Practical Technology

for practical people.

Mission Impossible? Stopping Spam


Your mission, should you choose to accept it, is to stop spam from overwhelming your bandwidth and entering your customers’ mailboxes. We have every faith that you and your anti-spam efforts will be successful. If not, your company will, of course, disavow any knowledge of your actions. This message will self-destruct in five seconds…Mission impossible? It used to be, but there are things you can do to stem the spam tide. And now, more than ever, is the time to strive to stop it. According to Ferris Research, a San Francisco and London-based e-mail and groupware analysis firm, finds that, “For U.S.-based ISPs, 30% of inbound email is spam, while at U.S.-based corporate organizations, spam accounts for 15% to 20% of inbound email. And that, “In 2002, the total cost of spam to corporate organizations in the United States was $8.9 billion.”Sounds unbelievable? Think again. Many ISPs think that Ferris’ numbers are on the low side. David Daniels, president and CEO of Starfish, a small North Carolina ISP reports that, “Our spam filters reject about six emails for everyone we accept.” He’s not the only one with awful experiences. James Triplett, CTO and founder of Thelix Internet of Amherst Massachusetts’s says that his company, “recently implemented a spam blocking solution, and was astounded to find that we are now blocking about 60% of the incoming traffic. 35,000 – 45,000 spam attempts per day, with about 10,000 messages accepted.

And, spam is only going to get worse. In May 2002, the Coalition Against Unsolicited Bulk Email, Australia did a survey showing that the amount of spam is doubling every 4.5 months. Spammers are also trying new ways to get mail into the Internet. J. D. Falk, member of the Coalition Against Unsolicited Commercial Email (CAUSE) Board of Directors says, “Forged headers are the (new) standard, because they still fool the vast majority of recipients.”

That only makes users hate spam more, but what many people don’t realize is how much spam hurts the bottom lines of ISPs. Alexis Rosen, president and co-owner of Public Access Networks, which runs Panix, the US’s second oldest still running ISP, finds that the “majority of incoming mail is spam. And, that, in turn, “chews up a lot of bandwidth and disk space.” But, what really eats up system resources and “puts significant stress on the mail server” is the constant disk I/O. “Disk activity is the most precious and expensive resource we have.” That, in turns, affects Panix’s, and every ISP’s bottom line.

How bad can it get? Daniels says, “In addition to the cost of bandwidth we have to run two mail servers. One does primary spam filtering and the second is a mailbox server. Running everything on one box was slowing down mailbox access even though the machine should be capable of supporting at least 10 times as many accounts as were on it. One of the techs or I will spend an hour or two a day answering customer spam complaints and updating Access Control Lists. The cost is substantial.”

That’s why, according to Marten Nelson, a Ferris Research analyst, “most ISPs use server-based (anti-spam) tools.” Nelson says corporate mail administrators have lagged behind ISPs. That’s because corporation e-mail addresses are less exposed to email address harvesting attacks. Ferris found that their spam load was more in the 20 to 25% range.

Corporate e-mail may be due to be hit by more spam. Mail harvesting attacks (MHA) in which a program attempts to send mail to a corporate domain and records which addresses don’t bounce are becoming more common. Making matters even worse, aggressive MHAs can also act as denial-of-service attacks.

To try to put spam back in the can, ISPs use a variety of products. Joyce Graff, a Gartner vice president and research director, believes that there are three primary approaches to fighting spam: hire a service, install an appliance or install layered software.

In a report on spam, she suggests “Smaller enterprises in particular (those with fewer than 5,000 employees) should seriously consider using a service.” Postini, one such service provider, uses a typical approach of intercepting and filtering all mail send via Simple Mail Transfer Protocol (SMTP) before it arrives at the gateway.

The most popular anti-spam program though, according to Graff, is, “Brightmail with the dominant share of the service provider market.” Unlike Postini, Brightmail is sold primarily in a product line that runs on Windows2000 and Solaris.

The other major commercial anti-spam players, according to Ferris are “MAPS, Trend Micro, and Tumbleweed. Cloudmark and MailFrontier are new entrants that have interesting approaches to fighting spam.”

Some companies, though, also like to build their own solutions. For example, Panix offers users a variety of anti-spam tools based on using filters built around the procmail Unix mail processing utility and SpamAssassin, a popular open source mail filtering program for Unix and Windows. There are other popular open source anti-spam products like Len Conrad’s IMGate, which acts as a SMTP filter sitting between mail servers and the Internet.

Regardless of the programs you use, you should supply the anti-spam programs at the server, not the client, level. While client solutions are very popular, they don’t help save your bandwidth or disk I/O and that’s where the re-occurring costs of spam bite any Internet providers the hardest.

It works well, but, as Conrad says, “there is no one ‘silver bullet’ to stop abuse. There is not even a dominant approach. The only ‘universal’ is that mail abuse levels are horrendous. We are at war.”

Leave a Reply