Spammed!

Hello, we tried contacting you a while ago about our low interest mortgage
rates. You have qualified for the lowest rate in years. You could get over
$380,000 for as little as $500 a month! Please click on the link to confirm...Best
regards.... Fran Barabas." Thus read the email I received. I don't know
Barabas, neither do the millions of people who might have received similar,
ridiculous, spam mails that put many an email user in a fix. One curses all
those unknown faceless spammers who have become part of our everyday lives. How
big is spam? Pretty big. This becomes evident as we take a closer look at the
available statistics. According to an industry report: "Spammers will send
52 bn messages, 900 mn viruses, and 70 bn harvest attack messages during
2005". From an enterprise point of view, Spam is an employee productivity
killer and managing spam becomes high on the CIO's agenda. Says Rajesh Uppal,
chief general manager—IT, Maruti Udyog, "While spammers can send millions
of spam emails at negligible cost, the recipient pays a considerable price for
receiving these unwanted mails. Besides having a negative effect on employee
productivity, it also affects the bandwidth utilization, data storage, and mail
server efficiency. It is estimated that 56% of all mails that pass through the
Internet are spam. It is clear that as spams rise, the value of email as a
business tool, within corporate institutions will diminish."

The ground reality

According to industry experts, spam is defined as an act of sending the same
message to many newsgroups; messages that are sent to sell products and
services. While spammers very well know that majority of the users will delete
the mails without even opening them. But, given the huge sample to which these
mails are sent, chances are that at least a small percentage of users might
respond, and a product might get sold. This is a kind of brute force marketing
that relies heavily on probability factors. According to a study made on email
hygiene, by the Radicati Group and Mirapoint, a US-based provider of email
server and security appliances: "There is a greater need for end user
education to reduce worldwide spam and virus traffic. Users too frequently click
on the links embedded in spam messages that can reveal active email inboxes and
infect the system with virus and malicious codes. Moreover, the findings
indicated that bad email hygiene continues to drive the economics of the spam
business."

Says Manvendra Bhangui, vice president, systems and software, Sify, "At
Sify we see around 60% of mails to be spam. These are filtered using Bayesian
spam filters using powerful servers, which break each and every mail into words
and calculate the probability of a word being spam. This is done using huge
dictionary of spam and non-spam words. Indeed, many large ISPs have suffered
major system outages as the result of massive junk email campaigns."

Managing spam

Quips Thennavan Subbiah, country manager—India, IronPort Systems,
"The email security crisis can be managed only with the right technology
and processes in place. Once the email address gets into the spammers' mailing
lists, the volume of spam is only going to increase. Companies should also look
for technology solutions that effectively guard against directory harvest
attacks."

There are a lot of solutions in the market today. "Basically, the
solutions can be broadly categorized into two types-preventive and reactive.
Preventive filters act as early-warning systems for IPs sending spam. This
enables companies to block and throttle spam at the connection level. Connection
level blocking frees up system resources to process legitimate email. Even if
the volume of spam increases, additional capital investments are not required.
While reactive filters look at the content of the email to categorize spam, this
approach consumes a lot of system resources as the spam volumes increase,"
says Thennavan.

But, dealing with spam is a very difficult task because spammers have a wide
array of tools and technologies available to them that make it easy for them to
send the mail but difficult for the receiver to communicate back with them, or
have any authority over them. It is also difficult to deal with them because
spam almost always comes in as a normal email. Given that, how can technology
decides automatically what content is undesirable?

Reflecting on this critical issue, Manvendra says, "One solution does
not work for all. Some of the generally accepted solutions start from the kind
of email infrastructure an enterprise has. For instance, one should implement
and manage a highly scalable spam resistant mail server. One should provide a
spam-free hosted solution. Here, players like us will host the server and
deliver spam free emails to the organization's server. This approach reduces
the organization's bandwidth usage, considerably." With email being a
business necessity, the problem of spam is threatening the enterprise in various
forms. Given that, managing spam and rolling out an anti-spam solution will
increasingly become a challenge to the enterprise CIOs in the days ahead.

