Global spam volumes have decreased by a third, according to the latest MessageLabs Intelligence monthly report.
MessageLabs concludes that the decrease comes after the dismantling of Rustock, one of the most stubborn and technically sophisticated botnets on the malware landscape.
The firm said, however, that web-based malware is still on the increase in Hong Kong and mainland China.
Spamming is a challenging issue for web users, and last year Rustock was responsible for as much as 47.5 per cent of all spam. EBA claims that in 2010, Rustock sent about 44.1 billion spam emails each day.
But this decrease does not mean an increase in web security as, according to Symantec representative Harry Pun, other botnets have stepped up their activities to take advantage of the gap in the market created by the Rustock takedown.
"Since the end of 2010, the Bagle botnet has been more active, sending approximately 8.31 billion spam emails each day, the majority of which linked to pharmaceutical products," said Pun.
"While Bagle may not have as many bots under its control or have spikes of traffic as large and dominating as Rustock, its output has been more consistent. In the wake of Rustock's demise, Bagle has already taken over from Rustock as the most active spam-sending botnet in 2011."
The web is not a safe place but emails are getting safer, says MessageLabs Intelligence, which also points to a March 2011 report indicating that an average of 2,973 websites each day harbour malware and other unwanted programs, including spyware and adware.
About 37 per cent of all malicious domains blocked were new in March. Also, 24.5 per cent of all web-based malware blocked was new in this month.
The advertisements and popups category accounted for 47.5 per cent of blocked web activity for businesses, and social networking accounted for 14 per cent of URL-based filtering activity blocked in March.
"Many organisations allow access to social networking web sites, but facilitate access logging so that usage patterns can be tracked and in some cases implement policies to only permit access at certain times of the day and block access at all other times," Pun added.
"This information is often used to address performance management issues, perhaps in the event of lost productivity due to social networking abuse."