Spam Wars II: The spamees strike back!
Spam Wars II: The spamees strike back!
Jan 01. 2005: Meat products maker Hormel may be suffering a public relations drama of the worst kind, but forces are mustering against the scourge of spam. David Braue weighs up the fight against email's worst offenders.
Like every company, removalist giant WridgWays gets spam-a lot of it. In years past it wasn't a huge problem, but it quickly became one as spammers stepped up their nefarious spruiking of questionable medical remedies, cheap pirated software, get-rich schemes, and advertisements for porn sites.
These days, WridgWays' 200 employees receive around 10,000 spam emails and 14,000 or so virus-carrying messages every month. All are filtered and intercepted by NetIQ MailMarshal, the email filtering system that WridgWays installed two years ago when it realised the problem of email nasties was only getting worse.
Estimates of exact numbers of messages being spent are apocryphal at best, but email service provider MessageLabs claims its MessageLabs Anti-Spam email service found 9.2 billion spam messages among 12.6 billion scanned during 2004-suggesting that 73.2 percent of all emails are spam. By comparison, in 2002 spam made up just 9 percent of all emails sent.
Fortunately, the bulk of these emails are easily identified and filtered based on keywords or their origins in known spam-related domains. Viruses, too, are relatively easily caught and make up less of a threat in volume terms, with MessageLabs' Anti-Virus security service finding just 901 million virus-laden emails among 147 billion emails scanned during the year-a penetration rate of just 6.1 percent.
Undeterred by the increasingly sophisticated defences being erected against them, ever more devious spammers continue to figure out sneaky new ways of getting messages past both technological and human filters.
This includes using variable spellings such as 'v1ag*ra', the peppering of spam emails with unrelated random words that reduce messages' scores within filtering algorithms, and well-formed messages purporting to be from legitimate companies.
The rise in phishing, in which criminals try to extract personal details with which to steal money from unsuspecting victims, has been well documented. MessageLabs alone reports that the number of phishing emails it intercepted grew from 279 in September 2003 to more than 2 million in September 2004; more than 18 million phishing emails were picked up during 2004, and the problem continues to grow.
Over time, mutations in spam email structures ensure that anti-spam companies have their work cut out for them. However, there are encouraging signs that the technology is keeping up: after noting an increase in spam, WridgWays recently upgraded the system from version 5.5 to 6.0 and saw spam trapping improve significantly.
It was a move that information systems manager David Gault says "has moved us a step ahead of the game.
We've got someone here that might take half an hour in the morning to look through the mails. It's only a modest amount of time, and the way we've got it at the moment is very workable. We are winning."
Mounting the defences
That's a very positive assessment given the sheer volume and determination with which spammers are attacking the world's email systems. Jupiter Media Metrix, for one, predicts that 268 billion spams will be sent next year. Yet with filters working effectively, why would spammers bother trying to peddle their wares given the increasing smarts of filtering systems?
One word: money.
Even miniscule click-through rates-say 0.1 percent of recipients-can deliver large sums of money into the hands of spammers whose cost in sending millions of emails is nominal (it's estimated that a list of 10 million email addresses costs just US$300).
Amazingly, some people actually seem to like spam: a recent Forrester Research survey found that 22 percent of UK respondents had purchased pirated software after receiving spam.
Drive-by exploitation of unsecured wireless LANs, and the creation of false email identities from which to send emails by the millions, have put pressure on Internet service providers' networks and congested the Internet links of companies and individuals around the world.
With the Internet allowing unrestricted access to potential distribution points the world over, spammers have no lack of ways to spread their messages.
Yet while the physical act of sending emails might be basically free, the cost of spamming could soon rise in other ways. In the US, the CAN-SPAM act resulted in its first conviction in September, when a California man was convicted of war-driving and using unprotected wireless LAN hotspots to send pornographic spam. He faces a maximum of three years' imprisonment under the terms of the act, whose underutilisation has surprised many given the prevalence of spam in the US.
Other progress has been made by backing local laws with federal provisions against activities such as racketeering and money laundering. In December, a US federal judge awarded more than $US1 billion in damages against 300 spammers, in response to a lawsuit by a small 5000-member ISP whose network was used to send more than 10 million messages a day in 2000. The money may never be collected-the companies operating the spammers' domains cannot be located-but the verdict sends a strong statement confirming just how socially unacceptable spam has become.
