The War On Spam: News From the Front
Yes, it's a war, and networks around the world are fighting to keep the medium of e-mail legitimate and reliable. There have been new developments and refinements that are helping networks win some of these battles. Many networks are using block lists, filtering, and e-mail authentication methods to help defend against incoming spam. ISPs are constantly working to squash sources of spam from their networks while the spammers are constantly trying to find new ways to keep their flow of advertisements going. And let's not forget the end users, ultimately the victims in this war. You are a soldier as well, and there are things you can do to help the war effort.
Before we get to how you can help, let's look at some of the things networks and ISPs can do to reduce incoming and outgoing spam on their networks.
The networks on the receiving end of UCE (unsolicited commercial e-mail) are forced into a defensive posture to limit the volume that reaches their users' mailboxes. They can deploy many different solutions to cut down on the volume of spam that they ultimately have to store and their users have to deal with. Here are some of the more prevalent tools being used today:
- Block Lists - Block lists are lists of IP addresses of machines or entire networks that are explicitly denied the ability to even connect to the recipient's mail servers. These lists can be built by the network, bought, traded, or even available for free. Since the network is not permitting the blocked mailer access to deliver the spam, the network does not have to process or store the e-mail from that source. Block lists can be efficient and effective. However, they can also cause harm and need to be applied conscientiously. Optimum Online uses several industry-accepted block lists.
- Filtering - The most obvious form of filtering is based on the actual content of the e-mail, the message itself. Content filters look for similarities between e-mail and known UCE then decide if the e-mail being analyzed is "spammy" enough to block. Some content filters also employ URL filtering which looks for website addresses that are known to host UCE advertised web pages. Bayesian or "learning" filters are also used but are more effective on the end user side. Essentially, the filter is "taught" what is spam and what is not according to the person teaching it. Over time these filters can become highly accurate - close to 99% effective but different people or groups have different opinions of what is and isn't considered spam so these are not "one size fits all" filters. Filters are one of the most common tools used to weed out UCE but they can only be accurate to a point. The closer a filter gets to 100% accuracy, the more "false positives" happen, and legitimate e-mail gets filtered as spam. Many people would rather get a few spam e-mails rather than risk losing any genuine mail. Optimum Online's SpamScrub system employs Brightmail filtering technology that, on average, blocks over twenty five million messages every day.
- Sender Authentication - One of the newest technologies, sender authentication, works to verify that a particular e-mail was actually sent from the user or network it claims to be from. There are a few flavors of sender authentication but some of the most noteworthy are SPF (Sender Policy Framework), Sender ID, and Domain Keys. These protocols have the greatest impact at reducing the amount of "Phishing" e-mail that makes its way around the net. Many ISPs, including Optimum Online, are experimenting with these technologies.
It's one thing to stop e-mail from reaching users' mailboxes but wouldn't it be better to detect and terminate spammers before their garbage has a chance to be delivered? That is exactly the goal most ISPs are trying to reach. To be effective, ISPs need to know what spammers are doing and how they're doing it in order to stop the behavior.
It is widely accepted that a very large percentage of spam being sent today is sent from computers belonging to average home users. Spammers accomplish this by infiltrating thousands of machines with "backdoors" that allow them to completely control the victim's computer. The most common method of infection is via e-mail virus and over the last two years it has become evident that virus writers and spammers are working together to achieve their goals. These infiltrated machines, known as "zombies", are a significant risk to their owners as well as the ISPs that they live on. A zombie machine will reveal all personal information stored on it or passed through it to the hacker/spammer. Besides being used to send spam, the machine can be used for illegal purposes such as storing copyrighted or pornographic material or attacking other machines and networks. ISPs work to proactively detect and shut down zombie machines before they become a serious problem. Some ways ISPs deal with zombies are:
- E-mail Volume Monitoring - It goes without saying that spammers send HIGH volumes of e-mail - significantly more than the average user. ISPs can monitor how much e-mail is being sent from individual connections and determine if a particular machine is exhibiting unusual behavior.
- "Hacking" Activity - Zombie machines are frequently used to search for computers that have a security weakness and exploit that weakness to create another zombie. ISPs can monitor traffic flows and pick out machines that are on the prowl.
- E-mail Authentication - Most ISPs have mailservers for their customers to use for sending and receiving e-mail. Usually access to these mailservers is limited to machines that are connected to the ISP's network. In the case of a zombie machine, which is connected to the ISP's network, a spammer can route spam through the ISP's mailservers. That is very bad since networks may add those mailservers to their block lists and deny mail delivery for that ISP due to the spammer's activity. E-mail authentication requires customers to sign into the mailserver to send e-mail. This creates another hurdle for the spammer to overcome - he must acquire the username and password of the customer in order to send e-mail.
- Customer Education - All Internet users must be made aware of the dangers that exist on the Net and of the actions they can take to protect themselves and their computers. Most ISPs inform customers how to secure their machines and even provide the necessary software to do so.
What YOU Can Do To Help
Don't become a zombie; keep your machine secure and virus free! Make sure you have a software firewall and antivirus software on each computer that has access to the Internet. Keep your antivirus software up to date. New viruses are released everyday and your program needs the latest updates to protect you from the latest threats. If you use a Windows-based operating system, check weekly or automatically, for critical updates that will help lock down any discovered weaknesses. Beware of spyware/adware that may destabilize your computer or even install a back door on your PC. There are several programs available on the Net to help you hunt down and remove spyware/adware programs. You can find more information on these key housekeeping tasks here.
The War Rages On
Organizations like MAAWG (Messaging Anti-Abuse Working Group) work to create standards and provide a consolidated front in the war on spam. There isn't any single answer to the problem but working together surely is the first step to beating the spammers.