as a percentage of all email, and it tells the story of how junk nearly killed electronic mail.

The Early Years: A Trickle

In 1998, when most people were still getting used to the idea of having an email address, spam accounted for an estimated 5-7% of all email traffic. It was annoying, sure, but manageable. Your inbox might contain a few dubious messages among dozens of real ones. You could delete them by hand and get on with your day.

The numbers were deceptive, though. While the percentage was small, the absolute volume was growing explosively. The internet’s user base was doubling every year, and spammers were scaling faster than legitimate email senders. The fuse was lit.

The Climb: 2000-2006

By 2001, spam had crossed 20% of all email. By 2003, it passed 50% — meaning more than half of all email on the planet was junk. That year, the U.S. Congress passed the CAN-SPAM Act, the first major federal legislation targeting commercial email abuse. The law was well-intentioned but widely criticized for being too weak. Critics called it the “You CAN Spam Act” because it technically legalized certain types of bulk email as long as senders included an opt-out mechanism and a physical mailing address.

The law did not stem the tide. By 2004, spam reached 65%. By 2006, it was over 70%. Major email providers were spending hundreds of millions of dollars on filtering infrastructure. For every spam message that reached a user’s inbox, dozens more were caught and discarded by filters — but the deluge was so enormous that enough got through to remain a daily irritation.

The Crisis: 2007-2009

The years 2007 through 2009 were the worst in email history. Massive botnets — Rustock, Cutwail, Grum, Mega-D, Srizbi — were operating at industrial scale, collectively capable of sending hundreds of billions of spam messages per day. Let that number settle in: hundreds of billions, per day.

Symantec’s annual Internet Security Threat Report for 2009 recorded spam peaking at approximately 85% of all email traffic. Other security firms reported similar figures, with some putting the peak as high as 88-90% depending on the measurement methodology.

At 85%, the ratio was stark: for every legitimate email sent, roughly 5.7 spam messages were sent. The global email infrastructure — the servers, the bandwidth, the storage — was being consumed primarily by messages that nobody wanted. Email, the internet’s most essential communication tool, was drowning in its own effluent.

The Turning Point: Botnet Takedowns

The decline began not with better filters (though those helped) but with the systematic destruction of the botnets that generated the spam.

In November 2008, the McColo takedown was a watershed moment. McColo was a San Jose-based hosting provider that served as a command-and-control hub for several major botnets. When upstream providers severed McColo’s internet connections on November 11, 2008, global spam volumes dropped by an estimated 50-75% overnight. The drop was temporary — the botnets rebuilt their command infrastructure within weeks — but it proved that targeted action against infrastructure could have dramatic effects.

The bigger blow came on March 17, 2011, when Microsoft’s Digital Crimes Unit, working with federal law enforcement, executed “Operation b107” to take down the Rustock botnet. Rustock had been the largest spam botnet in the world, controlling approximately 1.1 million compromised computers and sending an estimated 44 billion messages per day — roughly 40% of all spam worldwide.

When Rustock went dark, it didn’t come back. Global spam volumes dropped by approximately 30% and stayed down. Other takedowns followed: Grum fell in July 2012, and several smaller botnets were dismantled through a combination of law enforcement, security company coordination, and legal action.

The Numbers Come Down

After the Rustock takedown, spam’s share of email traffic began a sustained decline. The numbers tell the story:

  • 2009: ~85% (peak)
  • 2010: ~78%
  • 2011: ~70% (post-Rustock)
  • 2012: ~65%
  • 2014: ~60%
  • 2016: ~55%
  • 2018: ~50%
  • 2020: ~47%
  • 2024: ~45%

The decline wasn’t just about botnets disappearing. Several reinforcing factors contributed:

Gmail’s market dominance meant that Google’s spam filters — arguably the most sophisticated ever built — were protecting a growing majority of the world’s email users. When Gmail reports blocking 99.9% of spam, and Gmail has over 1.8 billion users, that’s a lot of spam that never reaches anyone.

Authentication adoption accelerated. SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) made it progressively harder to forge sender addresses. By 2024, major providers including Google and Yahoo began requiring DMARC compliance for bulk senders, effectively raising the bar for entry into the inbox.

Economic disruption of the spam business model — crackdowns on rogue payment processors, takedowns of pharmaceutical affiliate programs, and criminal prosecution of high-profile spammers — reduced the financial incentive.

Still 45%

It’s worth sitting with the current number for a moment: roughly 45% of all email sent today is still spam. That’s nearly half. In absolute terms, with approximately 350 billion emails sent daily, that means roughly 160 billion spam messages are sent every single day.

The reason the problem feels smaller than those numbers suggest is that modern filtering is extraordinarily effective. Most users see fewer than 1% of spam messages that target them. The spam still exists in vast quantities — it’s just caught and discarded before it reaches inboxes.

This creates a paradox for legitimate email marketers. The filters that protect users from spam also scrutinize legitimate email, and the threshold for getting flagged is lower than ever. Using certain trigger words, sending from unverified domains, or failing to follow authentication best practices can land perfectly legitimate messages in the spam folder alongside the junk.

For marketers, the lesson from spam’s history is clear: the infrastructure built to stop the flood of junk email doesn’t distinguish based on intent — it judges based on signals. Make sure yours are clean. Our Spam Word Checker and Subject Line Grader can help you stay on the right side of those filters.

Spam's Share of Email: From 5% to 85% and Back Down — Email History Timeline 2009

View on the Email History Timeline →

Infographic

Share this visual summary. Right-click to save.

Spam's Share of Email: From 5% to 85% and Back Down — visual summary and key facts infographic

Related Events

2005

The Economics of Spam: Why Junk Email Is Still Profitable

 2003

The Day AOL Accidentally Became the Biggest Spammer

 2002

Paul Graham's Bayesian Spam Filter: The Essay That Changed Everything

 2001

SpamAssassin: The Open-Source War on Junk Email

Frequently Asked Questions

What percentage of email is spam today?

As of recent years, spam accounts for roughly 45-48% of all email traffic globally, according to data from Statista and email security firms. This is a significant decline from the 2009 peak of approximately 85%.

When did spam reach its peak?

Spam hit its all-time high of approximately 85% of all email traffic in mid-2009, according to data from security firms including Symantec and Kaspersky. The Rustock, Cutwail, and other major botnets were operating at full capacity during this period.

Why has the spam percentage declined?

Major botnet takedowns (especially Rustock in 2011), better filtering by Gmail and other providers, email authentication protocols (SPF, DKIM, DMARC), law enforcement actions, and payment processing crackdowns all contributed to the decline.