Combating the onslaught of spam
Chances are you’ve received several e-mails that promise you cheap Viagra, diet pills that really work, a chance to win a million-dollar lottery in some country you’ve never heard of, and several million dollars needing to be liberated from a Sudanese government minister’s bank account. If you have, then you’ve been spammed.
Spam, or unsolicited bulk e-mail, is fast becoming the bane of every Internet user’s existence, clogging our in-boxes and wasting our time with dodgy sales offers.
It is an increasing problem worldwide, with companies such as local Internet service provider (ISP) M-Web estimating that as much as 80% of all e-mail sent is spam.
Spam consumes server time and bandwidth, making the Internet and e-mail slower and more expensive for ISPs and users alike, says Anthony Southgate, general manager of Security for Internet Solutions.
The onus is increasingly falling on ISPs and companies to prevent spam before it gets to users’ desktops, because sexually explicit or otherwise offensive spam may open up the service provider to legal liability, says Southgate. As a result, South African ISPs are increasingly taking a pro- active approach to spam and filtering or deleting it before it reaches your e-mail inbox.
Adrian Punt, service delivery manager at Tiscali South Africa, says that spam is a “massive” problem and that Tiscali adopts an aggressive approach: “We treat spam the same way as viruses — we delete it.” Like other ISPs, Tiscali uses sophisticated software that checks all incoming e-mails, analysing their content to determine whether they are spam.
This analysis takes into account the subject matter, the words used, whether the message contains images (spammers often send messages containing an image, hoping to fool systems that check words), and the e-mail address it is sent from. Each message is given a score on these checks and messages that have a high score are rejected as spam.
ISPs also use databases of addresses provided by spam-busting organisations such as Spamcop or Spamhaus routinely to block mail from known spammers. This is only partially effective, because spammers tend to move faster than the people maintaining these lists. ISPs also set up “honeypots” — dummy addresses posted on websites, used to attract and divert spam from legitimate e-mail addresses.
The problem with filtering e-mails before you, the user, get them, is that ISPs run the risk of “false positives” — mistaking legitimate mail as spam.
Mervyn Goliath, general manager of technology operations at M-Web, agrees that false positives are the biggest risk of spam-filtering software, but says that M-Web has not seen an increase in complaints about deleted e-mails.
This has not been the case internationally. Recent research in the United States found that 17% of legitimate e-mails were being blocked by the US’s top 12 ISPs.
Although technology experts agree spam is a large problem, they disagree on whether it will remain a problem and on what should be done about it.
Southgate thinks that as anti-spam software gets more sophisticated it will eventually force spammers out of business. Others are less optimistic, saying that current spam-busting methods are barely keeping pace with the deluge of junk e-mail.
Microsoft has proposed a solution called Penny Black, which requires the e-mail sender’s computer to spend 20 seconds calculating a complicated algorithm for each e-mail that is sent.
Microsoft’s argument is that for the average user, waiting 20 seconds to send an e-mail is not onerous, but it should deter spammers, who send out hundreds of thousands of messages.
Response to this proposal has been mixed, as has response to other ideas, such as authenticating each sender, or even charging for each e-mail sent.
Whether any of these proposals will be adopted remains to be seen.
Additional reporting by Ken Young