FTC Study Concludes Masking, Filtering Stop Spammers
Unmasked E-mail addresses received over 6,400 spam messages, while only one spam message reached masked E-mail addresses. Masking is the practice of altering an E-mail address so that it's readable by people but not by machines.
Trickery and technology both play key roles in managing spam, according to a study released yesterday by the Federal Trade Commission.
The agency looked at three aspects of spamming and efforts to control it: the automated harvesting of E-mail addresses on public areas of the Internet; using E-mail address masking to reduce address harvesting; and the effectiveness of spam filtering by Internet Service Providers.
To conduct its five-week study, the FTC established 50 test E-mail accounts at each of three separate ISPs; two used spam filters and one didn't. It also posted 50 E-mail addresses on various Web sites, chat rooms, message boards, USENET groups, and blogs.
Sure enough, spammers harvested many of those addresses and spammed them. However, addresses posted in chat rooms, message boards, USENET groups, and blogs proved less likely to be harvested than those on general Web sites. The FTC noted that some chat room operators took active steps to prevent E-mail address harvesting from online areas under their supervision. E-mail address harvesting qualifies as an aggravated violation of the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM).
The study concluded that E-mail address masking is an effective way to reduce spam. During the course of the study, unmasked E-mail addresses received over 6,400 spam messages, while only one spam message reached masked E-mail addresses. Also known as "munging," masking is the long-standing practice of altering an E-mail address so that it's readable by people but improperly formatted for machines, such as "tclaburn at cmp dot com."
However, the effectiveness of address masking is not foolproof, particularly if a simple masking method (such as the one above) is used. The FTC observed that at least one harvesting program appeared to be able to capture masked addresses and translate them into a useable form by converting the words "at" and "dot" into their respective symbols.
While the FTC concludes address masking is an effective tactic to prevent spam, some Internet users argue the practice diminishes the Internet's functionality for the sake of personal gain.
The study also underscores the utility of ISP-based filtering. After five weeks, E-mail accounts at the ISP with no filter received 8,885 spam messages. The accounts at the ISPs that filtered received 1,208 spam messages (over 86% blocked) and 422 spam messages (over 95% blocked) respectively.
The FTC did not disclose the makers of the two spam filters used in the study. But it did note that the difference between the two ISPs' block rates is not necessarily a reflection of superior technology because the study does not address whether the filtering resulted in any false positives (legitimate messages mistaken for spam).
An FTC spokesperson was not immediately available for comment.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.