Specific anti-spam legislation has bounced in and out of legislatures the world over, with Australia's Spam Act 2003 also showing promise. Australian Communications Authority (ACA) acting chairman Bob Horton claimed the threat of $1.1m a day in fines had pushed many of the worst offenders out of the country-noting that formal complaints about several major spammers had stopped after the act came into effect.
Industry associations are also lending their weight: the Anti Spam Technical Alliance (ASTA), for one, was formed in April 2003 to co-ordinate anti-spam efforts from ISP giants Microsoft, Yahoo, Earthlink and AOL. Last June, ASTA released a best-practice guide for filtering and sending email. In a similar vein, the US Federal Trade Commission in December released definitive rules about which mails are and aren't to be considered spam under the CAN-SPAM act.
Technology to the rescue
Legislation and supporting industry efforts will be largely symbolic, however, given the ongoing prevalence of spam and the long delays in preparing cases against spammers. In the more immediate term, technology will be the saviour for companies working to keep their email under control.
To smooth reporting of suspected spammers, in December the ACA joined forces with Pacific Internet to trial spam reporting software from local developer SpamMatters, which lets Outlook users forward suspected spam to the ACA with a single click. This technology, expected to become more widely available in the near future, will preserve evidentiary information to support anti-spammer claims in the future.
Other anti-spam technologies have had a somewhat harder time gaining acceptance. In an interesting war of attrition, Lycos Europe recently shut down a screensaver it created to bombard known spam domains with unsolicited email, after spammers redirected all incoming mail to the Lycos domain, and legislators expressed concern that fighting fire with fire might be illegal in this case.
More legitimate approaches have had similarly problematic outcomes: Microsoft's mooted CallerID for Email standard, which was merged with the competing Sender Permitted From (SPF) to create a new effort called Sender ID, saw such intense rancour amongst stakeholders that in September the Internet Engineering Task Force shut down the working group that had been charged with establishing industry consensus on Sender ID. Microsoft subsequently revised its implementation of the Sender ID standard, and the various stakeholders are now inching towards a compromise.
Given that spam volumes continue to increase while vendors bicker about Sender ID, it seems increasingly unlikely that spam can be eliminated altogether any time soon, as Bill Gates last January told the World Economic Forum would happen within two years.
Microsoft may have made progress-Gates claims its Hotmail service is filtering 95 percent of spam, or some 3 billion messages a day-yet in the world at large, spam volumes continue to increase.
The value of common sense
Filtering software may be the best defence for now, but it has its own problems: a recent study by email marketing analysis Return Path found, for example, that nearly 19 percent of emails sent by its customers during the second half of 2003, never reached their recipients. This was 3.7 percent more than the figure a year earlier, an increase likely attributable to increasingly aggressive anti-spam technology.
WridgWays' Gault has seen similar problems, noting that many legitimate incoming and outbound emails have been flagged and quarantined by well-meaning filtering software. When an email might contain an invitation to quote on a $20,000 job, Gault points out, this can present serious problems for the business. The answer lies in paying careful attention to just what is causing the flags to be raised.
In one case, for example, a WridgWays customer's mails were being flagged just because the sender had added large red text to their email signature. "Legitimate companies are tending to get a bit fancier with their emails," says Gault. "There's just as much risk of legitimate emails getting sidelined as spam, as the other way."
Whether filtering vendors can ever eliminate spam altogether will remain to be seen, but Peter Croft, Asia-Pacific managing director with email filtering vendor Clearswift, believes improving filtering efficiency may simply make spamming too unprofitable for spammers to continue. Advertisers, he believes, will stop paying spammers to distribute their messages if those messages just aren't resulting in hits.
"The market will speak here," says Croft. "People want to have a spam-free environment and they're willing to pay for that, so there's an incentive for companies like ours to create better technology. As engines like ours get better and it becomes obvious that the vast amount of spam will be blocked anyway, more thought will have to go into how to get around the engines. This means the upfront cost of spam will be higher, and that people wanting to create it will need a better yield to justify it. It will get to the point where it just won't make economic sense to try and advertise through spam."
Related Article: