The Winner - InformationWeek
Software // Enterprise Applications
04:16 AM
Building Security for the IoT
Nov 09, 2017
In this webcast, experts discuss the most effective approaches to securing Internet-enabled system ...Read More>>

The Winner

Below is the winning letter from the "What Should We Do About Spammers?" contest in Bob Evans' Dec. 6 column, Business Technology: Ends Don't Justify Means, Despite Appeal.

Back To Basics


The solution to spammers starts with the basics. But first, let's see what has been tried.

1. Keyword Filters
This does not work since spammers are pretty creative in finding a million ways to spell V I@Gra.

2. Spam IP Database Block Lists
This was a good idea at first, when many companies were unknowingly running open relays. However, this doesn't pose much of a threat for spammers. They just move on once an IP is identified. Even worse, many mail servers get tagged as a spam sender even though they didn't send any spam. Their only crime was having an IP address in the same block as a spammer.

3. Blacklists
Blocking spam by address is virtually useless. Any spammer can spoof the [send from:] without any problem.

4. White Lists
Only allowing E-mail from known senders is a little drastic. E-mail is supposed to make communication easier, not more difficult. Let's not throw the baby out with the bath water.

5. Bayesian Filters
This started as a great concept. Training a filter to identify spam is a great idea. However, it will not cut down on the amount of spam received by our mail servers. It also takes user maintenance to constantly "train" the filter to understand how spam is evolving. Additionally, many companies are hesitant to aggressively sort spam since they are afraid of losing that one big important E-mail.

6. Legislation
Congress tried to legislate spam out of existence. It appears that these efforts have been in vain. Spam is a technological problem that requires a technological solution.

So we need a technological fix--but not at the client level. E-mail protocols need to be rewritten. IMAP, POP3, SMTP, and HTTP need to be made more secure. Any E-mail protocol should not allow anonymous senders or spoofing. It should be easy to interpret exactly where the E-mail message came from. This will come at the cost of ending a completely open E-mail system; however, it is this open and trusting environment that has created this spam mess.

What then should we do until the future? At my company, we have been using greylisting. You can read more about it here.

From the project Web site:

"Greylisting is a new method of blocking significant amounts of spam at the mail-server level, but without resorting to heavyweight statistical analysis or other heuristical (and error-prone) approaches. Consequently, implementations are fairly lightweight, and may even decrease network traffic and processor load on your mail server.

Greylisting relies on the fact that most spam sources do not behave in the same way as "normal" mail systems. Although it is currently very effective by itself, it will perform best when it is used in conjunction with other forms of spam prevention."

By implementing greylisting support for all incoming E-mail, we have been able to reduce spam by 95% in our corporate environment. That works out to about five spam messages per client per day. This is not a great solution, but unfortunately it is about the best that there is currently available.

Current E-mail protocols are broken. We're still embracing the same standards that existed 35 years ago. It is time to take a fresh look at E-mail standards and limit the damage that spammers can do.

Benjamin Vogel

Return to the story: Business Technology: Ends Don't Justify Means, Despite Appeal

Continue to the other letters: Readers Get Creative About Stamping Out Spam

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll