Feeds

Spam filters thwart junk mail menace

Incomplete study declares victory over spammers

Securing Web Applications Made Simple and Scalable

ISP spam filters are able to block as many as 95 per cent of junk mail messages, according to a study by the US Federal Trade Commission. The US government consumer advocacy group reckons its study shows that technology can be an effective tool in keeping junk mail under control although all it really shows is that spam filtering is better than leaving email accounts exposed to the elements.

The study (PDF) only looked at the anti-spam filtering performance of two ISPs and the figure of 95 per cent comes from the best performer, so it'd be unwise to regard its findings as anything better than incomplete. Blocking all but one in 20 spam messages might sound like good news but what if this volume still exceeds that of legitimate email? Technology companies are in a war against spammers. And history shows that junk mail merchants are more than capable of turning up the volume of spam and adopting new tricks in order to circumvent improved anti-spam defences. It would be unwise to think that the battle against spammers is won just yet.

Canning spam

The FTC studied three aspects of spam: email address harvesting – the automated collection of email addresses from public areas of the net; the effectiveness of spam filtering by ISPs; and the effectiveness of using "masked" email addresses as a technique to prevent the harvesting of email addresses. Masking addresses involves altering an email address to make it understandable to people but confusing to automated harvesting software (e.g. johndoe@ftc.gov could be masked to appear as john doe at FTC dot gov).

FTC staff created 150 new undercover email accounts – 50 at an ISP that uses no anti-spam filters and 50 each at two different ISPs that use spam filters. Researchers then posted the email addresses on 50 Internet sites, including message boards, blogs, chat rooms, and USENET groups that spammers might visit in an attempt to harvest email addresses.

The study concluded that spammers continue to harvest email addresses posted on Web sites, but addresses posted in chat rooms, message boards, USENET groups, and blogs were unlikely to be harvested. The extent to which junk mail merchants harvest email addresses using malware was outside the scope of the survey.

After a five week trial, email addresses at the unfiltered ISP received a total of 8,885 spam messages. At the end of the same period, email addresses at one of the ISPs that uses filtering technologies received a total of 1,208 spam messages, and email addresses at the second ISP that uses filtering technologies received a total of 422 spam messages. The filter of the first ISP blocked 86.4 per cent of the spam, and the filter of the second ISP blocked 95.2 per cent of the spam.

Masking email addresses proved to be the single most effective step in preventing the dummy accounts the FTC created from bombardment by junk emails. After five weeks, unmasked email addresses had received more than 6,400 pieces of spam, while the masked email addresses had received only one piece of spam. ®

Mobile application security vulnerability report

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.