The truth about spam

Yanki Margalit, chairman and chief executive officer of Aladdin Knowledge Systems, looks at a positive development in the battle against spam.

The spam wave flooded global email in the early millennium. Losses to corporations and businesses reached into the billions of dollars, and users found their mailboxes bombarded with unwanted emails.

And as much as it has been about the huge numbers of messages, spam has also been about offensive content: pornographic mailings, offers for cheap prescription drugs or watches and so on.

Between 2000 and 2003, growth of this junk email epidemic was on a steady rise, and industry experts issued dire predictions regarding future numbers.

The long awaited downturn

But as 2004 came to a close, the statistics told a different story.

Major ISPs such as AOL reported significant drops in spam and spam-related complaints, measured via user hits on the 'spam' button, the number of messages automatically making their way to the spam folder, and the number of blocked messages in general.

Other organizations tracking spam statistics noted the levelling-out of spam numbers, after many years of steady growth.

Another issue effecting the spam downturn (or levelling, depending on whose numbers you choose) is the fact that the spam business has already become saturated - the numbers simply can no longer be increased.

Those who are in a position to send spam are already doing so, including amateur spammers who accept shady offers to 'make money working from home', hoping to add an extra few dollars to their monthly earnings.

Yet even with the decrease, spam continues to be a problem of serious proportions.

CAN-SPAM - The Act that can't

Going into effect on January 1, 2004, the US federal CAN-SPAM Act (short for Controlling the Assault of Non-Solicited Pornography and Marketing) may have been a milestone in the organized effort to stem the growth of spam, but it proved lacking when it came to results.

The Act established minimum requirements for commercial email and defined the penalties for those who broke them. The CAN-SPAM Act also gave consumers the right to ask emailers to stop sending them spam, by providing an opt-out method.

In late 2004, after the act had been in effect for nearly a year, the Federal Trade Commission issued an official report, examining the Act's effectiveness.

The report cited a number of problems with the Act and its enforcement, including the difficulties in accurately tracing spam email and gathering evidence that would be credible in court.

The authors also noted that spammers began shifting to offshore locations from countries with no spam oversight, escaping the jurisdiction of US federal laws and those of other nations.

In short, the CAN-SPAM Act has failed to live up to its expectations, and the requirements it set out for commercial emailing are routinely ignored.

The secrets of spam's success

One of the major reasons that spam succeeds is because people answer it. It succeeds because it purports to offer a service or product that potential customers value.

It also succeeds because frequently, it does not appear to be obvious spam - it is written in correct English and in a professional manner.

There is also localized spam, which appears less suspicious than generalized spam, and is sent in the language of the recipient's geographic location, making localized offers for goods or services.

Other than effective laws, which thus far have been hard to come by, technology offers consumers the next best hope for an escape from spam.

Methods of identifying and blocking spam have become more efficient, and global ISP cooperation in tracking down spam servers has grown.

At the same time, users are being given their own tools for dealing with spam - perhaps one of the most important developments in countering the influx of unsolicited email.

The spam reality: blocking versus management

Some spam will always get through - and with time, it has become more and more obvious that managing spam is more realistic than blocking it entirely.

This is also due to the fact that spam lures its recipients in a psychological manner - through tempting subject lines for products in which they are interested, localization, and the like.

While many spam solutions push the idea that a higher rate of spam blocking means a better solution, this isn't really the case.

A good spam solution is not measured in its rate of spam blocking, but rather, in its rate of false positives (a legitimate email mistakenly identified as spam) and how easily a user can manage these.

Take the average user, for example. Say he or she receives 20 spam mails per day, and the solution blocks 98 per cent of spam - the difference is negligible when compared to a solution which blocks 95 per cent.

These same solutions which play up their high blocking rates often hide the other side of the equation, the manner in which they deal with false positives - which frequently translates into more headaches for users and administrators.

False positives always occur, as what one person (or solution) identifies as spam isn't necessarily spam to another - subscription mass mail newsletters, for example.

In a truly effective solution, mail blocked as spam is put into quarantine. There, they remain accessible to the user who can then review them and verify that mails blocked actually are spam and not legitimate mails meant for the inbox.

A user can also retrieve emails from quarantine, and define that in future mailings they be delivered directly to the inbox. In other words, the user independently manages spam without turning to the IT administrator for help.

The bottom line

Spam will always be around, but you can make things better by implementing a management-oriented spam solution. In the process, you save your company time, money and increase employee productivity.

Yanki Margalit is the founder, chairman and chief executive officer of Aladdin Knowledge Systems.

In 1984, he designed and developed several products in the areas of artificial intelligence and software security, founding Aladdin to market them. Aladdin is a global leader in the software digital rights management and internet security market.

www.Aladdin.com

January 2006

Blueprint for Cyber Security

Our vision is a world properly protected from cyber threat. This blueprint sets out how we can deliver that solution, starting in health and care.