Spam Filtering Floods Innocent In-Boxes - InformationWeek
Software // Enterprise Applications
05:57 PM
Connect Directly

Spam Filtering Floods Innocent In-Boxes

Do challenge/response spam-filtering systems create more problems than they solve? One analyst argues against them.

Two weeks ago, Ferris Research messaging analyst Richi Jennings awoke to find his e-mail in-box filling with spam at a rate of about a message per second. Over the course of two days, a spammer using a botnet -- a collection of PCs that have been subverted through security exploits to send spam -- sent an estimated 10 million messages that purported to come from several of Jennings's e-mail addresses.

That resulted in more than 25,000 bounce messages, from ISPs that return spam to the supposed sender (rather than deleting it) and from challenge/response filters that reply to spam with a note asking the listed sender to answer a challenge question before the initial message gets delivered.

"It's kind of like a denial-of-service attack," says Jennings, who notes that while his coverage of anti-spam issues makes him a likely target for spammer retaliation, he has no evidence to prove that. This sort of attack also is referred to as a "joe job."

Despite the fact the Symantec's Brightmail service did "an impressively good job" in blocking "about half a gigabyte of unwanted, 'backscatter' e-mail," Jennings nonetheless had to deal with hundreds of unwanted messages that made it to his in-box.

For Jennings, the episode reveals a fundamental flaw in challenge/response spam filters. "Challenge/response filters have more Achilles' heels than they have feet," he says.

"Over the last year or two, I've spoken to countless challenge/response filter vendors and they all have their own excuse about why their solution is completely different, and really, yes, they agree this is a problem with badly written challenge/response spam filters, but their spam filter would never do anything so stupid and broken," says Jennings. "And of course I'm looking at an example from just about every one of those vendors that I got two weeks ago."

Jennings argues that because challenge/response spam filters essentially create more spam, they end up harming the user's reputation. "The fact challenge/response causes backscatter means that the users of challenge/response filters are actually, perversely, more likely to have their messages blocked, because their reputation -- the reputation of their IP or domain -- will go down simply because people like me are receiving these things and class them as spam," he explains.

In addition, Jennings suggests that users of challenge/response systems are foisting their spam problem on others, as if one were to respond to litter thrown in one's yard by shoveling it onto the street for someone else to deal with. "What the users of challenge/response spam filters are effectively doing is saying it's my job to filter their spam for them," he says.

Tal Golan, CTO, president, and founder of Sendio, maker of a challenge/response e-mail appliance used by more than 150 enterprise consumers, disagrees strongly with Jennings's assertion that challenge-based filtering has problems. "Without question, the benefit to the whole community at large drastically outweighs that FUD [fear, uncertainty, and doubt] that's out there in the marketplace that somehow challenge/response makes the problem worse," he says. "The real issue is that filters don't work. From our perspective, challenge/response is the only solution. This whole concept of backscatter is just not true. Very, very rarely do spammers forge the e-mail addresses of legitimate companies anymore."

Golan also dismisses the idea that challenge-response systems burden senders with filtering spam for recipients. Says Golan, "Most people out there today are very, very happy to make the world a safer place."

Editor's note: This story was modified to restore the last two paragraphs, which were accidently deleted.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll