Best antispam weapon: Mix of roadblocks and global laws

Give spammers more computations to solve or more fees to pay before they can open e-mail accounts and they'll eventually stop trying. But while these roadblocks slow them down, experts argue diehard spammers will always find ways to push through.

Give spammers more computations to solve or more fees to pay before they can open e-mail accounts and they'll eventually stop trying.

But while these roadblocks slow them down, experts argue diehard spammers will always find ways to push through. They note that spammers have circumvented the Captcha test (Completely Automated Public Test to Tell Humans and Computers Apart) by offering Web surfers free porn. The best weapon, they say, is antispam legislation and tough enforcement.

That idea has its skeptics, who say laws like the U.S. CAN-SPAM Act don't hurt, but that spammers can easily get around them by setting up shop in another country.

In the end, experts say, the best approach for now is to keep deploying new roadblocks and for legislators to write a law banning spam not just in one country, but across the globe.

"The level of difficulty for spammers to create accounts is up quite a bit," said Simon Perry, vice president of security for Islandia, N.Y.-based software giant Computer Associates International Inc. "Because of that, we've seen a 100- to 1,000-fold decrease in the number of accounts they can create. But you only need one account to send spam."

Then there's the example where spammers used porn to bypass the Captcha test, he said.

Captcha stymies spammers' software bots by creating a graphically distorted representation of a simple word easily read by humans but not machines. Words are written in unusual fonts and presented on patterned backgrounds. To open an e-mail account, applicants must read the word in the Captcha graphic and type it into the application form. Because the computer can't read the disguised word, spammers need human intervention, which spoils their automated process.

To bypass the program, CNET reported last week, some spammers have opened and advertised pornographic Web sites. Visitors are asked to type in the word in the Captcha graphic before they can gain access. In the background, spammers use scripts to automate the Web mail accounts' opening process to the point where they need a human to read the Captcha graphics. The Captcha graphics from the Web mail site are transferred to the porn site, where the porn consumers interpret the Captcha words. Once they enter the correct word, the script can complete its application process and the visitors are rewarded with the free porn, according to the news report.

"You can make it harder" with measures like Captcha, "and you can increase costs," Perry said. "Microsoft has talked about monetary costs for every e-mail that would be inconsequential to most people but not for those who send thousands of e-mails. But the world won't be happy about added costs for something that's free today."

Perry said global legislation must be enacted and enforced.

"As a business, you need antispam, but you also have to put pressure on governments to put pressure on spammers," he said. "Spamming must be made a crime around the world. Otherwise, there is no incentive for them to stop."

Andrew Lochart, director of product marketing for Redwood City, Calif.-based e-mail security provider Postini Inc., agrees. But, he said, "The proficient spammer knows how to hide their identity and cover their tracks. Laws are good, but far from sufficient."

He also agrees antispam filters can't stop every spammer. Postini's approach, he added, is to monitor the connection-level behavior of e-mail senders, maintaining a global list of the past behavior of IP addresses and stopping addresses that have been identified as spam in the past.

"If we see a spam attack against one of our customers, we're ready if the same IP address goes after another customer," said Lochart, whose company is among the biggest processors of enterprise e-mail in the country. "As soon as we see an IP address behaving badly, it stays on the list of bad guys until the bad activity stops."

It may not be enough to win every battle against the spammers, Lochart said. But combining the latest filtering and monitoring technology with the global legislation Perry calls for could go a long way in winning the war, he said.

Dig deeper on Email and Messaging Threats (spam, phishing, instant messaging)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close