"Weird Al" Yankovic entertained us in 1989 with a song called Spam (track 12 on his album UHF - Original Motion Picture Soundtrack and Other Stuff), which parodies Stand by REM. "Weird Al" was singing about ham in a can, and not electronic spam, but there are parallels between the two much maligned products:
"Spam in the place where I live (have some more)
Think about addiction, wonder if I`m a junkie now (let`s eat)
Spam in the place where I work (you`re obsessed)
Think about the way it`s processed, wonder if it`s some kind of meat"
Spam exists at the place where I live and work and when Weird Al says "Think about the way it`s processed" he suggests that this is important to identifying and removing it from sight.
According to Messagelabs, spam accounted for 74.5% of all e-mails it processed in October (an increase of 1% since September) and phishing attacks accounted for one in 174 e-mails (a decrease of 0.6% since September). It is small consolation that spam levels are lower than in July 2004, when they peaked at 94.5%, while phishing is averaging at its baseline.
Overall, IT departments and users have had to contend with spam, phishing, viruses, Trojans, spyware, pop-up ads, oversized e-mails and messages with inappropriate content for a very long time. Only 15% of all e-mail messages are categorised as required or not classified as some form of malicious junk.
Spam is so prevalent that SpamRejection.com has updated its definition: Spam is "unethical e-mail", usually "unethical mass e-mail". Within this definition of spam, "unethical e-mails" are those that violate the standards of the majority of Internet users.
Sending a postcard, letter or parcel via the postal services costs the sender some money, but sending an e-mail is not a significant cost to the sender. Neither is sending bulk e-mail, which is why SpamRejection.com`s definition is particularly useful, as it focuses on the ethics of the matter.
What to do?
Unethical e-mail costs the recipient time, money and effort to process and remove. Moreover, some of it is highly offensive. So should we fight back?
Karel Rode is security solutions strategist at CA Africa.
So why is spam not disappearing? Part of the answer to this is that computing resources are cheap, accessible and most often only protected with low levels of access control. This gives miscreants the opportunity to infiltrate these systems and mobilise them for nefarious purposes - spam being a popular one and distributed denial of service another. They achieve this through the infection of computing devices with remote access Trojans that allow them to command their minions to perform a variety of tasks, including sending bulk e-mails, distributed denial of services and Web site hijacking to name a few.
Unethical e-mail costs the recipient time, money and effort to process and remove. Moreover, some of it is highly offensive. So should we fight back? I would say no, as responding with a "not interested" message will either prompt an `e-mail recipient not known` message or serve to confirm that yours is a valid e-mail address with a human responding to e-mail - thereby increasing the value of the e-mail address. These address lists are traded and those with more valid content attract better prices for their owners. This is why Sender Policy Framework (SPF), Sender Rewriting Scheme and Sender Signing Policy are now attracting the attention of e-mail system administrators.
With SPF, the owner of an Internet domain uses a special format of DNS TXT records to specify which machines within their organisations are authorised to transmit e-mail for that domain. This list of authorised machines is then published and recipient machines that also subscribe to SPF can lookup the source host to see if it is one of those known and allowed to send e-mail.
A more personal alternative would be to make use of an application that will white list known senders and initially grey list all other senders. This way, a database of known or good e-mail users can be built and all that are not known by the system will be marked for interaction, allowing you to either white list or blacklist all future e-mails from these senders or even sender domains.
The above examples are only two of many implementations that strive to achieve a reduction in, and ultimately, removal of, spam. These will all only work effectively when more e-mail system administrators embrace such solutions or there is a worldwide recognition of the scourge of spam that is accompanied by a concerted effort to rid us of the problem. Until then, we will continue hitting the delete button.
* Karel Rode is security solutions strategist at CA Africa.
Share