Effective techniques for minimizing and eliminating spam
Much to the chagrin of Hormel Foods, maker of the canned meat product SPAM, the term spam has become synonymous with email abuse. In the Internet age, spam—unsolicited email—fills the world's Inboxes every day. This endless deluge of e-garbage is more than an annoyance. Spam is nothing short of computer shoplifting, consuming prodigious amounts of Internet bandwidth and costing us all time and money. According to Ferris Research, this year people will spend an average of $400 per Inbox and 15 hours of their time deleting unwanted email. Spam is reaching epidemic proportions: A Gartner study showed that spam increased fivefold in 2001, and the Radicati Group estimates that spam comprises nearly one in three corporate messages currently exchanged, a ratio Radicati expects to grow to 39 percent by 2006.
Because spam is so difficult to avoid and eliminate, it might be a bigger problem than email-borne viruses. You can usually avoid viruses simply by scanning incoming email and not opening suspect attachments, but you can't slam-dunk spam because of the possibility that you might filter out legitimate messages. Losing 1 important email message is worse than clicking through 50 pieces of junk mail. I can't give you a magic bullet to eliminate spam, but you and your users can minimize the amount you receive by following a few commonsense measures:
- Don't do business with spammers. If you buy something, you simply encourage spam practices.
- Avoid using your real email address online when posting to newsgroups, Web sites, or other public forums that spammers mine for targets.
- Never respond to spam, not even to click the remove me from this list link. Any response only verifies that your address is live and makes your address valuable property that the spammer can continue to target or trade with other spammers.
The above tactics can help new users minimize spam, but for many of us, these measures are probably too little, too late. Legislation might one day impose fines and other restraints on spammers, but such laws won't see the light of day soon.
For longtime Internet users, antispam products are the better bet. Spam-fighting products cover a range of technologies and include email-filtering services (e.g., Brightmail Anti-Spam 4.0), email security appliances (e.g., CipherTrust's IronMail), Exchange add-ons (e.g., Trend Micro's ScanMail eManager for Exchange), and client email filters (e.g., Sunbelt Software's iHateSpam). Microsoft Outlook also includes rudimentary tools for blocking spam.
Spam blockers typically use at least one of three techniques to identify spam. The most effective method is to block spam at the gateway by checking incoming email against a realtime "black-hole" list (i.e., a list of the IP addresses and domains of known spammers) and deleting mail from listed spammers. Many ISPs automatically do this for you, and Exchange security products include this feature.
Other products filter spam based on email header attributes. The email header shows the route the message took to its destination and includes information about the message, such as the sender, a message ID, when the message was created, and the subject. Spammers try to hide their identity by forging email headers or by relaying mail to hide the message's real source. Checking for valid email headers is an effective way of eliminating spam.
A third technique filters messages by content. Such products filter messages that contain specific words or phrases. More sophisticated products assign scores to certain words, then set an overall threshold per email message, letting you identify which messages the filter should block without incurring false positives. This approach is the last line of defense for messages that make it through the black-hole list and header filters.
Like taking out household garbage, minimizing and removing spam needs to become part of your routine. A combination of commonsense precautions and technology does the most effective job.