Software // Enterprise Applications
04:00 PM
Fred Langa
Fred Langa
Connect Directly

Langa Letter: Real-Life Spam Solutions

A new generation of anti-spam tools is just around the corner. But until then, these spam blockers and handlers may be the next best thing.

We all know spam is annoying, but have you thought about how much it actually costs you? If you spend, say, 10 minutes each workday identifying, deleting, or otherwise dealing with spam, then you're expending some 43 hours a year--more than a week's worth of lost productivity--on spam. If you earn $50,000 a year, then the value of that lost time is something like $1,000. Of course, your actual numbers may be higher or lower depending on how much spam you get and what your time is worth, but you get the idea.

Now use the same technique to estimate the average amount of time and money lost to spam across your entire company, or nationwide, or worldwide, and you'll arrive at a staggering, almost scary number. Spam isn't just an irritant; it's costing us all huge amounts of time and money.

And it's getting worse: One anti-spam company,, has tracked spam worldwide for the last 18 months and seen the volume of spam increase fivefold in that time. Brightmail says that spam now accounts for almost 40% of the world's E-mail traffic, a colossal waste of bandwidth, storage, computing power, and human effort.

Present Tools Are Inadequate
When spam first became a problem, some very clever programmers began to notice patterns. For example, a high percentage of spam originated from a relatively small group of servers that tended to be hosts to spammers. The programmers came up with the idea of collecting data on spam's origins and sharing this information in "blacklists" (sometimes called "blocklists") that ISPs and mail-server administrators could use to block all mail from the known-as-bad IP addresses.

This worked for a time, but then spammers got smarter and started using more-sophisticated methods of broadcasting spam. As just one example, consider the hit-and-run technique, where a spammer might use a particular IP for only a short time. By the time a blacklist-keeper reacts and adds the offending IP to its database, the spammer has moved on, so no spam is blocked. Worse, because the now non-spamming IP or IP range is still in the blacklist, all totally valid E-mail from that IP or IP range continues to be blocked, at least until the blacklist is updated again. This is a classic double negative--the original problem isn't solved (spam isn't blocked), and a whole new problem is created (good E-mail is blocked).

That's not a made-up example: Most blacklists now really do cause more harm than good. Want proof? A study by Giga Information Group found that the best-known blacklist, MAPS RBL (Mail Abuse Prevention System Realtime Black List), catches less than 25% of spam but blocks 34% of good mail. In other words, it doesn't catch much spam in the first place, and then, for every spam that's blocked, it also blocks 1.4 totally valid nonspam E-mails!

The defenders of blacklists swear by them because that low 24% success rate still may mean that a large number of spam messages are blocked. But how can anyone possibly regard a technology as successful if it has a 76% failure rate (76% of spam gets through) and if it also generates collateral damage through a "false positive" error rate of 140%? To any rational person, grotesque failure rates like those are a clear indication that the technology simply isn't working.

But it gets even worse: Blacklists also can be actively misused through malice, ignorance, or simple misapplication. This has caused groups as diverse as the ACLU, the Electronic Frontier Foundation, and Computer Professionals for Social Responsibility to speak out against blacklists. (See, for example, MAPS RBL Is Now Censorware, The Coalition Statement Against "Stealth Blocking", When Spam Policing Gets Out Of Control, World Justice, or Big Class Action.)

Clearly, blacklists are an outmoded tool, a very blunt instrument, that have outlived their usefulness. Very simply, blacklists now do vastly more harm than good.

1 of 4
Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - September 10, 2014
A high-scale relational database? NoSQL database? Hadoop? Event-processing technology? When it comes to big data, one size doesn't fit all. Here's how to decide.
Flash Poll
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.