Zero spam is no longer a distant dream. If we treat e-mail just as a medium of communication, and follow some discipline, then this mission is achievable. If you are thinking of the CAN-SPAM act as the reason behind this possibility, you are completely off the mark. It's spam filters that are working wonders.

Thanks to the Spam filtering technology that has become more and more sophisticated over the past year, your mailboxes can now hope to become spam-free. Spammers have not suddenly vanished or stopped operating, but the technology is certainly catching up with them.

The importance of filtering out spam mail is growing every day as the percentage of spam mails is increasing and crossed the 50% mark long ago. Over 65% of all Internet email is said to be spam today. Spam is no more restricted to unsolicited e-mail marketing messages. Millions of fraudulent e-mail messages are also being targeted at unsuspecting e-mail users around the world.

Spam filtering to the rescue
The only hope for the e-mail users is spam-filtering technology, backed by human intelligence. I said 'Human Intelligence' because just pure technology cannot fight intelligent spammers. One must admit that the spam­mers also are intelligent humans!

The point I am trying to stress is important for corporate email administrators and solutions providers to note. I have seen many instances of IT policies of corporate e-mail users missing this point.

IT policies adopted under internal pressures leave a lot of holes in the IT infrastructure. What is required is an integrated and well-planned approach towards three different aspects of this infrastructure, namely Inter­net access, spam control and virus control. These are over­­lap­ping issues and should not be tackled in isolation.

An integra­ted approach towards IT policies only can save us from getting affected by viruses, spam and other types of malicious attacks. Moreover, a passive implementation of solutions like anti-virus, firewalls and anti-spam filters will not work like magic either. These are just tools powered by technology. We must use them intelligently and effectively to make them work for us.

One must also remember that corporate email is and should be used just as a medium of corporate communications and nothing more. The IT policies should be set as such and strictly followed. Employees submitting the office email address on various entertainments and other types of websites can open the floodgates of spam mail.

Safeguarding email identities
Even otherwise, the Spam mail starts flooding some typical corporate mailboxes sooner or later after you register your domain and start using e-mail addresses such as sales@mydomain.com, purchase@mydomain.com, info@mydomain.com etc.

Ever wondered how spammers got your e-mail addresses in the first place? No awards for gues­sing! These are very common e-mail IDs that will be set up on almost every corporate domain name and the list of domain names on the Internet is not a top-secret list. Spammers have automated the process of harvesting the lists of domain names on the Internet and they can create mailing lists by adding all possible IDs to the domain names.

Secondly, there are programs for harvesting e-mail addresses form the web pages, which run 365x24x7 on servers used to generate the Spam lists. Like Google and Yahoo! can search on the web and index all the web pages available on the Internet, Spam list generators can search all the web pages on the Internet and just pick up all the e-mail addresses appearing on those web pages.

Succumbing to Spam

A survey made in the US unfolded surprising statistics about email users behavior on spam mails

31% of respondents have clicked on embedded links within spam (not including the unsubscribe link). Have you ever cliked on a link within a Spam Message (other than unsubscribe)? Clicking on embedded links in spam messages helps spammers determine 'live' email accounts, which encourages repeated spam attacks. To compound the problem, when an active account within a specific email domain is identified, organizations become more exposed to other attacks, like directory harvests or phishing scams. Even worse, by clicking on embedded links users can be exposed to viruses or other malicious code that can quickly spread throughout an organization, potentially infect outside business partners or customers, or even destroy critical data and create service outages.

18% of respondents have tried to unsubscribe to spam using the 'unsubscribe' link in the email. Have you tried to use the 'unsubscribe' link in the email? Much like clicking on links embedded within spam messages, many spammers exploit the unsubscribe link to identify active email accounts. Once individual email addresses or entire domains are found to be active, the likelihood of follow-on spam or other security attacks increases dramatically.

Over 10% of respondents have purchased products advertised in spam. Have you ever purchased a product or service as a result of Spam? With the near-zero cost of sending out huge volumes of spam messages combined with the low business barriers to entry, the fact that more than one in ten email users are purchasing products advertised in spam is clearly continuing to drive the economics of the spam industry.

Source: Radicati Group & Mirapoint survery, March 2005

While you can't do anything about the spam lists generated by guesswork, you can certainly avoid your e-mail addresses from getting into the Spam lists by not putting them on the web pages. There are scripts available for creating an e-mail link on the web page without exposing your e-mail ID to the Spammers' robots. This can minimize the Spam attacks.

Select the right spam filter
Spam filters are available in various shapes and sizes from those that can be applied to individual mailboxes to those that can be applied to your entire corporate mail sever. The lower the cost of an anti-spam solution, the more work you have to put in from your side like setting up filtering rules and collecting spam reports from all the employees. Although many anti-Spam solutions claim to work right out of the box, they actually offload much of the Spam-fighting burden on administrators and end users.

A variety of filtering techniques are constantly evaluated and updated. Some prominent techniques that are used are listed below:

Reputation filtering: This is a filtering technique that examines the quality or reputation of the sending source or mail server.
Heuristics: Heuristic filters analyze the header, body, and envelope information for incoming messages, checking for the presence of distinct Spam
characteristics.
Header filters: This is a regular expression-based filtering that exploits commonalities or trends present in Spam messages.
URL filters: Continually evolving URL-based filtering technologies aim to reverse Spammers' new methods of URL masking techniques.
Custom filters: Customization tools allow administrators at the user level to fine tune and be more aggressive in targeting unwanted mail.

These technologies, backed by a comprehensive Spam analysis infrastructure, enable some solutions to provide an accuracy rate of over 99%. Zero spam can finally become a reality.

Ashok Dongre is an independent consultant and can be reached at dongre@usa.net

Page(s)   1