Security

Vendors Slowing Flow of Spam

Each morning, users open their e-mail boxes and discover solicitations for low-rate mortgages, prescription drugs, weight-loss programs, pornography and shady business transactions. Sorting through legitimate and illegitimate messages is a frustrating and time-consuming process.

After years of unsuccessfully trying to reduce the volume of spam generated, vendors are finally seeing signs of progress. While they acknowledge that they will never be able to completely eliminate spam, they seem poised to at least slow its growth.

Numbers Look Promising

As the year closed, America Online proclaimed that 2004 was a banner year in fighting spam: It was the first year since 1999 that the company was able to slow the influx of spam according to several internal measures. The number of spam messages blocked by AOL before they reach users’ mail boxes declined from 2.4 billion per day in 2003 to 1.2 billion per day in 2004.

The volume of mail flagged as spam and diverted to AOL members’ Spam folders — where they can determine if it is a communication that they want to read — dropped from 100 million per day in November 2003 to 40 million per day one year later.

In November 2003, users sent almost 11 million spam reports every day to AOL, and that figure declined to about 2.2 million spam reports in November 2004. AOL noted that the average number of messages that individuals attempted to send AOL users each day dropped from 2.1 billion in November 2003 to 1.6 billion in November 2004, which could indicate that spammers are moving into other lines of work.

Several factors may be behind the recent changes. Internet service providers (ISPs) like AOL, as well as companies focused on network security, have been working diligently to improve their spam filtering tools, products that identify and block spam before it reaches users’ desktops. Two techniques are now widely used to block unwanted messages.

Keeping a List

The first, called listing, examines the origin of mail messages. After monitoring incoming e-mail, ISPs develop two lists (a “whitelist” and a “blacklist”) and two different routing actions based on the lists. A whitelist is a collection of senders whose correspondences should always pass through the network without being checked. Blacklists, which are reserved for spammers, are the opposite: Everything sent is considered spam and is therefore blocked.

Content filtering has been the other technique used to block spam. Bayesian filters are the most popular content filter. They examine transmissions and then assign statistical probabilities about the likelihood that a message is spam.

The probabilities are based on items in the content, for instance a message with the word Viagra will result in a higher rating than one without it. As they pass through filters, messages are assigned a ranking from 1 to 99 — the higher the number, the more likely a message is spam. A network operator then selects possible actions based on the ratings. If a message scores a ranking of 97 or higher, then it could be blocked.

At thresholds of 85 to 96, a note saying “This may be Spam” could be added to the subject line as the message is relayed to the end user.

Long Arm of the Law

In addition to technical advances, vendors have been aggressively pursuing legal avenues to ward off spammers. In November 2004, Jeremy Jaynes, considered one of the top 10 spammers in the world, was sentenced to nine years in prison under a Virginia anti-spam law for sending millions of spam messages to America Online customers. In addition, vendors worked with Congress to pass the federal CAN-SPAM Act, which went into effect in early 2003 and was designed to help law enforcement agencies prosecute spammers.

In April of 2004, Michigan conducted the first criminal prosecution under the CAN-SPAM Act, issuing arrest warrants for four men charged with sending out hundreds of thousands of fraudulent, e-mail messages advertising a weight-loss product. In September of 2004, Nicholas Tombros, the “wireless spammer,” became the first person convicted under the CAN-SPAM Act.

While there has been progress, not everyone agrees with AOL’s deduction that the volume of spam decreased in 2004. “Other than AOL, every measure that I have seen states the number of spam messages sent has continued to increase,” noted Richi Jennings, leader of the anti-spam practice at Ferris Research Inc., an e-mail market research firm. He did say that the ongoing increases of spam as a percentage of all e-mail messages, which observers peg at between 70 and 80 percent, may be leveling off.

Turning Tide

“Statistically, there will never be a time when spam represents all e-mail messages, so it makes sense that it may have reached a plateau when viewed as its portion of all e-mail transactions,” he told TechNewsWorld.

Others question the effectiveness of recent law enforcement initiatives. “The CAN-SPAM law is not tough enough: It puts only mild restrictions on mailers — which are still not universally obeyed even by legitimate mailers — and added a few items about fraudulent practices, which were illegal anyway,” noted John Mozena, vice president of Coalition Against Unsolicited Commercial E-mail (CAUCE), a user advocacy group. “We were hoping the government would draft a law that was tougher and attacked the problem more directly.”

While there is disagreement the progress is the battle to curb spam, analysts do think that the tide may soon turn against spammers.

“For the past few years, there has been an ongoing arms race between vendors and spammers, who both have been using technology to further their goals,” said Michael Osterman, president of Osterman Research Inc., a market research firm focused on Spam. “Spam filtering tools now are much better and the vendors are more aggressive now than they were a few ago. If those trends continue in 2005, some spammers will start to rethink their businesses and find that the returns are not worth the investment required and stop spamming.”

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Technewsworld Channels