Staying A Step Ahead of Spammers

By Rawlson O'Neil King

From Web Hosting Monthly, September 2003 Edition

September 23, 2003 -- (WEB HOST INDUSTRY REVIEW) -- Despite an increase in user awareness and countless products designed to counteract them, spammers continue to successfully employ several techniques that circumvent many anti-spam products.

Analysts estimate that the response rate from direct marketing is anywhere between one to three per cent, and is likely far less for messages considered spam. This encourages spammers to increase the number of recipients of their advertisements, flooding both network operators and users with a tremendous amount of useless mail traffic in recent years.

The cost of this to the economy is not inconsequential. Ferris Research, estimates that spam cost the American economy over $10 billion this year, consuming computing resources, help desk personnel time, and reducing workers' productivity. It is also estimated that corporations will spend several billion dollars each year on more powerful servers and connectivity required because of the ill effects of spam, as well as for diverted staff time. The rest is from companies providing help desk support to annoyed users.

For U.S.-based service providers, Ferris says that 30 per cent of inbound e-mail is spam, while at U.S.-based corporate organizations spam accounts for 15 to 20 per cent of inbound e-mail. Despite the increasing deployment of anti-spam technology, the number of messages and their size, continues to grow due to several techniques employed by spammers.

According to SurfControl (surfcontrol.com), a Web and e-mail filtering company, spammers have accelerated techniques to avoid detection that capitalize on the naïveté of e-mail users and pose significant risks for businesses, including:

- Hidden agenda: Most commonly used in spam related to pornography, this technique attempts to fool filters with tricks in the source code of the message. The technique is to split words typically flagged by spam filters in half to make them unreadable by dictionary-based scanning tools.

- Treacherous tracks: Spammers use their Web servers to break down a URL's directory structure and add code that can verify a user' s e-mail address, track them online and redirect an e-mail user automatically to a specific Web page. Such a piece of spam would set in motion address validation, tracking and direction to a spammer's site.

- Dodgy domains: An increasingly common technique in HTML-based spam redirects e-mail recipients to unexpected Web sites. By using the "@" in a URL, the spammer avoids URL scans that could stop the spam.

These techniques are used with more traditional approaches. According to a recent TruSecure (trusecure.com) research brief: "We are beginning to see more and more cases of 'spam jacking,' hackers who exploit poorly configured systems to take control of them and send mass amounts of spam. In most cases these organizations don't even know they have been compromised, or that there are very simple mitigating measures that can be taken to protect themselves."

As a result, a new breed of IT and hosting consultants have emerged to address spam mitigation and security strategies. TruSecure, for example, offers risk reduction with security management and monitoring.

Meanwhile, SurfControl recently announced a major upgrade to its "SurfControl E-mail Filter" that incorporates new technology to parse HTML-based spam to identify and filter it effectively. The company has also developed a new spam "misspellings" dictionary within its product containing more than 400 examples of the most common misspellings used by spammers.

According to both firms, enterprises and Web hosts need to become more proactive and attack tactics, along with the spam itself. By using consulting services and software, Web hosting firms can reduce the number of unsolicited messages their networks receive through deduction, thereby reducing the costs, time and resources consumed by spam.