Spam is nearing a crisis point for email users and administrators. But we don't have to accept it as an inevitable force of nature. The first step in the fight against spam is to dispel the notion that users are powerless against the onslaught. There is an expanding array of anti-spam tools we can deploy throughout our messaging infrastructures.
However, many anti-spam tools suffer from a serious deficiency: reliance on content filtering to detect spam messages. The fundamental problem with content filtering is that it's a reactive approach for dealing with a dynamic threat. Traditional anti-spam filters compare inbound emails with spam content patterns or indicators that were derived from past spam attacks. Consequently, even the best anti-spam filters can catch only the most obvious and unoriginal spam but often miss creative new spams that don't fit any pre-existing pattern.
What users want are continuously spam-free inboxes, but content filtering can't guarantee that. The only anti-spam approach that can do the job for sure is whitelisting, a technique that some vendors have begun to explore in earnest. Whitelisting doesn't depend on us knowing or caring who the spammers are or how they've constructed messages. Whitelisting starts from a simple premise: that the only messages that should be delivered directly to a recipient's inbox are from senders the recipient already trusts. Typically, a whitelist would consist of every email address in a user's address book, contact list and corporate directory. Most users also would want to include the sender addresses of every email they've moved to a folder and thereby accepted.
Essentially, whitelisting is the approach on which instant-messaging services provide a largely spam-free experience - although instant-messaging services refer to it as buddy lists or contact lists. As email, instant messaging and other collaboration services evolve over the next several years, it wouldn't be surprising to see them converge on a common whitelisting approach to deal with a common foe: spammers who are determined to flood their messages through any available medium.
Of course, internet email is more than a service for message exchange among acquaintances. It's also a medium for people we've never met to contact us. Depending on the sender, message and circumstances, we might welcome messages from out of the blue. What happens to messages from senders who aren't on our whitelists? This is just as important a concern as ensuring a spam-free in-box. Whitelisting can work only if recipients have at least one mail dropbox, separate from their inbox, where their other incoming mail can go.
Most anti-spam products already provide dropboxes in the form of quarantine folders. Rather than deposit each user's mail into a single inbox, anti-spam tools generally forward suspected spam to separate quarantine folders. These folders might be available to mail recipients in their email client or might be available only to mail administrators and be stored in a database separate from the corporate mail store.
Clearly, quarantine folders place a mail-management burden on recipients. With whitelisting, many critical business messages could languish in quarantine limbo unless users make a point of checking those other folders as often as they visit their in-boxes. Fortunately, many anti-spam tools filter, rank and categorise suspect mail by spamminess, according to various criteria. To ease the inevitable burden on recipients, anti-spam vendors will need to continue improving how quarantine folders sort suspect mail for manual inspection. And to address the complex, dynamic nature of spam threats, filtering tools will need to base their suspect-mail rankings on a weighted synthesis of criteria obtained in real time from various sources, including anti-spam probe networks, blacklists and peer-to-peer communities.
Whitelisting - coupled with intelligent ranking of suspect mail in quarantine folders - is the most appropriate and effective method for dealing with mail-content threats such as spam. In the coming years, this approach will become commonplace in commercial anti-spam products and services.
Kobielus is an Alexandria, Virginia-based analyst with The Burton Group, an IT advisory service that provides in-depth technology analysis for network planners.