Canning the spam

7 Feb 2005

Spam, unsolicited email, electronic junk mail – call it what you want but that daily deluge of grammatically challenged email peddling everything from penis enlargements to pirated software has to be one of the most annoying aspects of using email.

While in the early days of the internet, spam was something of an irritant, the relatively low level of mail received also made it a curiosity. (“Hey look, Bill Gates is going to give me US$100 for every 10 people I forward this mail to”). Since then the volume of spam has grown inexorably and some estimates now put it as high as 60pc of all mail circulating on the net.

According to Ken O’Driscoll, technical manager with IE Internet, which produces a monthly report on spam and viruses circulating to Irish businesses, spam now makes up 36pc of the average Irish SME’s mail. “That’s just the overflow from the US that we are seeing as most spammers are not interested in selling to Irish people,” says O’Driscoll. “It’s too much hassle for them to ship to Ireland but in the next year or so we’ll see more Irish spammers or people trying to spam directly to Irish people.”

Initially the main objection to spam was that unlike other forms of unsolicited marketing the receiver pays to receive the communications rather than the sender. Millions of pounds are wasted every year by companies and internet service providers (ISP) filtering out spam from users mailboxes not to mention the lost productivity as users attempt to find their real mails in the deluge of unsolicited marketing messages. Mike Hughes, security and compete manager with Microsoft Ireland, points to US research that suggests the cost per user per year can run to as much as US$1,000.

While spam wastes staff time and cause them to place less faith on email as a business tool, it can also have legal implications for the owners-managers of a firm. If your company is not blocking spam it could be seen to be exposing staff to offensive or objectionable material such as pornography.

Spam has also taken an even more sinister term in the past 12 months as widespread phishing becomes more common. Phishing refers to a hacker practice of getting users passwords account details by pretending to be a trusted party that legitimately needs the information. Spammers are now sending out mails that appear to come from legitimate banks requesting that recipients confirm their account details at a webpage that they control.

Content security company Clearswift, which conducts a monthly survey of spam content estimates that 43pc of spam is for health-related products or services. The most recent Clearswift Spam Index for December 2004 found that phishing now accounts for 2.17pc of all spam – massive growth from a figure of zero last May.

Technology to tackle spam falls into two main categories – managed services provided by an ISP or hosting company and software that an organisation installs on its own servers or desktop PCs.

Based on Microsoft’s own filtering of spam for Hotmail and other MSN services it has introduced its Smart Screen technology that is built into Outlook 2003 and Exchange. It applies a probability as to whether a message is spam based on the knowledge that has built up in the database from real people sitting at a computer and filtering spam.

As well as implementing this technology, Mike Hughes advises people not to publish their email addresses in chatrooms or other public areas of the internet where they can be harvested by spammers. “They should use a temporary email address through MSN or some other service provider and use that as a buffer so the spam doesn’t get down to their own account,” says Hughes. “You should also carefully review the privacy policy of sites that you give your email address to as you may have to opt out if you don’t want them to share your email address with third parties. Generally you should maintain control of your email address and not just be blasting it out.”

Louise McKeon (pictured), marketing manager with ISP Netsource, suggests that smaller businesses would be best served handing the job off to a service provider. “Our regular focus groups show that spam is an issue for SMEs because they have no dedicated IT person in house,” says McKeon. “They may have Norton Antivirus or some other security software but they have no ability to update it on a daily basis. The software is only of use if it’s updated on a daily basis as spam signatures change all the time.”

One thing the experts are agreed upon is that you should never respond to spam or click the unsubscribe link that may be included in the message. “When you click ‘Remove Me’ you are simply validating your email address,” says O’Driscoll. “You will then get twice as much spam as your address is twice as valuable to the spammer.”

If you do wish to vent your anger in some way you could always complain to the Office of the Data Protection Commissioner, which is the body responsible for enforcing Ireland’s anti-spam laws. Under the transposition of an EU directive, spammers can be fined €3,000 for each message sent. Just don’t hold your breath – the office has yet to successfully prosecute anyone for sending spam.

By John Collins