New Ways to Can Spam E-mail

June 19, 2002 -- For many e-mail users, the war against unsolicited commercial messages — better known as spam — seems to be overwhelmingly impossible to win.

There's no escaping e-mails that tout herbal remedies, porn sites, and low-rate mortgages and credit cards.

Even more depressing: Analysts predict that the problem of junk e-mail will only get worse.

According to industry research firm Jupiter Research in New York, the average Internet user received more than 700 spam messages last year. And by 2006, that figure will jump to nearly 1,500 unsolicited e-mails.

But several companies are working on advanced solutions that may help beleaguered consumers and Net companies turn the tide against spammers.

One such company is Cloudmark, a startup in San Mateo, Calif., founded by Jordan Ritter — one of the developers of the Napster music-sharing service — and Vipul Ved Prakash, a software developer.

Cloudmark today released SpamNet, a new type of so-called spam filter. Such software attempts to spot and catch spam by looking for telltale signs — specific words in the message such as "get rich quick," for example.

However, in many cases, identifying what words or traits to look for requires human intervention. Once these words or traits are identified, they must then be encoded into an appropriate filter and distributed to different users.

But spammers can fool many of these filters through a variety of ways. They might, for example, merely change the message's subject line into something innocuous such as "For your information" rather than a blatantly worded sales pitch.

"It's almost like guerrilla warfare," says Ed Plaskon, product director for AT&T WorldNet Services. "We come up with solutions [to filter spam], and [spammers] work around that."

Spam Filtered by Committee

But Ritter says SpamNet may solve this problem because it's built to work quickly on a so-called peer-to-peer network of computers — similar to the old Napster system.

Internet users interested in fighting spam sign up for the free SpamNet service on Cloudmark's Web site and download a small piece of software onto their computers.

The program works with the users' e-mail programs and allows them to choose which messages that appear in their inboxes are unwanted spam messages. The program breaks down each message into digital codes and generates a small unique "signature."

The signatures are then uploaded to a SpamNet server, which then distributes the signature file to other members, enabling them to block copies of the suspect e-mail.

Karl Jacob, acting CEO of Cloudmark, says SpamNet is more efficient than traditional filtering methods, since the digital signature files are automatically created and distributed.

But Jacob believes the greatest strength of the system is that it relies upon a completely collaborative, grass-roots effort to stop spam.

"The real issue: You have to tap the power of the people who are affected by the problem," says Jacob. "We're going to tap people's hatred for spam and help them fight back and filter it easily."

Conflict of Interests

However, others say that SpamNet's people power might also be its weakest point.

"It's an interesting technology," says Ken Schneider, chief technology officer for Brightmail, a San Francisco-based company that provides anti-spam solutions for Internet service providers. "But the problem is you're depending on other people's definition of 'spam.' "

He notes that some people, for example, might want to receive notices about book sales from Amazon.com or other online retailers while others may not. But if enough people on SpamNet submit those types of e-mails as spam, "There's a whole bunch of valid commercial mailings that members wouldn't get," he says.

Jacob says the SpamNet software, which for now is available only for PCs using Microsoft's Windows and Outlook e-mail software, doesn't delete the suspect messages automatically, but sets them aside in a special folder.

Filtering From Above

Still others note that filtering e-mails after they've wound their way through the Internet just isn't efficient. The better way, say many, is to begin the filter higher "up stream" — such as at the ISPs' e-mail computers themselves.

Mail Abuse Prevention Systems in Redwood City, Calif., has been providing companies and ISPs with anti-spam solutions for years. And according to Margie Arbon, director of operations at MAPS, the company has been testing a system similar to Cloudmark's SpamNet.

Called DCC, or Distributed Checks on Clearinghouse, it's software that resides on a company's or ISP's e-mail server — the computer that handles all incoming and outgoing messages. The software analyzes and creates a numerical value for each message that is passed sent to the server.

DCC then maintains a database and counts every time the server receives a message with the same numerical value. If a particular message generates a high count, the software sets them aside for review by a human system administrator.

Arbon says ISP and computer managers are getting more aggressive and looking at server-side solutions such as DCC because of the volume — and cost — of spam.

"It's gone to the point that corporations are spending a ton of money just having to delete the stuff out of inboxes," says Arbon. "And what we have found over the years is the more systematic and the more pro-active ISPs and others are in terms that [spam] won't be tolerated, the better it is for everyone."

More Than a Tech Solution Needed

Still, many anti-spammers note that technology alone won't — and isn't — saving the day against unwanted e-mails.

"There's a constant arms race between spammers and the ISPs that use technology to filter out spam," says Jason Catlett, president of Junkbusters, a consumer advocacy group in Green Brook, N.J. "As soon as a new method comes out, spammers are inventing countermeasures to evade it."

As such, many feel that to really turn the tide against unwanted commercial e-mails will require other community-based solutions.

"Part of this is a social problem," says MAPS' Arbon. "Consumers need to let marketers know that this is not an acceptable form of advertisement, then you have a chance of changing the minds of the people sending the [spam] e-mail."

And others like Catlett hope that government regulations outlining acceptable practices — and imposing stiff fines for violators — might be helpful. But even Catlett says that's unlikely.

"We've been trying since 1996 to get legislation passed to prohibit spamming," he says. "But no such law has worked."

Cloudmark's Jacob doubts that regulation would work anyhow. "[Legislation] only stops people who follow the rules," he says. "This business is built on not following the rules."

As such, he says companies such as Cloudmark will continue to fight them the only way they know how: with technical prowess. Within a few months, for example, Jacob says he expects the company to announce an anti-spam network that would be much more robust for use by corporate networks and ISPs.

It remains to be seen whether or not such technology will ultimately help win the war against spammers. But Jacob says it's a constant battle that Cloudmark relishes.

"We have three words for the spammers," says Jacob. "Bring it on."