Security Firm: Spam Could Kill E-Mail - InformationWeek
02:10 PM

Security Firm: Spam Could Kill E-Mail

Soaring volume of spam could discourage people from relying on E-mail to communicate.

Spam is increasing at such an alarming rate that people may stop relying on E-mail to communicate, according to E-mail security firm Postini, which says spam volume jumped some 150% in 2002.

In another danger signal, the percentage of messages sent to Postini's clients identified as spam climbed from just 20% in January 2002 to more than 60% in December.

Postini, which processes 40 million messages daily for more than 800 businesses and Internet service providers, 60% of spam messages it's intercepting are special offers or promotions; 20% are bulk mail; 12% are "get-rich-quick" schemes; and 10% have sexually explicit content.

All of it drags down employees' productivity, overloads their E-mail infrastructure, and can cause serious legal and human-resource problems, says Maurene Kaplan Grey, an analyst with Gartner. "Postini's numbers are pretty accurate," she says. "I have no reason to doubt them and lots of reasons to believe them."

Other E-mail content-filtering firms, she says, show similar numbers. "Spam is easily 30%, 40% of total enterprise mail volume."

"These are healthy statistics," says Scott Petry, Postini's VP of products and engineering and the company's founder. "But not on the good side. We're shocked, frankly, at the increase. If you do the growth curve, E-mail will shortly follow Usenet" into disuse.

If these trends continue, he says, people will simply have to stop relying on E-mail as a communication mechanism.

The spike in spam has been fueled by the use of an E-mail collection technique called a Directory Harvest Attack, Petry says. By querying a mail server--and Microsoft Exchange servers are notably vulnerable here--a DHA can run through tens of thousands of possible addresses in a matter of minutes and collect the valid addresses it gleans from the server.

DHAs "are the hidden threat" to businesses on the spam front, Petry says. "The old world of spamming was dumb bombs. The new world of spamming is smart munitions."

Other spam techniques, such as using graphics or HTML to encode messages, or introducing minor differences in each message in order to defeat the simpler signature-based anti-spam products, are getting more sophisticated as well, Petry says.

A company has two choices, he says, in dealing with spam: "Either severely restrict who can access E-mail or put robust content filtering solutions in place."

Gartner's Grey sees the problem continuing at least through 2004, when she expects more-sophisticated anti-spam toolsets, stronger (and better-enforced) laws, and, most importantly, smarter E-mail users to begin to stem the tide. "The complete solution is to educate users into practicing safe E-mailing," she says.

She noted that this technique has worked relatively well to keep viruses at bay and sees it as the ultimate solution to the spam problem. "Don't give out your E-mail address casually on a Web site," she suggests.

Postini tracks its message processing and posts the results, delayed 24 hours, on its Web site. Wednesday morning, for instance, Postini's E-mail Stat Track claimed that more than 64% of the messages it processed for its clients were spam and identified nearly 30,000 DHAs.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll