Guild Companies

Brace yourself. It's time to check your e-mail. It's probably got ads for pornography, sexual potency pills, absurd mortgage deals, offers for credit cards, and human growth hormone. There could be invitations to meet sex partners or to join the next group of pyramid schemers who will make tons of money pumping out messages like the one sent to you. You may be offered the chance to put software on your PC that will reveal the secret lives of your favorite personal suspects.

If you're like most computer users, particularly if your e-mail address appears on Web pages, chances are you receive quite a few such messages every day that are formally known as UCE, unsolicited commercial e-mail, and more widely called spam.

As most of you know, the slang use of the word seems to have arisen in a Monty Python routine, and the ever-informative wikipedia fills in some of the background that links the slang use of the word to the branded food product of the same (but capitalized) name.

The people at the company that makes Spam, Hormel, probably didn't like the slang use of their product's name at first, but have learned to live with it. There must have been a lot of people in the far corners of the world who had never heard of Spam before the Internet became more or less universal. That's not true today. So Hormel not only adjusted to the cultural facts, but also decided, in the end, to join in the fun. These days, there's an official Spam Web site offering souvenirs. The souvenirs are related to the immensely popular line of Spam food products. The Web site offers no comfort to recipients of e-mail spam, which is hardly a surprise. Unfortunately, neither does just about any other site you can find on the Internet.

Oh, there are a lot of individuals, nonprofit organizations, and software companies offering ways to fight spammers or block unwanted e-mails. They mean well. They have put spammers under some pressure and made it easy for unhappy recipients to block certain forms of spam. But the spammers have become pretty adept at sidestepping spam traps. As a result, until recently, it's been hard to say whether the anti-spam folk have actually accomplished very much. But recently there was a breakthrough for people who are sick of spam.

One of the best and most reliable spam blocking programs, Spam Assassin, became available for free to the general public in a new form. Originally, Spam Assassin was built to work on e-mail servers, filtering messages before they were put into users' mailboxes. The filtering process is non-destructive. Messages flagged as probable spam are rewritten with a notice prepended to the Subject field and some additional information added to the header.

A suspect message is encapsulated in a way that leaves it visible but does not trigger links inside it, at least when the message is viewed in raw (source) mode. This procedure prevents spam from automatically confirming receipt at a valid address. Spam that downloads any item from a server--typically this is a graphic--can tip off the server that the message hit its target.

Anyway, Spam Assassin is now available under the name SAProxy as a Windows program that will work in conjunction with just about any e-mail client. If you think this software is risky because it comes from the same open source movement as Linux, think again. It was chosen as best of breed by Consumer Reports magazine, an excellent publication but not one though of as technologically esoteric. (To find the article, search for "spam" from the home page, as the URL is difficult to publish in our format.) Moreover, we use it on our own e-mail server at Guild Companies, and in our early tests it has demonstrated a 96 percent or higher hit rate on eating spam.

Disgruntled recipients of spam are legion and, we reckon, vastly outnumber recipients who are indifferent to the flow of unexpected messages.

Spam blocking is already an integral part of Internet service offerings aimed at family users, who are not inclined to install software like SAProxy. Such ISPs as AOL (which purists say is not truly an Internet service provider but which, for all practical purposes, might as well be one) offer free spam suppression. Even ISPs that serve mainly business users often give customers the option of invoking filters that block incoming e-mail that exhibits certain characteristics typical of spam.

One of the most widely used anti-spam techniques is e-mail server blocking, and the blocks are most often applied to two classes of server: open relays and known spam pumps.

Open relays are SMTP servers that don't care where a message comes from, so they will, without checking the identity of the originator of a message, send an e-mail to a copy list of unlimited size. Spam pumps are SMTP servers set up specifically to blast e-mails for their owners and their owners' customers.

A number of organizations compile lists of these servers, which are identified by name, IP number, or both, and offer the lists to e-mail service providers. The lists are provided in a format that can be read by e-mail servers and used as the basis of a message rejection (or bounce). The lists can also be used to quietly flush e-mails without notifying the sender that their message has disappeared. A couple of examples are suggested by MAPS and Spamhaus; there are plenty of others.

Unfortunately, the block list techniques, which used to work very well, no longer produce the same results. There are relatively few open relays. Spammers who have robots that test servers for relay potential don't come up with long lists they way they used to. The operators of e-mail servers have, by and large, learned how to prevent unauthorized use of their systems.

Spam pumps are another matter. Some ISPs specialize in selling services to customers who might not be welcome at more conservative locales. Such services are, generally speaking, not doing anything illegal. They are at worst, in the opinion of unhappy e-mail recipients, being bad citizens of the Internet. But, for the owners of these rogue server farms, it's a living.

