Filtering Spam

Can We Really Put The Lid Back On The Can By Finding A Long-Term Solution To This Seemingly Never Ending Problem?

Spam. It seems to trickle through each roadblock set up for it, while taking over e-mail at such a rapid pace that those in the industry believe it could ruin this form of communication all together. Individuals will lose 15 hours trying to delete spam from their computers in 2003, up from 2.2 hours the previous year, according to Ferris Research.

But since the explosion of spam, many have scrambled to find a solution to it. There have been a few suggestions on how to stop this never-ending supply of junk, but nothing has proven to be 100 percent effective — a nearly impossible task since a new spam message or technique is created every one to three days.

So what is keeping this annoyance from costing businesses anymore than they are already putting out? Spam filters are, by searching for:

• Common words or phrases that usually accompany spam, such as “free”, “sex”, etc.
• Excessive use of capital letters, underlining, font sizes and colors
• Overuse of exclamation points!!!
• A large quantity of recipients (the message is usually bounced back stating that there are too many people on the list)

Then, a message is designated as spam after:

• The subject line, “from” address, “reply to” address, and body of the e-mail are scanned
• A point system determines the probability of spam — marking and blocking those messages that have more than one “spam” phrase included

After messages have gone through a filter, they are usually either placed into a folder until they can be read, or automatically deleted.

A major glitch in spam filtering software is a “false positive” — an important message labeled as junk by the filter and undeliverable to the inbox. Individuals usually experience them five percent of the time, while businesses typically encounter them 15 times out of 100. This is the very reason why many are currently turning to the challenge-response system (CRS).

The CRS sends out a confirmation asking the sender to type what they see on the screen into the box provided, click on a link, or some other task for any e-mails that are delivered. Once the information has been inputted, the sender has verified that he or she is not spamming and the messages are delivered. Since a computer automatically sends about 99 percent of spam, it cannot respond to these challenges. And if spammers are the ones who sent the messages, the majority will not spend their days responding to the thousands of inquiries.

There is a downside, however. Most spam has falsified “from” addresses, but CRS assumes that the “from” line is genuine. Unsuspecting individuals often receive thousands of bounce-backs because of this.

Spam Filtering Products

There are about 30 companies devoted strictly to providing spam-filtering services to those who use e-mail, according to Radicati Group Inc. In 2003, consumers are spending $653 million on anti-spam software, but this amount is expected to rise to $2.4 billion by 2007 — almost four times the current level.

Here are some of the companies who have already made an impact on the industry:

Brightmail

Brightmail is the leader in spam filtering technology, and with a false positive rate of one in one million messages, it is clear why it is a high performance solution. Both software and human interaction work together to evaluate and block spam, viruses and other messages at the gateway. They even come right to the business door to install it, to ensure the highest level of security.

Brightmail has seen spam grow from eight percent in January 2001 to 45 percent in the same month this year. In June 2003, over 60 billion e-mail messages were filtered. The company believes that by September 2003, spam will account for over 50 percent of all e-mails. It’s no wonder this is the spam filter used by companies such as MSN, EarthLink, Sympatico, Verizon Online, and others to protect their networks.

ActiveState

Over 70 percent of the Fortune 500 companies depend on ActiveState’s technology, including 3COM, Compaq, Honda, Microsoft and Motorola. The company’s Pure Message software protects e-mail users against spam and viruses by catching 98 percent of them. Users have the option of reviewing the messages that were blocked or allowing an automated server to quarantine it. The security protection is so advanced that spammers cannot use a company’s server to send out their junk.

ActiveState uses certain techniques to be sure that spam and other potentially harmful e-mails do not reach a user’s computer:

• Pattern Matching: thousands of algorithms are scanned over each e-mail and assigned a probability rating — the patterns are updated frequently
• Spam Definitions: by identifying words that are often used in spam, ActiveState is able to recognize when more than one of the same messages is moving through the system (like chain letters and hoaxes) — updated regularly
• Real Time Blackhole List: the IP address of all incoming mail is compared against this list — if there’s a match, the e-mail is rejected
• Whitelists: for situations where administrators wish to allow newsletters or marketing information to pass through, they can
• Heuristic Analysis: each message is weighed against a point system, in an effort to reduce the number of false positives; total probability marks the overall score; can be customized

SpamAssassin

This spam-filtering company checks spam via its own testing requirements. SpamAssassin is popular because there is no need to update it with new e-mail accounts and there is very little configuration involved. The methods used to filter spam include:

• Text Analysis: body text is analyzed because spam generally has its own style and characteristics
• Header Analysis: spammers often make the recipient think that he or she has signed up for this information in the past, or will make it appear as though the e-mail is coming from a legitimate source
• Blacklists: uses current lists to be sure that the mail is not coming from any previously spotted spam sources

Symantec

Symantec is developing all of its anti-spam software in-house. In March 2003, it announced blacklisting within its anti-virus program. Known spammers can be blocked, e-mail relays are recognizable and a whitelist allows trustworthy sources to come in.

Cloudmark

This was the first (and largest) spam fighting community in the world. Having been in operation since 1998 (under a previous name of Vipul’s Razor), Cloudmark’s aim is to stop spam before it starts costing its clients money. Everyone who is a member of Cloudmark is known as a “SpamFighter” because they not only protect their own computers, but stop spam from entering the inbox of its 500,000 other members. When a user marks a message as spam the information is immediately updated in the database so that no one else is affected.

Sendmail Inc.

Sendmail Inc. has been building secure e-mail systems since 1998. Seven of the Fortune 10 use Sendmail Inc.’s products, as well as more than 6,000 commercial customers such as First USA, Pfizer, Lowes, L.L. Bean, Sprint and UPS.

The company recognizes that everyone has a different definition of spam, so Sendmail Inc. recommends that companies begin by researching, categorizing and analyzing the types of e-mails received at their place of business. This makes it easier to set the preferences.

In early June 2003, the company started shipping its Advanced Anti-Spam Filter, which blocks spam according to preferences chosen by the individual, and has the ability to block out offensive language, sexually explicit content and hate mail. The software was trained to recognize spam (after sorting through tens of thousands of pieces of e-mail) by checking the entire message (headers, subject line, body text). The software is also familiar with over 200 attachments.

Sendmail stops all harvesting attacks, and any spammer who tries to use the recipient’s domain name because they believe it will be “whitelisted” will be foiled since the origin of the message is constantly checked.