Spam costs the U.S. economy billions every year. According to the National Technology Readiness Survey in 2004, the cost of spam in terms of lost productivity has reached $21.58 billion annually.
Spam drains up to one hour a day of productive work for every email user at an organization, not including productivity losses from viruses caused by Spam. MAAWG (Messaging Anti-Abuse Working Group) estimates that 80-85% of incoming mail is “abusive email”, using a sample size of over 100 million mailboxes.

Spam has grown exponentially from hundreds of emails a day to billions with the trillion mark expected soon!

Spam is a problem that every organization needs to resolve as well as update as Spam originators adapt and employ more aggressive and innovative solutions.

What is Spam?

Simply put, Spam is electronic junk mail, most often in the form of commercial advertising for questionable products, get-rich-quick schemes or quasi-legal services. Spam costs the sender very little because the majority of the costs are passed on to the recipients and internet providers.

As of January 2007, Verizon, ServerFlo and AT&T are the three networks that host the most spammers.

According to the CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing) Act of 2003 in the United States, spam is legally permissible, provided that it contains a truthful subject line, no false information in the technical headers or sender address, no conspicuous display of the postal address of the sender and other minor requirements.

The Origin of Spam

The word “spam” actually originated from early chat rooms in the 1980’s as a technique of getting rid of unwanted visitors. When an unwanted “spammer” tried to interrupt a chat room conversation, veteran members of the chat room would type the Monty Python “Spam” routine of 1970 at high speed. Members would fill the screen with “Spam Spam Spam eggs Spam Spam and Spam” and the like, making all other communication impossible, until the ‘spammer’ left the chat room.

Various types of Spam

There are many different types of spam, including: chat room spam, messaging (or IM) spam, forum spam, cellular phone spam, blog spam, guestbook spam, web search engine spam, and of course, email spam. The two most popular types of spam are usenet spam and email spam:

Usenet spam is a single message, sent to twenty or more Usenet newsgroups, generally aimed at “lurkers” (people who read newsgroups but rarely/never post and give away their email address). Usenet spam undermines the power of system administrators to manage the topics they accept on their systems, often causing the identity and utility of the newsgroups to disappear underneath the barrage of advertising and other irrelevant posts left by spammers.
Email spam targets individual users with direct emails. Email spam lists are usually generated by scanning Usenet postings, stealing internet mailing lists, or searching the web for addresses. Automated tools help spammers subscribe to numerous mailing lists for little time and resources. Email spam is probably the one that affects your productivity and business the most.

Concerns: Lost Productivity, Inflated Costs & Security Threats

Lost Productivity

It’s obvious that spam takes up the time of employees who could otherwise be engaged in more productive work. It also puts a heavy processing load on the email server and eats up disk space on both servers and workstations; thus, reducing the overall performance of the network.

Because you can also accidentally delete important messages, thinking that it’s spam, you may miss a meeting notice, delay those waiting on your response or even a revenue opportunity for your organization.

Inflated Costs

The costs of email spam are relatively low for spammers, but significantly higher for those receiving the spam.

Internet Users with a measured internet service or measured phone plan with a dial-up connection (per minute/hr or bandwidth limits) incur direct Spam costs because their online and/or phone time is extended when they have to sort through spam.

Users with unlimited internet access pay an inflated rate as ISP’s pass along the costs of managing, hosting and transmitting the increasing abundance of Spam.

Spammers have few operating costs beyond management of their emailing lists, making Spam an economically viable solution for their advertising needs. Most spammers take advantage of free trial periods from ISPs and quickly abandoning their accounts after sending out millions of spam messages and before being caught by their ISP.

Security

Every access point into your network presents a potential threat to the security of your systems. The threats include identity theft, viruses, the combination of ‘phishing’ and spam, and the combination of viruses and spam. Today, there is less of a distinction between hackers and spam and also between viruses and spam:

• Spammers often send HTML emails, which can carry embedded malicious code
• Spammers often send messages with attachments that can contain macro viruses.
• Spam can point recipients to websites that contain scripts to collect available data from your computer or network
• Spammers often include links to ‘take you off their mailing list’, but actually just verify your email to sell to other spammers.
• Spammers use techniques to collect addresses from corporate websites and email directories.
• Spam is often embedded with spyware to track activity or malware to infiltrate or damage a computer system without the user’s knowledge.
• New viruses, worms and malware use spam techniques to spread after being triggered by the user.
• Phishing and scams are distributed as spam, which lead directly to identity theft and fraud.

Phishing reports received by the Anti-Phishing Working Group, an industry association focused on eliminating identity theft and fraud resulting from phishing and email scams, increased 35% over the last year.

Solution: Eliminate Spam & Insure Security

Every business is unique and so is every solution and there are a number of technical aspects that depend on your existing technology and specific needs, but the basics are similar:

1. Wrap your computers and networks with the right hardware and software to eliminate 99% of the spam sent from ever reaching your systems and protect your systems from viruses, worms, spyware, malware and other threats.
2. Remotely monitor your systems to insure all software and hardware is working properly and up-to-date as well as alert you to potential new threats.
3. Develop computing security policies and train your workforce on proper computing security practices and procedures.

Below, you will find more technical detail regarding the various ways the right hardware and software can address the challenges of spam as there are many levels at which spam can be fought. For small- to medium-sized businesses, most of it will be done at the server and client levels. Or contact us today at 617.375.9100 to learn more about a Spam blocking/elimination solution for your business.

