Sitewide
RSS Feed:
Sweeping Spam under the Carpet
 |
By: Alastair Revell, Managing Consultant, Revell Research Systems Published: 5th October 2007 Copyright Revell Research Systems © 2007 Syndicated from: Revell Research Systems |
 |
Delicious
Digg
reddit
Facebook
StumbleUponUnless I am greatly mistaken, there has been yet another surge in spam in the last few weeks. Like many firms, Revell Research Systems uses a fairly sophisticated anti-spam system, which generally performs pretty well. It occasionally needs tweaking to improve its detection rate, but on the whole, it does its job well.
However, I am acutely aware just how much spam is actually chucked into our email system on a daily basis. It is literally huge. There is the spam that is sent to our active email accounts and then there is the massive amount sent to random addresses in the hope that something might strike lucky!
Worse still, spam is increasingly being sent with large attachments, which eats away at our bandwidth.
I believe that the majority of Internet users are blissfully unaware of just how much spam is actually in circulation (although they know that they receive an unreasonable amount). The problem is that much of it is sent to non-existent people and is handled in the background by email servers, whose time is now mostly devoted to handling spam email, which means the sheer scale of it is well off most people's radars.
This is, of course, the nirvana that corporate IT departments are asked to achieve – no spam reaching their users.
However, I really can’t help but think that this is little more than sweeping spam under the carpet. Sooner or later, we are going to have to bite the bullet and work out how we are going to stop spam altogether rather than simply hiding it.
Reader Comments
We are no longer accepting comments against this item. We suggest contacting the author directly.
8th October 2007: 'Anthony' said:
Unless we have an Internet emailing authority I don't think you will ever stop spam altogether, we haven't stopped physical junk mail yet and that's been around long enough. What we can do is to continue minimising SPAM by using hosted services such as MessageLabs to take the burden off IT departments.
9th October 2007: 'Jeremy' said:
We need Internet authorities, not just for email. Way too much time is wasted with SPAM, phishing, web bots, hackers and DoS attacks.
Plus it all gets rather costly...
12th October 2007: 'Alastair Revell' (Author) said:
Anthony/Jeremy
Many thanks for your respective comments. They are much appreciated.
I think removing the burden from IT departments by using hosted services actually only shifts the problem in terms of the bigger picture, which is what really concerns me.
By doing this, we are not actually solving anything. We are simply hiding the problem, while it grows almost exponentially under the carpet. Sooner or later, this is going to bite us!
I think we must embrace some sort of Internet authority, as Jeremy suggests.
Alastair
12th October 2007: 'thickmike' said:
I share the "bigger picture" concern. Can we continue to throw horse power at the web in order to cope with spam, junk etc. which, according to some statistics, now comprises more than 85% of all e-mail traffic? There is no other situation I can think of which would tolerate such gross misuse of a public service. Sadly, regulation seems the only way forward.
12th October 2007: 'Mike' said:
Frankly, until we figure out how to identify and remotely take down the servers sending the spam, we won't solve the problem. Unfortunately, this is considered illegal, so it looks like a privately-funded vigilante effort is the only answer. Let the server wars begin!
12th October 2007: 'James' said:
Who is the best body to petition about this? Action needs to be taken ASAP. Businesses are drowing in a veritable torrent of junk email. It has to stop. Did I imagine it or was there going to be an Internet #2 at some stage?
12th October 2007: 'Robin' said:
That's it. Let's start a petition right here. Tell your friends and colleagues to come and put their opinion here. This is a high profile website, so perhaps someone out there in internet cuckoo land will sit up and take note. There is too much spam. We are sick of it!!
17th October 2007: 'Gary' said:
SPAM is here to stay, you can throw as much money at it as you like but you'll never remove it completely. We need to look at the sources and introduce custodial sentences for people who abuse the system. No I don't want to buy Viagra, take out a loan or meet a bride from some eastern european province.
RSS is a good alternative to newsletters.
17th October 2007: 'Alastair Revell' (Author) said:
Many thanks to those who have been contributing their thoughts to this post.
I'm not sure that regulation or law aimed directly at the spammers will be entirely effective. It may or may not be urban myth, but it is commonly alleged that on the day the American CAN-SPAM Act of 2003 came into force, the amount of spam in circulation jumped significantly. What is clear four years later is that this act hasn't done much to stop spam (although there have been a number of successful prosecutions).
The problem is that much spam originates from home computers that have been infected with zombie agents or from spammers themselves in legal jurisdictions less interested in the issue.
I am encouraged that there are various initiatives such as DomainKeys Identified Mail, which was released as a proposal in May 2007 and may become a standard in due course. This aims to ensure that email comes from the domain it alleges to come from, which means that anti-spam systems would be able to cut out forged email, (which from personal experience accounts for a lot of junk email).
If email systems only relay identified email in future then the identity of spammers will be known, and could easily be stopped and even prosecuted.
This solution doesn’t fully tackle the issue of a home PC being infected by a zombie, but the identity of the machine’s owner would be traceable via their ISP, who could address the issue with them. It would be in their interests to do so, too, since infected-home-pc@isp.co.uk could lead to all email from isp.co.uk being blocked by many organisations because it had a poor reputation for allowing the proliferation of spam.
This obviously doesn’t entirely stop the background spam that is not seen by the majority of users because its eliminated before it gets to them, but perhaps if law was introduced to force all email systems in a jurisdiction to ultimately only relay identified email then a considerable amount of spam would not make it beyond the confines of the originating ISP’s system or as it entered a jurisdiction that required its deletion.
The problem with any change to the Internet email system is that it needs to be backwardly compatible. You can imagine how irate legitimate senders might feel if their email was stopped because their organisation or ISP didn’t support the new standard. I can, therefore, foresee a period of limbo if this solution proves viable.
However, the risk with any such limbo period is that the final step will not be taken, leaving unidentified email in circulation to clog up the Internet. We may need regulation, and maybe even legislation, to push for this. We can also put pressure on our suppliers to support any future standard at the earliest.
I agree that it seems unlikely that spam can be eliminated completely, but we must move towards stopping its transmission rather than simply filtering it out and hiding it.
- Alastair
The messages above were all contributed by IT-Director.com readers. Whilst we take care to remove any posts deemed inappropriate, we can take no responsibility for these comments. If you would like a comment removed please contact our editorial team.