Feeds

Spam filters thwart junk mail menace

Incomplete study declares victory over spammers

Beginner's guide to SSL certificates

ISP spam filters are able to block as many as 95 per cent of junk mail messages, according to a study by the US Federal Trade Commission. The US government consumer advocacy group reckons its study shows that technology can be an effective tool in keeping junk mail under control although all it really shows is that spam filtering is better than leaving email accounts exposed to the elements.

The study (PDF) only looked at the anti-spam filtering performance of two ISPs and the figure of 95 per cent comes from the best performer, so it'd be unwise to regard its findings as anything better than incomplete. Blocking all but one in 20 spam messages might sound like good news but what if this volume still exceeds that of legitimate email? Technology companies are in a war against spammers. And history shows that junk mail merchants are more than capable of turning up the volume of spam and adopting new tricks in order to circumvent improved anti-spam defences. It would be unwise to think that the battle against spammers is won just yet.

Canning spam

The FTC studied three aspects of spam: email address harvesting – the automated collection of email addresses from public areas of the net; the effectiveness of spam filtering by ISPs; and the effectiveness of using "masked" email addresses as a technique to prevent the harvesting of email addresses. Masking addresses involves altering an email address to make it understandable to people but confusing to automated harvesting software (e.g. johndoe@ftc.gov could be masked to appear as john doe at FTC dot gov).

FTC staff created 150 new undercover email accounts – 50 at an ISP that uses no anti-spam filters and 50 each at two different ISPs that use spam filters. Researchers then posted the email addresses on 50 Internet sites, including message boards, blogs, chat rooms, and USENET groups that spammers might visit in an attempt to harvest email addresses.

The study concluded that spammers continue to harvest email addresses posted on Web sites, but addresses posted in chat rooms, message boards, USENET groups, and blogs were unlikely to be harvested. The extent to which junk mail merchants harvest email addresses using malware was outside the scope of the survey.

After a five week trial, email addresses at the unfiltered ISP received a total of 8,885 spam messages. At the end of the same period, email addresses at one of the ISPs that uses filtering technologies received a total of 1,208 spam messages, and email addresses at the second ISP that uses filtering technologies received a total of 422 spam messages. The filter of the first ISP blocked 86.4 per cent of the spam, and the filter of the second ISP blocked 95.2 per cent of the spam.

Masking email addresses proved to be the single most effective step in preventing the dummy accounts the FTC created from bombardment by junk emails. After five weeks, unmasked email addresses had received more than 6,400 pieces of spam, while the masked email addresses had received only one piece of spam. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
Desperate VXers enslave FREEZERS in DDoS bot
Updated Spike malware targets Asia
Heatmiser digital thermostat users: For pity's sake, DON'T SWITCH ON the WI-FI
A stranger turns up YOUR heat with default password 1234
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.