Spam Slayer: Spotting the good guys

SAN FRANCISCO (09/22/2003) - This new weekly online column chronicles the spam wars and offers advice. Send your spam gripes and questions to spamwatch@pcworld.com. Our inaugural writer is frequent spam-beat reporter Daniel Tynan; later this month Tom Spring will take the column's helm. As always, your comments and suggestions are welcome. Return to the SpamWatch page for more articles.

A spam filter is like a doorman at an exclusive nightclub; its job is to turn away unwelcome visitors while letting invited guests inside. But because filters can give the boot to legit e-mail along with spam, e-mail service providers (ESPs) are desperate to get on the guest list.

Their solution? Reputation rating systems that separate the party crashers from the VIPs.

Naughty and Nice

On September 18, Cloudmark announced an e-mail rating system that should help Internet service providers identify messages from responsible ESPs. Like Cloudmark's SpamNet filter, the rating system uses a peer-to-peer network. When enough SpamNet users identify a message as spam, Cloudmark makes a "fingerprint" of the message and uses that data to block future e-mail containing the same print.

Bulk e-mailers who sign up for the Cloudmark system will be allowed to send e-mail with impunity; but if they start spamming, their reputations will drop and they'll get blocked, says Karl Jacob, chief executive officer. ISPs (Internet service providers) and corporations could use Cloudmark's system to let e-mailers with good reps bypass their spam filters, resulting in fewer legit messages being stopped.

Cloudmark isn't the first to stumble onto this idea. Bonded sender programs, like IronPort or Habeas require bulk e-mailers to post a cash bond, which they forfeit if they send spam. IronPort goes one better with SenderBase, a remarkably rich database that pulls data from in-boxes at 11,000 organizations, monitoring nearly 5 percent of all e-mail traffic, says product manager Craig Sprosts. SenderBase reveals who's sending the most e-mail on the Internet, if they're using open proxies or bogus IP (Internet Protocol) addresses, and if they're on any of the major blocklists. IronPort plans to boil all this information into a numerical ratings system it will publish on the SenderBase site later this year.

Policing Practices

Then there's Project Lumos, a proposal cooked up by the E-mail Service Provider Coalition (ESPC) that would establish a type of "credit bureau" for e-marketers.

Lumos would identify bulk e-mailers and rate their adherence to an agreed-upon set of standards, such as how they handle opt-out requests. ISPs and consumers could decide whose e-mail they'll accept, based on the sender's score. Executive Director Trevor Hughes says the ESPC will reveal the gory details of how Lumos will work at the end of September.

Once service providers identify legitimate senders, they can focus attention on the real bad guys, Hughes says.

"Today, ISPs hesitate to crank up their spam filters to avoid false positives," he says. "Tomorrow they'll really be able to crank up the dial."

Spam Q&A

Question: I don't want to spend money on a spam filter that may or may not work. Can't I simply create rules in my e-mail program that will take care of the spam?

-Bob F.

Answer: Sure. But remember, spam changes by the hour, so you'll need to continually add new rules and tweak existing ones. For example, you could create a rule in Outlook Express to nuke any message containing the word Viagra, but you'll also want it to look for v1agra, vi*agra, viagera, and every other possible misspelling. Read "Internet Tips: Wage War on Spam With Old Tools and New Filters" for step-by-step instructions on how to create message-sorting rules in several applications.

While you're making rules, consider this neat tip: A lot of spam comes with random garbage characters inserted at the end of the subject line, usually preceded by a series of blank spaces. Creating a rule that searches for six or eight consecutive blank spaces in the subject line will catch a lot of the nasty stuff. (Kudos to Norris C. of Madison, Wisconsin for that idea.)

Another tip: Instead of deleting the messages, create a spam folder to stash them. Check it periodically, just in case your rule catches genuine e-mail along with the junk.

Question: I recently bought I Hate Spam and then discovered that it doesn't support Hotmail. Are there any spam filters that do?

-George L.

Answer: Hotmail accounts tend to be a magnet for junk. Unfortunately, I've yet to find a solution that's totally effective-and that includes using Hotmail's own junk filters.

McAfee SpamKiller 5 (US$50 on disc) filters e-mail for both MSN and Hotmail, but in my informal tests I found that it blocked only about 70 percent of the stuff. You could also choose to forward your e-mail through a third-party filtering service, such as SpamCop, which costs $30 yearly. But first ask yourself: Does it make sense to spend $30 to $50 to filter a free e-mail account? You might just want to ditch your old address and start over.

Question: I'm getting more and more spam with foreign characters in the subject line. How can I filter them out?

-Mike M.

Answer: Well, you could create a rule inside your e-mail program that searches the subject line of each message for these characters and delete any e-mail that contains them (see my response to the first question). Many antispam utilities let you create a new rule or filter that does the same. The easiest way is to copy typical characters from one message and paste them into your rule. SpamKiller 5 also lets you block e-mail written in certain character sets, such as Korean or Cyrillic.

Have a spam-related question or problem? Send it to spamwatch@pcworld.com.

Contributing Editor Daniel Tynan is pinch-hitting for regular Spam Watch columnist Tom Spring, who is currently on paternity leave.

Join the newsletter!

Error: Please check your email address.

More about Good GuysMcAfee AustraliaMSNSpamCop

Show Comments

Market Place

[]