Target the reason for spam, not spam itself

Only by removing the financial benefits of spam will its volume be reduced.

Only by removing the financial benefits of spam will its volume be reduced

The explosion of spam has prompted a massive reaction. The victims are looking for a cure and the suppliers are scrambling to grab a piece of a hot market.

ISPs are co-operating on their approach to control spam, while e-marketers are trying to avoid being perceived as part of the problem. Even governments are getting involved as legislators consider imposing restrictions on commercial e-mail.

There are several different anti-spam solutions available. The most common are blacklist services, fingerprinting, heuristics, and keyword and lexical analysis.

One of the oldest and simplest techniques is to block any e-mail from a server used by spammers. Both commercial and non-profit organisations maintain these blacklists and many anti-spam filters can access the lists, of which there are hundreds. Unfortunately, they tend to be broad and not suited for corporate use.

Another basic technique is to scan for certain keywords used in the e-mail. A variant of this approach is lexical analysis, in which the context of the words is also considered.

However, both these approaches could block a large number of legitimate messages, or "false positives", and spam not included in the blacklist can get through the filters, or "false negatives".

As spam moves to HTML, word-based filters will become increasingly ineffective. Bayesian filtering offers a twist on keyword analysis by taking the characteristics of legitimate e-mails into account to provide a balanced score.

The most accurate technique is spam fingerprinting. Specific spam messages are identified, a unique "fingerprint" is developed and scanners find and remove those e-mails.

Fingerprinting yields few false positives but its overall success hinges on the comprehensiveness of its database and the timeliness of the updates.

Heuristics is an increasingly common method for identifying spam. This relies on a large number of rules on an e-mail's content. Its success at blocking spam seems to come at a fairly high price in false positives, but the sensitivity of filters can be adjusted to find an acceptable balance.

None of these techniques alone is sufficient to shut out spam. Corporate measures must be multi-faceted and there is also a growing perception that technology alone is not able to solve the problem.

ISPs such as AOL, Yahoo and Microsoft have announced a partnership to develop guidelines for fighting spam, although nothing has been defined at this time.

E-mail marketing groups are proposing self-regulation. The Internet Research Technology Forum, a sister group to the Internet Engineering Task Force, is also researching this problem, but all of these efforts are very much in their infancy.

Most legislation takes one or more approaches to regulating spam: prohibiting forged e-mail addresses, prohibiting misleading subject lines, ensuring there is a way for recipients to opt out through e-mail or a phone call, labels (such as "ADV" for "advertisement"), and establishing "do not e-mail" registries. Some legislation is already in force in many US states and Europe and more legislation is likely.

However, regardless of what anti-spam legislation is ultimately enacted, it is unlikely to completely eliminate the problem.

First, the offenders are notoriously difficult to catch. Second, spammers can always move operations to jurisdictions in which the laws do not apply, and a large proportion of spam is already sent from overseas.

Organisations need to be realistic. Spam is likely to get worse before it gets better. Improved filters and stronger legislation can help, but in the longer term there should be fundamental changes in the way e-mail is sent and delivered, be they technological or economic.

Without technological improvements to identify spammers, forged e-mail addresses will continue and spammers will ignore prohibitions. Without changes to the financial model for e-mail, there will always be a monetary incentive to engage in spamming.

Jan Sundgren is an industry analyst and Jonathan Penn is a research director at Forrester Research

Read more on Antivirus, firewall and IDS products