Spammed!

Hello, we tried contacting you a while ago about our low interest mortgage

rates. You have qualified for the lowest rate in years. You could get over

$380,000 for as little as $500 a month! Please click on the link to confirm...Best

regards.... Fran Barabas." Thus read the email I received. I don't know

Barabas, neither do the millions of people who might have received similar,

ridiculous, spam mails that put many an email user in a fix. One curses all

those unknown faceless spammers who have become part of our everyday lives. How

big is spam? Pretty big. This becomes evident as we take a closer look at the

available statistics. According to an industry report: "Spammers will send

52 bn messages, 900 mn viruses, and 70 bn harvest attack messages during

2005". From an enterprise point of view, Spam is an employee productivity

killer and managing spam becomes high on the CIO's agenda. Says Rajesh Uppal,

chief general manager—IT, Maruti Udyog, "While spammers can send millions

of spam emails at negligible cost, the recipient pays a considerable price for

receiving these unwanted mails. Besides having a negative effect on employee

productivity, it also affects the bandwidth utilization, data storage, and mail

server efficiency. It is estimated that 56% of all mails that pass through the

Internet are spam. It is clear that as spams rise, the value of email as a

business tool, within corporate institutions will diminish."

The ground reality



According to industry experts, spam is defined as an act of sending the same

message to many newsgroups; messages that are sent to sell products and

services. While spammers very well know that majority of the users will delete

the mails without even opening them. But, given the huge sample to which these

mails are sent, chances are that at least a small percentage of users might

respond, and a product might get sold. This is a kind of brute force marketing

that relies heavily on probability factors. According to a study made on email

hygiene, by the Radicati Group and Mirapoint, a US-based provider of email

server and security appliances: "There is a greater need for end user

education to reduce worldwide spam and virus traffic. Users too frequently click

on the links embedded in spam messages that can reveal active email inboxes and

infect the system with virus and malicious codes. Moreover, the findings

indicated that bad email hygiene continues to drive the economics of the spam

business."

Says Manvendra Bhangui, vice president, systems and software, Sify, "At

Sify we see around 60% of mails to be spam. These are filtered using Bayesian

spam filters using powerful servers, which break each and every mail into words

and calculate the probability of a word being spam. This is done using huge

dictionary of spam and non-spam words. Indeed, many large ISPs have suffered

major system outages as the result of massive junk email campaigns."

Managing spam



Quips Thennavan Subbiah, country manager—India, IronPort Systems,

"The email security crisis can be managed only with the right technology

and processes in place. Once the email address gets into the spammers' mailing

lists, the volume of spam is only going to increase. Companies should also look

for technology solutions that effectively guard against directory harvest

attacks."

There are a lot of solutions in the market today. "Basically, the

solutions can be broadly categorized into two types-preventive and reactive.

Preventive filters act as early-warning systems for IPs sending spam. This

enables companies to block and throttle spam at the connection level. Connection

level blocking frees up system resources to process legitimate email. Even if

the volume of spam increases, additional capital investments are not required.

While reactive filters look at the content of the email to categorize spam, this

approach consumes a lot of system resources as the spam volumes increase,"

says Thennavan.

But, dealing with spam is a very difficult task because spammers have a wide

array of tools and technologies available to them that make it easy for them to

send the mail but difficult for the receiver to communicate back with them, or

have any authority over them. It is also difficult to deal with them because

spam almost always comes in as a normal email. Given that, how can technology

decides automatically what content is undesirable?

Reflecting on this critical issue, Manvendra says, "One solution does

not work for all. Some of the generally accepted solutions start from the kind

of email infrastructure an enterprise has. For instance, one should implement

and manage a highly scalable spam resistant mail server. One should provide a

spam-free hosted solution. Here, players like us will host the server and

deliver spam free emails to the organization's server. This approach reduces

the organization's bandwidth usage, considerably." With email being a

business necessity, the problem of spam is threatening the enterprise in various

forms. Given that, managing spam and rolling out an anti-spam solution will

increasingly become a challenge to the enterprise CIOs in the days ahead.

