The Winner - InformationWeek
Software // Enterprise Applications
04:16 AM
Faster, More Effective Response With Threat Intelligence & Orchestration Playboo
Aug 31, 2017
Finding ways to increase speed, accuracy, and efficiency when responding to threats should be the ...Read More>>

The Winner

Below is the winning letter from the "What Should We Do About Spammers?" contest in Bob Evans' Dec. 6 column, Business Technology: Ends Don't Justify Means, Despite Appeal.

Back To Basics


The solution to spammers starts with the basics. But first, let's see what has been tried.

1. Keyword Filters
This does not work since spammers are pretty creative in finding a million ways to spell V I@Gra.

2. Spam IP Database Block Lists
This was a good idea at first, when many companies were unknowingly running open relays. However, this doesn't pose much of a threat for spammers. They just move on once an IP is identified. Even worse, many mail servers get tagged as a spam sender even though they didn't send any spam. Their only crime was having an IP address in the same block as a spammer.

3. Blacklists
Blocking spam by address is virtually useless. Any spammer can spoof the [send from:] without any problem.

4. White Lists
Only allowing E-mail from known senders is a little drastic. E-mail is supposed to make communication easier, not more difficult. Let's not throw the baby out with the bath water.

5. Bayesian Filters
This started as a great concept. Training a filter to identify spam is a great idea. However, it will not cut down on the amount of spam received by our mail servers. It also takes user maintenance to constantly "train" the filter to understand how spam is evolving. Additionally, many companies are hesitant to aggressively sort spam since they are afraid of losing that one big important E-mail.

6. Legislation
Congress tried to legislate spam out of existence. It appears that these efforts have been in vain. Spam is a technological problem that requires a technological solution.

So we need a technological fix--but not at the client level. E-mail protocols need to be rewritten. IMAP, POP3, SMTP, and HTTP need to be made more secure. Any E-mail protocol should not allow anonymous senders or spoofing. It should be easy to interpret exactly where the E-mail message came from. This will come at the cost of ending a completely open E-mail system; however, it is this open and trusting environment that has created this spam mess.

What then should we do until the future? At my company, we have been using greylisting. You can read more about it here.

From the project Web site:

"Greylisting is a new method of blocking significant amounts of spam at the mail-server level, but without resorting to heavyweight statistical analysis or other heuristical (and error-prone) approaches. Consequently, implementations are fairly lightweight, and may even decrease network traffic and processor load on your mail server.

Greylisting relies on the fact that most spam sources do not behave in the same way as "normal" mail systems. Although it is currently very effective by itself, it will perform best when it is used in conjunction with other forms of spam prevention."

By implementing greylisting support for all incoming E-mail, we have been able to reduce spam by 95% in our corporate environment. That works out to about five spam messages per client per day. This is not a great solution, but unfortunately it is about the best that there is currently available.

Current E-mail protocols are broken. We're still embracing the same standards that existed 35 years ago. It is time to take a fresh look at E-mail standards and limit the damage that spammers can do.

Benjamin Vogel

Return to the story: Business Technology: Ends Don't Justify Means, Despite Appeal

Continue to the other letters: Readers Get Creative About Stamping Out Spam

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll