Anti-Spamming Approaches — Will New Laws Solve the Problem?

by Terry Costlow

Unwanted e-mails — also known as spam — represent a fairly small portion of the total e-mail traffic coursing through the worldwide web. Nevertheless, there is a growing concern that spam might have a huge negative impact on Internet use. The number of spam messages is soaring, and both the human and computer bandwidth needed to deal with it is rising in lockstep.

The sheer volume of spam is causing some concern that many users will scale back their e-mail and instant messaging and limit the number of web sites they visit. But most observers predict that just as they do to combat computer viruses, many users, corporations and Internet service providers (ISPs) will resort to using some form of anti-spam software to keep the unwanted messages at bay.

The Technical Challenges Are Formidable

Scores of companies have sprung up to provide software that reduces the amount of unwanted e-mail, addressing it at levels ranging from the individual desktop to large systems that handle millions of messages. Regardless of system size, the engineering challenge is the same.

“You have to determine what characteristics make spam different,” said Jean Camp, a professor of public policy at Harvard University and a member of the IEEE-USA’s Committee on Communications and Information Policy. Camp noted that spam robs many workers of a few man-hours per year, and that it’s an even bigger problem for ISPs. “Network providers have a huge incentive for getting rid of (spam) because it requires huge amounts of bandwidth,” she said.

On the ISP and corporate level, many anti-spam techniques look at patterns of distribution. For example, a message from outside a company that is sent to everyone in the firm is probably spam. Another common technique is to look at words or phrases, eliminating messages that contain sexual terms or other unwanted verbiage.

But nearly any identification approach is going to generate some false positives, which can mean that people won’t get messages they want, such as a huge mailing from an outside travel agent used throughout the corporation. Likewise, a program that eliminates sexual words could stop an important medical message from reaching its recipient.

Will New Laws Help?

As quickly as companies are finding their way around these challenges, spammers are finding new avenues to get their messages out. If that’s a challenge in the fast-moving technical world, it’s an even greater hurdle for slow-moving governments to tend to. In the United States, state and local governments are takings steps to reduce unwanted e-mail barrages. But though these efforts are welcome, it’s unlikely that laws will be the silver bullet that puts a halt to unwanted e-mail.

“We support legal efforts, which help define it, but such efforts won’t have any impact on spam from offshore,” said Francois Lavaste, marketing vice president of Brightmail, Inc., a San Francisco-based anti-spam company. “And because of the nature of spammers — whether they act with criminal intent or are just not paying attention to the law — the impact laws have on them will not be any greater than the impact laws have on car thieves.”

Spam on the Rise

According to Brightmail, spam attacks are rising rapidly. Its network, one of the few designed to make sure it gets as much spam as possible, recorded 5.3 million attacks in September 2002 alone, more than triple the 1.5 million recorded by its network in September 2001. Multiple copies of the same message are counted as one attack, regardless of how many times they arrive. In September, financial spam accounted for 38 percent of the spam; product messages followed at 28 percent, with adult services messages representing 11 percent of the spam received.

Though it’s new to many, spam has been around since the mid-1990s. It was then that unwanted sales pitches began bombarding Internet newsgroups, which were set up for users to discuss designated topics. “Most of the newsgroups I used to participate in are now useless because 90 percent of the postings in them are spam,” said Jeff Johnson, a spokesperson for Computer Professionals for Social Responsibility.

Though the challenges of preventing viruses and spam are loosely similar, particularly in the myriad approaches to preventing them, anti-spam programs have an edge in at least one way: “Viruses enter a company from many different pathways,” Lavaste noted. “Spam, however, only comes through one door — e-mail.”

---

Terry Costlow has written about the electronics industry for more than 20 years, covering a wide range of technologies and topics.