Reduce your intake of spam

In the picture
That may explain how so much spam is being sent, when there are so few open relays.

But it still doesn’t account for how much of it ends up in your inbox. When we looked at anti-spam tools in PCW a couple of years ago, some of them were remarkably effective, removing or flagging a high percentage of the junk.

Now, though, it’s a different story. A typical inbox will be full of not just the old-fashioned ads for assorted erotic enhancements, but offers of exclusive watches and – most recently – tips for shares to buy.

Needless to say, the pills don’t work, the watches are likely fake and you’ll lose money on the shares. But how does all this evade your spam filtering?

The spammers are cunning; a couple of years ago, Bayesian filtering was touted as one of the great tools for spotting spam. Instead of merely just looking for key words and phrases in a message, and filtering on those, it analysed spam for all the words, and allowed you to ‘train’ the system with good and bad messages.

The idea is that some combinations of words are typical of spam, but the same words in other contexts might not be. By weighing the probabilities, a Bayesian filter can capture a lot of spam.

However, it didn’t take long for spammers to cotton on to it, and that’s why much junk mail contains seemingly random portions of text – you might not see it if it’s in white on a white background, but it’s there – and Bayesian filters read it alongside the spam. Put enough random ordinary words and phrases in and there’s a good chance the message will sail through your filter.

There are other techniques too; systems such as Cloudmark and DCC calculate check sums or fingerprints of spam messages and share them on servers. Mail servers can use the fingerprints to identify junk, and the systems are designed with a certain amount of fuzziness, to allow for common customisations in messages.

But once again, while it might take a lot of effort for a single system to customise millions of junk emails, slowing down the sending, due to the zombie networks putting massive computing power in the hands of the senders, enough random junk can be included in messages to make fingerprinting less reliable.

And then, there’s the latest technique: image spam. While spammers have often used images to show their products, there’s a recent marked increase in their use: according to McAfee, it’s now 40 per cent of spam and rising, four times the level last year. This is evident for ‘pump-and-dump’ share scams (where the object of the spam is to inflate the value of a company’s shares by conning you into buying them).

With no real text available for scanning, and messages arriving from a huge number of different IP addresses, it’s very hard to spot these messages when they arrive at a mail server.

In theory, you could run character recognition on the messages, but that would use an awful lot of processing time. You can’t simply block messages with images either, since so many people share photographs, or attach their company logo as a signature to emails.

Fighting back
With so much spam around, it’s no wonder that some people are wondering if the internet needs a new mail system. However, this is not likely to happen. For one thing, there are simply too many people using existing standards to make migration easy. For another, there are those zombie hordes; with so many systems compromised, it surely wouldn’t be long before spammers found a way to hijack them.

Solutions are likely to be technical – including new techniques to verify email, which can be piggybacked on to the existing systems – and legal, fighting spammers in court, where they breach laws on junk mail.

Meanwhile, what can you do to keep your inbox clear? It’s obvious that, especially with image spam, it can be very hard for desktop anti-spam software to do an effective job. It will still, of course, work on many of the other types of junk mail, by simply looking for keywords, blocking known spam domains or simply using a whitelist of your known contacts. But it seems that to manage the problem effectively, spam really needs to be fought on the world’s email servers.

One of the traditional tools to do that was the blacklist – a list of IP addresses of known spammers, which enables mail servers to reject messages as soon as the spammer tries to connect. While such lists have their place, and can prevent commercial email marketing firms from pestering you, as organisations like Spamhaus have found out, business spammers tend to fight in the courts when their ‘right’ to pollute our inboxes is infringed.

There are other techniques to determine spammers too; one is to try and send a mail back to each machine that sends you a message; but this can be resource-intensive, and not always reliable.

More practical are two new technologies. One is greylisting (see box on the next page), which can help stop one-shot mailing attempts by spammers, and the other is the Sender Policy Framework (SPF). Both can be added to your own mail server, and are being used by a growing number of ISPs, hosting companies and businesses.