FTC Study Concludes Masking, Filtering Stop Spammers
Unmasked E-mail addresses received over 6,400 spam messages, while only one spam message reached masked E-mail addresses. Masking is the practice of altering an E-mail address so that it's readable by people but not by machines.
Trickery and technology both play key roles in managing spam, according to a study released yesterday by the Federal Trade Commission.
The agency looked at three aspects of spamming and efforts to control it: the automated harvesting of E-mail addresses on public areas of the Internet; using E-mail address masking to reduce address harvesting; and the effectiveness of spam filtering by Internet Service Providers.
To conduct its five-week study, the FTC established 50 test E-mail accounts at each of three separate ISPs; two used spam filters and one didn't. It also posted 50 E-mail addresses on various Web sites, chat rooms, message boards, USENET groups, and blogs.
Sure enough, spammers harvested many of those addresses and spammed them. However, addresses posted in chat rooms, message boards, USENET groups, and blogs proved less likely to be harvested than those on general Web sites. The FTC noted that some chat room operators took active steps to prevent E-mail address harvesting from online areas under their supervision. E-mail address harvesting qualifies as an aggravated violation of the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM).
The study concluded that E-mail address masking is an effective way to reduce spam. During the course of the study, unmasked E-mail addresses received over 6,400 spam messages, while only one spam message reached masked E-mail addresses. Also known as "munging," masking is the long-standing practice of altering an E-mail address so that it's readable by people but improperly formatted for machines, such as "tclaburn at cmp dot com."
However, the effectiveness of address masking is not foolproof, particularly if a simple masking method (such as the one above) is used. The FTC observed that at least one harvesting program appeared to be able to capture masked addresses and translate them into a useable form by converting the words "at" and "dot" into their respective symbols.
While the FTC concludes address masking is an effective tactic to prevent spam, some Internet users argue the practice diminishes the Internet's functionality for the sake of personal gain.
The study also underscores the utility of ISP-based filtering. After five weeks, E-mail accounts at the ISP with no filter received 8,885 spam messages. The accounts at the ISPs that filtered received 1,208 spam messages (over 86% blocked) and 422 spam messages (over 95% blocked) respectively.
The FTC did not disclose the makers of the two spam filters used in the study. But it did note that the difference between the two ISPs' block rates is not necessarily a reflection of superior technology because the study does not address whether the filtering resulted in any false positives (legitimate messages mistaken for spam).
An FTC spokesperson was not immediately available for comment.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.