Succumbing to Spam A survey made in the US unfolded surprising statistics about email users behavior on spam mails. Have you ever cliked on a link within a Spam Message (other than unsubscribe)?  31% of respondents have clicked on embedded links within spam (not including the unsubscribe link).  Clicking on embedded links in spam messages helps spammers determine 'live' email accounts, which encourages repeated spam attacks. To compound the problem, when an active account within a specific email domain is identified, organizations become more exposed to other attacks, like directory harvests or phishing scams. Even worse, by clicking on embedded links users can be exposed to viruses or other malicious code that can quickly spread throughout an organization, potentially infect outside business partners or customers, or even destroy critical data and create service outages. Have you tried to use the 'unsubscribe' link in the email? 18% of respondents have tried to unsubscribe to spam using the 'unsubscribe' link in the email.  Much like clicking on links embedded within spam messages, many spammers exploit the unsubscribe link to identify active email accounts. Once individual email addresses or entire domains are found to be active, the likelihood of follow-on spam or other security attacks increases dramatically. Have you ever purchased a product or service as a result of Spam? Over 10% of respondents have purchased products advertised in spam.  With the near-zero cost of sending out huge volumes of spam messages combined with the low business barriers to entry, the fact that more than one in ten email users are purchasing products advertised in spam is clearly continuing to drive the economics of the spam industry. Source: Radicati Group & Mirapoint survery, March 2005

Shrikanth G in
Chennai

Fixing Spam

Sify's Manvendra Bhangui divides the spam solutions into two broad
categories-for individual users and administrators. Based on these categories
he advocates some popular methods for fixing spam.

For individual users

Using the filtering capability of Mail Clients:
The technique used in most
of new email clients is Bayesian filtering. This technique uses mathematics and
involves the user to train the software to recognize undesirable content, based
on personal reading habits. Latest versions of Eudora, Outlook, Netscape Mail
have filtering capabilities ("If the subject line contains the word 'mortgage',
put this message in the Trash.").

Real-time
third party black-hole lists: These blacklists work by publishing IP addresses
that the spammers use. This is a very clumsy way of blocking mails. By the time
recipients get flooded with spam, the spammers are already using a new set of IP
addresses. It is usually the ISPs who bear the brunt of these blacklists. These
lists are the source of much controversy because the criteria for being
"listed" can vary so widely, depending on the mission (and sometimes,
personal preferences) of the people or organization maintaining them.

Whitelist Strategy: One can also employ a strategy where you accept mails
only from known "good senders." When an unknown sender sends you a
mail, your system can send a mail back asking for confirmation from the sender.
A very good implementation of this is Tagged Message Delivery Agent (TMDA).

Manvendra Bhangui, vp, systems and software, Sify

Complain about the spam you get: Spammers want you to just hit the Delete
button if you are not interested in their advertisements. SpamCop (www.spamcop.net)
is a convenient tool for sending a spam complaint.

For administrators

Controls at the SMTP server:
Use of Mail Transport Agent (MTA) like qmail or
postfix, which has a mechanism to block network traffic, based on various
criteria like IP addresses, addresses without DNS entry, invalid envelope, etc.
Using an external virus or spam scanner will always impose performance
overheads, and having an in-built scanner can reduce overheads substantially.

Using Message Submission Port: This involves running your MTA on a port other
than port 25 (the default for SMTP). A standard port for message submission is
587. The administrator should enforce authenticated SMTP on this port. Forcing
authentication means that spammers will not be able to use your mail server for
sending out mails. Other options include using Bayesian Filters like bogofilter,
dspam, and spamassasin. These are extremely good spam filters, which catch spam
with 99% effectiveness. Other approaches like domain keys create domain level
authentication and act as spam guard.