Manage Learn to apply best practices and optimize your operations.

What are effective ways to stop instant messaging (IM) spam?

In this expert Q&A, Michael Cobb reveals what techniques and tools can be used to stop instant messaing spam, or spim, in the enterprise.

I recently read an article of yours about general spamming in instant messages. With both AIM and Trillian, I have received IM spam: the same content from different screen names. I'm at my wits end, and I haven't found an antispam technique that actually works. Could you suggest an effective way, perhaps freeware?
Like text messaging using mobile phones, instant messaging (IM) has become extremely popular and its use widespread. The Radicati Group Inc., an independent technology market research group, estimated the number of IM users worldwide in 2007 to be 461 million, and that it will surpass 700 million by 2011. With such a large user base, instant messaging systems are popular targets for spammers. So just as you receive unwanted email or spam, you can also receive unwanted instant messages called "spim." These instant messages can be from complete strangers or from people you know but don't want to communicate with.

Most IM programs, such as Windows Messenger and AOL Instant Messenger (AIM), allow you to build a contact list, or "buddy list," which is similar to the address book in your email program. The best part about this list is that you can choose to block incoming messages from everyone except the people in it. Trillian also has the ability to completely block all incoming messages from unknown users. My recommendation would be to adjust these privacy settings to reduce the amount of spim you receive. AIM also allows you to warn other users about an account that is sending you unwanted instant messages. The warning decreases the number of spim the account can send and shows the AIM address as warned to other users that it may try to message.

If you are using IM at a workplace with no in-house antispam services and you need to accept messages from unknown sources, I would take a look at a Trillian plugin called Trillian Spam Challenge. It attempts to stop spam by confirming that strangers who send you a message are in fact human -- instead of spam-generating robots -- using blacklists, wildcard entries, per-account activation and other methods. Although it is freeware, it does require Trillian Pro.

Unfortunately, it does sound as though it may be too late to save your current accounts, so it may be an idea to start again and create new ones. Be careful when creating a new screen name. Your screen name should not provide or allude to any personal information about you. Most importantly do not list your screen name in public areas, such as large Internet directories or online community profiles. If you have to give out your screen name for business reasons, then try and provide it as an image instead of text as this will make it harder for bots to add it to their databases. Finally, make sure you're using the latest version of your IM software as new antispim features are being introduced in most programs.

More information:

  • Check out Michael Cobb's Security School lesson: Secure instant messaging.
  • A reader asks Michael Cobb, "Can DHCP be used to selectively block instant messaging clients?"
  • This was last published in October 2008

    Dig Deeper on Email and Messaging Threats-Information Security Threats