Control Techniques

Technique	Description
Key Word Filtering	A type of application layer filtering that blocks all messages that contain particular keywords or phrases that appear frequently in spam
Address Blocking	A filtering method that blocks spam from specific IP addresses, email addresses or domains of known spammers
Black Listing	Maintaining and sharing a list of emails from known spammers with others so that each user doesn’t have to develop a list from scratch
White Listing	A filtering method that specifies which senders should be allowed instead of which senders should be blocked
Heuristic Filtering	A rules-based filtering that uses pattern matching to identify spam

Anti-Spam Solutions

DNS Block Lists

These are lists of IP addresses that have been identified as sources of spam and use DNS for rapid updates. Each list is generally maintained by a few core members who have control over all additions and removals from the list. There are dozens of DNS block lists in regular use today and each list generally has a specialty or fixed set of rules for determining inclusion.

As opposed to other spam-blocking techniques where each message must be transferred, (resulting in increased bandwidth), stored (causing increased disk usage) and processed (which means increased CPU time), DNS Block lists are considered much more efficient as their queries require very little bandwidth and messages are rejected before the contents are ever sent.

The main drawback in only using DNS Block Lists is in the integrity of the DNS Block list managers. If they don’t continually update the list, new spamming IP addresses will not be added and old IP addresses will not be removed. Also the list managers must not add any IP addresses to the block list without ample reason.

Checksum Filters

These work by ‘checking’ certain parts of an email and querying a database for matches to spam. Server-side checksum filters provide a good second line of defense after DNS block lists. There are two main types of checksum filters, Antivirus filters and content filters:

• Antivirus filters stop fast-spreading viruses that can outpace DNS block lists during large outbreaks. They usually have a very low rate of false positives and an antivirus filter integrated into the mail server can block viruses at the SMTP level, so that senders are notified immediately when a message is rejected and identify a false positive.
• Content filters look at the textual content of emails and query a database to see if similar messages have been reported by a certain number of people to qualify it as spam. Since spam is sent to thousands or millions of recipients using the same exact message, the first number of people can report it to the database and protect future recipients. These filters can generate a false positive if enough people report a message as spam when it is not spam. The chief drawback with content checksum filters is that they can be tricked by varying the contents of the spam message. Thus, the algorithms used to determine the matches should be continuously evolving to keep the spam detection accurate while keeping the number of false positives low.

Statistical Filters

These learn what an individual user considers spam and over time, evolve to be extremely effective personalized spam blockers. Recent statistical filters, such as Bayesian filters are a huge improvement over the previous generation of static filters, which consisted of a predefined set of spam triggers. A Bayesian filter is “intelligent” software that can analyze spam messages and recognize other messages as spam based on the “learning” experience. Statistical filters are not infallible though – especially in the early stages before they have been properly trained, they may generate false positives. These filters are generally used at the client level, and although they can run on the server at the SMTP level, it is not always possible in a mass virtual hosting environment. It requires significantly more effort to configure and train server-based filters since mail clients are not designed to work with them by default.

Challenge/Response

This technique works through a whitelist. Whenever someone who is not on your whitelist sends you an email, an automated reply is sent back with instructions telling the sender how to get added to your whitelist. The major problem with this though is that, often times, many senders will not go through the trouble to going through directions to get onto a user’s whitelist. Furthermore, when users subscribe to a mailing list or fill out a form to get information emailed to them, they may get an automated email back. This email will never have reached them and since it’s automated, nobody on the other end will be going through the trouble to getting onto their whitelist. The other problem is that if this method ever became popular, spammers would undoubtedly start writing software to automate the process of getting onto the whitelist.

Greylisting

This solution entails rejecting any emails from unknown domain names with a “try again later” message and accepting delivery on the second attempt from the sender. The largest problem with this is basically the same as the challenge/response solution. Many non-spammers will not go through the effort of sending another email, thus many legitimate emails are lost along the way. Also similar to the challenge/response method, an issue is that spammers will update their software to automate the second attempt if greylisting ever became widely used.

Anti-Spam at the Server Level

Many of these anti-spam solutions can work at both the client and server levels. There are many applications designed to block spam at the server level too. Some of these are installed on the email server and some are installed on a separate server. Having it installed on a separate server requires a hardware investment, but it also relieves the processing load on the mail server so it can do its primary job more effectively. Most popular email clients include some form of spam filtering built in. Many third-party products are also available for filtering email.

New Concepts in Development and/or Discussion

Email Tax

This involves charging users per email they send out. The idea is to make the cost small enough so that there is no significant effect on the average user, but high enough to discourage spammers. Although this is often proposed as a solution to spam, there are a few major problems with it: 1) method of collection, 2) accounting for the huge disproportion in income levels around the world, and 3) the immense amount of spam coming from ordinary users’ workstations that have been infected with viruses and turned towards use by spammers.

Resource Expenditure

This method requires the sender to perform a small computation before a message would be sent. In theory, the computation would be a small enough task so that it is not a burden to senders, but it would quickly bog down a spammer’s computer. It is conceptually the same as the email tax, but also has many of the same types of problems.

Sender Forgery Prevention

This aims to eliminate forged email return addresses. The idea of this is really not to stop spam or to block it, but to eliminate any confusion that may result from misuse of identifying information. Often times, spammers try to make it look like their email is coming from someone else, which results in users opening a spam message and/or blaming the wrong person. The current implementations all have significant hurdles to overcome before any of them see widespread adoption. Additionally, it will be difficult to get any of the larger email providers to agree on a single method, as there are several overlapping solutions now.

Contact us today at 617.375.9100 to learn more about a Spam blocking/elimination solution for your business.