Anti-spam software that deploys statistical analysis techniques to "learn" about spam patterns in E-mail messages can lessen the amount of management required. Bayesian techniques, which combine analysis with statistical probabilities, can sometimes identify spam based on stored analysis of previous spam. The more spam it identifies, the better it gets at recognizing new spam. A January Gartner study cautions, though, that such artificial-intelligence systems work best on the desktop, where they can focus on learning a single user's definition of spam. If deployed on a mail server or gateway, care should be taken to not "stray into the realm of opinion or personal choice" when deciding which E-mails are spam and which aren't.
Newer Anti-spam Techniques
Content filtering and blacklisting are the business technologists' front-line defense against spam, but new techniques are necessary. This isn't a level playing field--spammers have your identity information, but you don't have theirs.
Secure messaging is one area that shows promise for defeating spam. Secure messaging makes use of whitelists to validate incoming E-mail, but it also requires that senders have valid digital credentials--some form of encrypted ID. The ID might validate the domain name people are sending E-mail from, or it may validate the user sending the E-mail. Some businesses already use public key infrastructure and S/MIME (Secure Multipurpose Internet Mail Extensions) to ensure that only authenticated E-mail passes through corporate E-mail systems. Secure messaging would simply extend the security to incoming E-mail from the public Internet. Using digital identities over the public Internet has proven difficult, though, because there are no universal standards for digital identities.
Updating the 20-year-old protocols that form the basis for the Internet's E-mail infrastructure would make deployment of a digital identity standard easier, and make it harder for spammers to hide from authorities. IPv6, SMTP2, and DNSSEC are emerging standards that could replace the aging TCP/IP (IPv4), SMTP, and DNS protocols now in use. They offer better support for authentication and routing than current protocols.
Educating end users on how to recognize and avoid spam deserves more attention than it's getting. Often, a small percentage of a business' users are receiving the majority of the spam. While that can sometimes occur because of factors beyond a user's control, it also occurs because of people who haven't been judicious about where or how they reveal their E-mail addresses. Replying to opt-out queries inside of a spam message is a typical ploy used by spammers. Responding just tells the spammer that your E-mail address is valid. To avoid these types of end-user errors, a companywide spam policy telling employees what to do is a smart option to consider.
Anti-spam products have moved to the mainstream with astounding speed, driven by pressing need. And spam has found a firm place as a part of our culture. Even Consumer Reports magazine featured a June cover story comparing spam filters for various E-mail clients. Heightened end-user awareness along with tougher laws and better anti-spam techniques are key elements to make the war against spam easier.