LAS VEGAS -- Even though there are no sure-fire solutions for stopping spam, experts say a combination of improving antispam technology and diligent business practices can keep unsolicited e-mail marketing messages from clogging enterprise inboxes.
A panel of industry luminaries examining the spam crisis Wednesday at Comdex Las Vegas 2003 admitted that the problem is only getting worse. Michael Osterman, president of Black Diamond, Wash.-based consultancy Osterman Research Inc., told attendees that 50% to 60% of all e-mail is spam, and that the percentage is rising.
Still, there are ways to stem the tide. Paul Judge, CTO for Alpharetta, Ga.-based e-mail security vendor CipherTrust Inc., said an enterprise can effectively filter out most spam using a three-pronged approach involving deterrence, protection and detection.
First, Judge said, a company should enact authorization tracking and non-repudiation procedures to block as much spam as possible at the firewall level, preventing it from consuming valuable network bandwidth and storage space. Next, an enterprise-level spam filter, the combination of an authorized e-mail domains file or "whitelist" along with a challenge-response message validation mechanism, can weed out less obvious spam.
Third, Judge said, a detection layer at the client level can help filter out spam based on the sender's name, message content and geographic origin. The best systems, he said, are also beginning to incorporate what he called "collaborative filtering technology," which essentially teaches software to spot spam using the same logic that humans use when eyeballing subject lines in their inboxes.
Judge and panel moderator Dave Piscitello, president of networking advisory firm Core Competence Inc., Chester Springs, Pa., also suggested keeping tabs on the initiatives of antispam groups, such as SpamCon, the Coalition Against Unsolicited Commercial E-mail (CAUCE), the Anti-Spam Research Group (ASRG), SpamArchive.org and Antiphishing.org.
Complicating the issue, Osterman said, is that the definition of spam is nebulous at best, and unique to each enterprise. For instance, e-mail messages about mortgage rates may be considered spam to most companies, but that might not be the case for financial services firms.
One disturbing trend is that spam opens the door to other messaging security problems.
"The increase in spam volume, as well as tactics that spammers use to get into your e-mail server, represent a threat to the uptime of your e-mail system," said panelist Scott Petry, founder of Redwood City, Calif.-based e-mail security vendor Postini Inc. For instance, he said that directory harvest attacks, in which spammers attempt to obtain users' e-mail address books, now constitute approximately one of every 587 SMTP connections.
Attendee Craig Donham, a systems engineer with L3 Communications Inc. in Greenville, Texas, said his company uses a spam-control system that results in few spam messages landing in his Microsoft Outlook inbox. Still, it's a major problem at home, where 14 of his 16 to 20 daily e-mails are spam, often of a pornographic nature.
"It's bad enough that I can't let my 13-year-old son read his e-mail," Donham said. He's optimistic that a federal spam law might help, but he suspects that many spam senders would be undeterred.
FOR MORE INFORMATION:
Article: Spam is a pricey pest