As spam gets tougher, so does filter software
SAN FRANCISCO: As senders of junk e-mail grow more cunning in their quest to clog mailboxes with unsolicited ads for mortgage loans and Viagra, makers of filtering software are becoming similarly sophisticated in their efforts to thwart such unwanted mail, or ‘spam’.
Many of the world’s largest Internet service providers, including America Online and EarthLink, offer basic methods to filter out messages that contain certain words used in typical spam e-mails.
But keyword filtering often fails to identify spam that uses more sophisticated techniques, and it can sometimes block out legitimate e-mail. Spammers not only trick recipients into opening e-mails by using intriguing or familiar phrases, they forge sender information and route the messages through computers that are infiltrated by spammers to distribute spam without the knowledge of computer owners.
Websites such as Spamhaus Project (http://www.spamhaus.org) and Spamcop.net (http://www.spamcop.net) allow people to report spam and find out ways to block it, as well as information about different kinds of spam-slamming software. ‘General filtering software is easy to configure, but generates high false-positive rates,’ said Ray Everett Church of technology and consulting firm ePrivacy Group and author of the upcoming book ‘Fighting Spam for Dummies.’
‘I wouldn’t hand control over your inbox to anyone’ by relying only on keyword blocking software like that used by many ISPs, said Andrew Barrett, executive director of The Spamcon Foundation (http://www.spamcon.org), a watchdog group. ‘Use filter services that let you decide what is and isn’t spam.’
Barrett and Church recommend software that uses Bayesian mathematic formulas to determine the statistical probability that something is spam by assigning values to words in the message. ‘The downside is you have to spend a little bit of time with it,’ Barrett said.
Some examples are Spam Bully (http://www.spambully.com), which sells for $29.95, and POPFile (http://popfile.sourceforge.net/), which is free.
Rather than trying to block out e-mails likely to be spam, so-called ‘white list’ software focuses on allowing in e-mail only from legitimate senders. Within this category is challenge-and-response software, in which senders of incoming e-mail automatically sreceive an e-mail prompting them to reply to prove they are not a spammer. Among them is Qurb (http://www.qurb.com), whose software screens e-mail by creating an ‘approved sender’ list. For less than $1 a month, ZoEmail (http://www.zoemail.com) goes even further, inserting a keyword or number combination into the user’s address so only e-mail from senders who know to use that special address can reach the intended recipient.
Such software is not for everyone, though. People — journalists, for example — who need to be able to receive e-mail from unknown sources, and those who subscribe to e-mail lists often find challenge-and-response software impractical. ‘A lot of automated mailing lists, for volume reasons, do not respond to challenge-and-response messages,’ said Church, who uses a combination of SpamAssassin and Cloudmark’s SpamNet (http://www.cloudmark.com).
SpamNet uses ‘peer-to-peer’ technology distributed across multiple Internet-connected computers. It lets SpamNet network users alert each other to new spam as soon as it arrives.
Several anti-spam providers are targeting the ‘phishing’ phenomenon in which scammers try to dupe people into visiting a Web site and provide account information by sending e-mail that appears to be from their bank or credit card company.
Giant Company Software (http://www.giantcompany.com) sells Spam Inspector software that blocks any e-mail trying to exploit known holes in Internet Explorer that spammers can use to ‘phish’ for sensitive information. MailFrontier’s Matador (http://www.mailfrontier.com) identifies fraudulent e-mails and notifies users of new fraud outbreaks.
There are several Websites that offer spam news and other pertinent information, including the Coalition Against Unsolicited Commercial E-mail (http://www.cauce.org), Spam Laws Web site (http://www.spamlaws.com) and Spam News site (http://www.spamnews.com). —Reuters