Succumbing to Spam A survey made in the US unfolded surprising statistics about email users behavior on spam mails. Have you ever cliked on a link within a Spam Message (other than unsubscribe)?  31% of respondents have clicked on embedded links within spam (not including the unsubscribe link).  Clicking on embedded links in spam messages helps spammers determine 'live' email accounts, which encourages repeated spam attacks. To compound the problem, when an active account within a specific email domain is identified, organizations become more exposed to other attacks, like directory harvests or phishing scams. Even worse, by clicking on embedded links users can be exposed to viruses or other malicious code that can quickly spread throughout an organization, potentially infect outside business partners or customers, or even destroy critical data and create service outages. Have you tried to use the 'unsubscribe' link in the email? 18% of respondents have tried to unsubscribe to spam using the 'unsubscribe' link in the email.  Much like clicking on links embedded within spam messages, many spammers exploit the unsubscribe link to identify active email accounts. Once individual email addresses or entire domains are found to be active, the likelihood of follow-on spam or other security attacks increases dramatically. Have you ever purchased a product or service as a result of Spam? Over 10% of respondents have purchased products advertised in spam.  With the near-zero cost of sending out huge volumes of spam messages combined with the low business barriers to entry, the fact that more than one in ten email users are purchasing products advertised in spam is clearly continuing to drive the economics of the spam industry. Source: Radicati Group & Mirapoint survery, March 2005

Shrikanth G in

Chennai

--------------------------------------

Fixing Spam

Sify's Manvendra Bhangui divides the spam solutions into two broad

categories-for individual users and administrators. Based on these categories

he advocates some popular methods for fixing spam.

For individual users



Using the filtering capability of Mail Clients:

The technique used in most

of new email clients is Bayesian filtering. This technique uses mathematics and

involves the user to train the software to recognize undesirable content, based

on personal reading habits. Latest versions of Eudora, Outlook, Netscape Mail

have filtering capabilities ("If the subject line contains the word 'mortgage',

put this message in the Trash.").

Real-time

third party black-hole lists: These blacklists work by publishing IP addresses

that the spammers use. This is a very clumsy way of blocking mails. By the time

recipients get flooded with spam, the spammers are already using a new set of IP

addresses. It is usually the ISPs who bear the brunt of these blacklists. These

lists are the source of much controversy because the criteria for being

"listed" can vary so widely, depending on the mission (and sometimes,

personal preferences) of the people or organization maintaining them.

Manvendra Bhangui, vp,  systems and software, Sify

Whitelist Strategy: One can also employ a strategy where you accept mails

only from known "good senders." When an unknown sender sends you a

mail, your system can send a mail back asking for confirmation from the sender.

A very good implementation of this is Tagged Message Delivery Agent (TMDA).

Complain about the spam you get: Spammers want you to just hit the Delete

button if you are not interested in their advertisements. SpamCop (www.spamcop.net)

is a convenient tool for sending a spam complaint.

For administrators



Controls at the SMTP server:

Use of Mail Transport Agent (MTA) like qmail or

postfix, which has a mechanism to block network traffic, based on various

criteria like IP addresses, addresses without DNS entry, invalid envelope, etc.

Using an external virus or spam scanner will always impose performance

overheads, and having an in-built scanner can reduce overheads substantially.

Using Message Submission Port: This involves running your MTA on a port other

than port 25 (the default for SMTP). A standard port for message submission is

587. The administrator should enforce authenticated SMTP on this port. Forcing

authentication means that spammers will not be able to use your mail server for

sending out mails. Other options include using Bayesian Filters like bogofilter,

dspam, and spamassasin. These are extremely good spam filters, which catch spam

with 99% effectiveness. Other approaches like domain keys create domain level

authentication and act as spam guard.