Fighting the future of spam.
Directive 58, an Electronic Communications and Privacy Law implemented by all EU member states, regulates against the use of spam for purposes of direct marketing, but its specifications as to the definition of spam are vague and as an EU Directive, it is only applicable to Europe. As over 80 percent of spam is sent from countries outside the EU, such as China and the USA, the full force of the legislation making a difference to European countries will be limited. Following the implementation of this Directive, the Institute for Information Law in Amsterdam began a year-long study on the impact of the legislation and spam, in general, across European businesses. In mid-2004 the results of the study concluded that the majority of businesses who regard spam as a major concern have little confidence in the role that government plays in supporting them directly or imposing legal restraints to stop spammers. So it is up to the experts of antispam technology to take measures and resolve their problems through the provision of groundbreaking, innovative software.
Virtually the entire spam fighting community assumes that they are fighting spam, and that all that has to be done is 'recognise the messages'. Unfortunately, the reality is that they are fighting spammers not spam. The future of fighting spam is to focus on the one fundamental aspect--it is sent in bulk. Spamming is an economic activity done for profit; therefore all spammers must send mail in large quantities. Each spam is sent in the millions and with the huge rise in spam volumes, antispam solutions need to block an increasingly larger percentage of spam to reduce the actual number of spam reaching e-mail users. As a result, solutions that blocked 90 percent of spam were once considered effective. Now, to be effective, solutions must block 95 percent of Spam.
Current or last generation spam products are based on content and are effective for current or old spam but cannot provide proactive defense against today's and tomorrow's spam. They focus on the characteristics of the content of the message itself rather than on the characteristics of the message and spam attack.
As soon as the industry begins to think like a spammer, the requirements of their chosen anti-spam solution become clear. It needs to track spam across the Internet based on bulk mail characteristics and apply algorithms along with information about known sources of spam, i.e. campaigns, etc. This allows spam to be detected and reacted to in real-time. This technology known as 'Recurrent Pattern Detection' has been acknowledged by ID in its recently released White Paper titled 'Choosing the Best Technology to Fight Spam. The method also dramatically reduces false positives because of an overly sensitive reaction to certain words. Also, a solution that is language-neutral and format-neutral detects spam even if the contents are nothing more than a single embedded image file.
While spammers specifically design messages to avoid content-based filters, they have no way to avoid statistical analysis other than to drastically drop their message volume, which would invalidate their entire business model, Nobody wants to repetitively spend money on new anti-spam technology, but more and more, they are faced with the fact that their technological choices to fight spam are deemed insufficient before they have been implemented. Dedicating time, effort and finances to obsolete anti-spam 'products and solutions' is causing frustration. It is now essential for the IT security manager to focus on the technology in order to choose a reliable solution that provides them with a real opportunity for growth. Only by considering the working process of the spammer can the IT managers truly begin to understand and demand the right solution to fight the future of spam. Also, through the recommendation of anti-spam solutions based on this understanding, the end-user will finally begin to get on top of their ever-increasing deluge of spam e-mails, thus managing its business's future concerns.
Julian Bogajski, Sybari Software
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Security Supplement|
|Date:||Mar 1, 2005|
|Previous Article:||10 things to know when selecting a storage security solution.|
|Next Article:||The appliance of compliance.|
|The worldwide war on spam continues.|
|Choosing the right spam solution.|
|New Jersey, U.N. join the fight against Spam.|
|2004: the security year reviewed, Sophos.|
|China to fight spam.|