Fighting the Future of Spam

It’s no surprise that recommending the appropriate technology to fight the current and future development of spam is putting the IT profession into a real quandary, and with 500,000 new and unique spam outbreaks hitting the Internet each day, it’s evident that spam is not going anywhere.

Directive 58, an Electronic Communications and Privacy Law implemented by all EU member states, regulates against the use of spam for purposes of direct marketing, but its specifications as to the definition of spam are vague and as an EU Directive, it is only applicable to Europe. As over 80 per cent of spam is sent from countries outside the EU, such as China and the US, the full force of the legislation making a difference to European countries will be limited.

Following the implementation of this Directive, the Institute for Information Law in Amsterdam began a year-long study on the impact of the legislation and spam, in general, across European businesses.

In mid-2004 the results of the study concluded that the majority of businesses who regard spam as a major concern have little confidence in the role that government plays in supporting them directly or imposing legal restraints to stop spammers. So, it is up to the experts of anti-spam technology to take measures and resolve their problems through the provision of groundbreaking, innovative software.

Virtually the entire spam fighting community assumes that they are fighting spam, and that all that has to be done is ‘recognise the messages’. Unfortunately, the reality is that they are fighting spammers and not spam. The future of fighting spam is to focus on the one fundamental aspect – it is sent in bulk. Spamming is an economic activity done for profit, therefore all spammers must send mail in large quantities.

Each spam is sent in the millions and with the huge rise in spam volumes, anti-spam solutions need to block an increasingly larger percentage of spam to reduce the actual number of spam reaching e-mail users. As a result, solutions that blocked 90 per cent of spam were once considered effective. Now, to be effective, solutions must block 95 per cent of spam.

Current or last generation spam products are based on content and are effective for current or old spam but cannot provide proactive defense against today’s and tomorrow’s spam. They focus on the characteristics of the content of the message itself rather than on the characteristics of the message and spam attack.

As soon as the industry begins to think like a ‘spammer’, the requirements of their chosen anti-spam solution become clear. It needs to track spam across the Internet based on bulk mail characteristics and apply algorithms along with information about known sources of spam (campaigns, etcetera). This allows spam to be detected and reacted to in real-time.

This technology known as ‘Recurrent Pattern Detection’ has been acknowledged by IDC, a global market intelligence and advisory firm in the information technology and telecommunications industries, in its recently released white paper titled ‘Choosing the Best Technology to Fight Spam’.

The method also dramatically reduces false positives because of an overly sensitive reaction to certain words. And, a solution that is language-neutral and format-neutral detects spam even if the contents are nothing more than a single embedded image file.

While spammers specifically design messages to avoid content-based filters, they have no way to avoid statistical analysis other than to drastically drop their message volume, which would invalidate their entire business model.

Nobody wants to repetitively spend money on new anti-spam technology, but more and more, they are faced with the fact that their technological choices to fight spam are deemed insufficient before they have been implemented. Dedicating time, effort and finances to obsolete anti-spam ‘products and solutions’ is causing frustration.

It is now essential for the IT security manager to focus on the technology in order to choose a reliable solution that provides them with a real opportunity for growth.

Only by considering the working process of the spammer can the IT managers truly begin to understand and demand the right solution to fight the future of spam. And, through the recommendation of anti-spam solutions based on this understanding, the end-user will finally begin to get on top of their ever-increasing deluge of spam e-mails, thus managing its business’s future concerns.