Techniques to manage spam

Previously, we spoke about 'what is spam' 'the origin' etc.... we will now continue talking on how to manage. The earliest anti-spam technologies involved blocking certain e-mail addresses and/or domains. I know we use this even today. But the spammers find all means to reach your mail box, so this technique quickly became unviable. All they do is to fake or change the source of their mails each time, once you get a mail from a@xyz.com, you block it, the next time the person manages to send you unwanted mails from z@abc.com, so it goes on...

This resulted in finding out the next technique - blocking IP addresses used by spam operators. Unfortunately this also does not prevent spam. Spammers overcome this problem by either rotating their IPs or routing their mail through third-party IP's, by exploiting loopholes on their systems.

The next technique which was used to stop spam is a content-based approach. This technique tries to classify spam based on content. E-mails with subject lines and/or content like "Viagra" or "Lose weight" are tagged as spam. Ya, you guessed it right, spammers quickly found ways around this by spelling words differently, by using number, by using spaces, etc. etc. They even use images or embedded HTML. (e.g. "V I a g r a" or "V1agra" or V*I*A*G*R*A etc). So this technique to stop spam does not kill spam.

In the process you may loose a lot of genuine mails. Take the example of a Healthcare company or a body care company the same spam words become genuine words which cannot be blocked, so what do they do? Other than wasting time in fine tuning rules and finding genuine mails from the junk mails this method has not resolved the problem of spam. There are other methods like dropping mails except those of pre-approved senders, hash signatures, scoring a mail on spam characteristics all of which has very limited effects.

So what kills spam?

Now comes a new anti-spam approach which includes attempting to recognize all the "click me" links (URL's) and "call me" phone numbers in spam messages. This requires that the spam tables (databases) be updated every few minutes to catch the latest spam campaigns.

Exploring anti-spam solutions

A number of anti-spam solutions are available in the market. They may be grouped as Products and Managed Services.

Products based anti spam solutions

involve installing some hardware or software on your network at its boundary, which intercepts all mails, cleans it of spam and then forwards it to your users. The advantage with a product is that you have full control over the anti-spam process. But it comes at a higher price and does not save bandwidth and storage costs-since all mail is downloaded to your organization anyway, before being handled. The product based anti-spam solution is best suited for a large organization.

On the other hand Managed Services involve outsourcing your spam control to a third-party. Here the problem is dealt at source, so that only acceptable mail enters your organization. This results in higher cost savings moreover there is no investment in hardware or software; savings on bandwidth, and typically lower price points. But it involves routing your mail through some third party provider and your mail has one more hop, so latency and privacy issues do crop up. The Managed service anti-spam solution will meet the requirements of a small and medium organizations.

Each of the above has its own advantages or disadvantages. But both the above will help 'kill the spam' to a greater extent in comparison to the earlier techniques used.

Checkpoints before buying:

Keep the following points in mind while choosing an anti-spam solution for your company.

  1. If it is a product solution find out how much of controls are with you. Find out how user friendly the software is? You should not land up buying hardware and software which is more difficult to manage than the spam itself.
  2. If you are looking at a Managed solution, do not forget to check on the number of hops the mail takes before reaching your mail box.
  3. Do not forget to check on the security of your mails. Does the Managed Service provider physically see your mails?
  4. The accuracy of an anti-spam solution is determined by the percentage of spam mail it identifies. Any good anti-spam solution should net at least 90 percent of all spam.
  5. However, if the system is configured to be more sensitive, then more false positive are reported. False positives are nothing but the probability that a good mail gets marked as spam.
  6. False positives are bad news for any business, since even genuine mail is lost as it has been classified as spam. A high false positive rate also means more wasted man-hours spent going through the spam mail folder every day, hunting for any mail wrongly identified as spam.
  7. A 0.1% or lesser false positive rate is a good rate i.e least 1 in 1000 mails are lost. That means the solution should deliver at least 99.99% of your good e-mails losing maximum 0.01% of them.
  8. Don't forget to check on what change is to be made to your mailing system to integrate the anti-spam solution. Do not choose a system where the user needs to make changes. Changes should take place only at server level. We should not expect that the user will change the way he receives mails, just because you have a new Anti-spam solution.
  9. A good anti-spam solution should have multiple levels of spam checking, using many or all of the technologies listed above.
  10. The solution should also have a "learning" module that enables it to improve its accuracy with time. This is normally achieved with a feedback mechanism, where you forward spam mail, missed by the system, back to it. It then analyzes the spam and tries to block similar ones in the future.
  11. Ability to create personal blacklists (block these mail !!) and white lists (wow! I love to receive these mails) is also very important.
  12. The anti-spam solution should cater for easy creation and modification of these lists.

Don't turn your spam problem to anti-spam problem :

Now lets come to some ground reality. It is not possible to solve the anti-spam problem with 100 percent efficiency. Some spam always gets through. What we would like to advice you is, do remember the above points while buying a solution. After installing the solution if you end up loosing good mail, or spend time & energy in monitoring, fine-tuning and training users on the anti-spam solution then you have just got a anti-spam problem in place of your spam problem!