IBM's recently announced FairUCE zombie identifier software has been hailed as an advance in the war against spammers,...
but have also found some critics, who say that the software could add to the already high level of spam on the Internet.
Critics suggest that FairUCE (an acronym for Fair Use of Unsolicited Commercial Email), which sends out e-mail "challenge" messages that seek to trace received e-mails back to their origins, adds to the amount of spam on the Web.
An IBM scientist rejects this assertion. "We are not creating spam," said Amit Patel, emerging technology strategist, IBM. "Legitimate e-mails do not get challenged at all. The challenge only goes to spoofed e-mails." Spoofed emails are those with forged "From: addresses. But critics counter that the zombie machines that do the spoofing are often computers in the hands of unaware consumers, and that FairUCE will result in further e-mail traffic at their expense.
What FairUCE does is identify whether messages are arriving from a zombie computer, bot device or legitimate e-mail server by ascertaining the IP address of origin. The anti-spam technology focuses on origin, rather than content filtering. IBM claims that this technology offers benefits over established spam filtering methods that inspect each in-coming e-mail.
"This is much simpler than content look-up," said Patel, adding that not only is traditional content filtering very hardware-intensive, but "spammers will find a way to defeat your filter."
Comments from the creator of FairUSE, Mathew Nelson, have appeared on several blog sites. He said that while FairUCE does, indeed, employ challenge/response functionality, but he prefers to think of what the software sends out as an inquiry, because "we're not asking if the sender is human, jus if they are who they say they are, at least to the domain level."
And, he says, "it's stopping 99 percent of spam from reachkng his inbox." Meanwhile, IBM's Patel has his own method of avoiding spam. "I never give my e-mail address out," he says.
FairUCE is currently available for "test driving" on IBM's alphaWorks site, but currently runs only on Linux. Down the road, the software would work with look-up tables and registries of reputable e-mail sources, according to Patel.
Partial or full spam solutions would come none to soon for beleaguered IT departments. IBM's Security Intelligence Services found that 1 in every 1.3 e-mails was identified and intercepted as spam, and that 1 in every 46.1 e-mails was stopped for carrying a virus, Trojan or other malicious content.