Users of spam pumps move around a lot. When their servers at one IP address get caught and blocked, they jump to another server at another address. So, while pump blocking is effective, it only works when the outfits that compile lists of such servers keep their records up to date. To complicate matters, in some cases it is possible for the operators of spam pump servers to alter message headers and other data so that it becomes difficult for spam fighters to trace messages back to their source.

Even though server tracing can be frustrated, the technique is effective enough to drive some spammers to use a multitude of e-mail servers. They do this by working in magpie mode.

The spammers will sign up for an account at an unsuspecting ISP that has an anti-spam policy, send lots of messages, get caught by their ISP and have their account terminated. No big deal. The spammer will just open another account at another ISP and use that until it gets its comeuppance. In practice, prolific spammers have several live accounts open at any time and, possibly, dozens.

The result is that recipients who attempt to block messages from sources they identify as magpie spammers' servers may end up blocking legitimate messages from the same ISP. They are also likely to remain at least one step behind the agile spammers.

Some spam blocking techniques are based not only on the sources of unwanted messages, but also on their content. There are programs that scan e-mails for words or phrases that signal unwanted e-mail and then refuse, flush, or quarantine the suspect messages. The concept sounds simple enough. Get software that can search messages for messages with phrases like "hardcore porn" or "organ enlargement" and you can trap messages you don't want to receive. The problem is that the messages that look like they have these phrases probably don't.

If the messages are in HTML, comments or false tags may be woven into the visible message so that the phrase "cheap mortgage" is actually "cheap mortgage" and ordinary text scans will miss the target. More sophisticated text scanning software can shake out invisible elements and then scan the results. But even that approach fails when the spam arrives in the form of a graphic bearing the sender's message. Anti-spam software is not always able to extract the text depicted in a GIF or JPG file. In theory, software could invoke text recognition technology if it found a suspect graphic in a message. In practice, it's not so easily done.

While some e-mail clients can be set to display only plain text messages, thus defeating the spammers who have switched to graphics, users overwhelmingly prefer richly formatted e-mails and won't sacrifice pretty post just to wipe out some spam.

So, that's one technique you might have to forget about, at least for now. And some of the other anti-spam technologies are not a lot more attractive to many users. Lists of rogue servers often contain inaccuracies, resulting in the loss of legitimate messages. Lists of permitted e-mail sources, used by some individuals and businesses, can be even more of an inconvenience and, of course, they are impossible to use in situations where incoming e-mail from a new customer would be blocked until the customer is added to the permissions.

The best thing that can happen would be for the very economic forces that have so far enriched spammers to impoverish them. If it costs more to send spam than the spammers make selling whatever it is they sell, the spam will stop.

Aware of this, an increasing number of spam recipients are switching from traditional e-mail blocking to e-mail flushing.

At one time, e-mail from known spammers was bounced. This told the spammers their e-mails were being rejected. On the one hand, bouncing probably discouraged some spammers; on the other, bouncing told spammers to change their methods. Flushing unwanted messages without any reaction is more insidious.

The spammers who suffer significant message flushing get lower sales yields because fewer messages reach their targets, making the whole process more expensive. Even savvy spammers that include graphics with links back to their servers (which confirm receipt) suffer when messages are flushed. Even though these relatively sophisticated spammers can monitor message flush rates and attempt to circumvent recipients' message deletion systems, that process can be costly compared to plain old e-mail blasting.

In business situations where the yields and margins are low to begin with, and that probably includes a large portion of the spammers' universe, modest downturns in message delivery rates can make spamming uneconomical. In addition, it adds to the spammers' uncertainty. It is difficult for a spammer to determine whether a poor yield is due to message content, such as an ad that simply does not work, or delivery failure when that failure is silent.

For now, the combination of sophisticated spam detection software, intelligent intervention by e-mail managers and recipients and the use of stealth (rather than overt) blocking is probably the best available solution.

Some of the tools companies can use to block spam are free or cheap, particularly the software that is available in the Linux world.

If you want to try one or another spam reduction technique, options are not hard to find. Such organizations as abuse.net can serve as a starting point. A quick scan of the Web using any of search engines will turn up many more sources of advice, software, and services.

Don't expect to get perfect results. Chances are, the best you can do is to cut back on unwanted e-mail. Some e-mail you'd rather not get will still find you. But, if you work at it (or get your e-mail support people to work at it), you can reduce the torrent of sewage back to a trickle . . . and still use your e-mail address without trepidation.