QuickStudy: Fighting Spam

Listen to the Computerworld TechCast: Fighting Spam

Every day most of us get e-mail offering to sell us drugs (especially Viagra), vacations, ways to enlarge specific parts of our bodies, get-rich-quick schemes, cable-television descramblers, lower mortgage rates and Internet-based pornography. I don't want it, and neither do you. Spam has become a serious and growing problem for Internet users, affecting individuals and corporations alike.

Spam costs its recipients money. David Ferris, president of San Francisco-based Ferris Research, estimates that spam and efforts to combat it cost U.S. companies $8.9 billion in 2002.

More

Computerworld
QuickStudies

In a December 2002 report, Gartner Inc. analyst Joyce Graff predicted that "by 2004, unless an enterprise takes defensive action, more than 50% of its message traffic will be spam." Ferris analyst Marten Nelson pegs the volume of spam at 20% to 30% of corporate traffic and 40% to 50% of Internet service provider traffic. Nelson says that CIOs and corporate messaging managers should consider three major elements in determining the impact of spam.

"First, you need to look at the costs associated with loss of user productivity, then the cost to the messaging infrastructure and finally the cost to your help desk in dealing with user complaints," he says.

Strategies

There are dozens of products and services available to help block spam. They use the following basic techniques:

Blacklist the sender. Get a list of spammers' addresses and block any e-mail from those addresses. This can't block spam from new addresses, however, so there's a constant race between the spammers and the spam-fighters. At times, the blockers get too eager and may shut off all mail from a specific domain name, blocking legitimate messages from nonspamming users.

"Whitelist" the sender. The opposite approach is to accept e-mail only from a list of approved addresses. This is highly effective but not terribly practical, especially for business users who want to hear from new customers.

Look for telltale signs. Spam messages tend to have a lot of features in common. According to CipherTrust Inc., some of the more common elements found in the subject lines of spam are "$," "!," "999," "Credit," "Earn," "FREE," "Free," "Get," "Lose" and "Money."

Keep score. Much antispam software relies on analyzing message IDs, formats and other traits, assigning values to each identified feature and adding up a numerical score for new messages. If the score exceeds a specified limit, it's considered spam and is blocked. Unfortunately, this approach delivers a lot of false positives, rejecting mail that isn't spam.

Learn as you go. The most promising approach seems to be Bayesian filtering, which is based on statistical analysis. With this method, you train the software by classifying mail as spam or nonspam. Based on your classifications, the software analyzes new messages and determines the probability that they may be spam. Bayesian programs continually learn, and if a spam message slips through, you tell the program and it becomes smarter.

Tips for Avoiding Spam

There are ways you can fight spam in addition to software tools, including the following:

• Don't opt out. Your opt-out or "unsubscribe" reply merely confirms your valid e-mail address and is likely to get you more, not less, spam.

• Stop giving away your address. In March 2003, the Washington-based Center for Democracy and Technology reported on research into where spammers get their addresses. The overwhelming source (97%) was public Web sites. In fact, every single normal address they posted on a Web site received some spam. They also obscured some addresses by making them look like running text (joe@mycompany.com becomes "joe at mycompany dot com") or by converting them to HTML (Joe's address now reads joe@mycompany.com). Obscured addresses got no spam at all.

Counterattack the spammers. Alan Ralsky, who has been previously convicted of fraud, is possibly the world's premier spammer, sending out upward of a billion e-mails a day. After Slashdot.com publicized a Detroit Free Press article on Ralsky and listed his home address, the antispam community signed him up for numerous ad campaigns and multiple mailing lists. Ralsky has since been inundated with truckloads of brochures, ads and catalogs, all delivered by the U.S. Postal Service to his brand-new $740,000 home in West Bloomfield, Mich. Ralsky, unamused, considers this harassment.

The Bottom Line

Spam seems here to stay. It's too easy, too cost-effective and too cheap to kill entirely. But we can take effective measures to block most of it.

"Yes, it's a cat-and-mouse game between the spammers and the antispam vendors, but I believe the antispam vendors will win," says Ferris Research's Nelson. "In the next five years or so, we will look at the spam problem much as we look at viruses today. It used to be a serious problem, but now it's fairly well under control."

Kay is a Computerworld contributing writer in Worcester, Mass. You can contact him at russkay@charter.net.

1pixclear.gif
The Economics Of Spam

PRINTED DIRECT MAIL

Cost: 25 cents per piece or more

Response rate: 3% or less

Cost per response: $8 or more

SPAM E-MAIL

Cost: one hundredth of a cent or less

Response rate: .25% or less

Cost per response: 4 cents or less

See additional Computerworld QuickStudies

Related:

Copyright © 2003 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon