Real Answers Needed to Solve Spam

Vendor spats and lack of standards kept in-boxes clogged with spam in 2004.

Spam gained a nefarious twist this year with the development of phishing scams, but phishing wasnt the least of IT departments problems. They faced numerous roadblocks to protecting user in-boxes from unwanted e-mail.

Next year, solutions to many of these problems—including how to reliably identify e-mail senders and what, exactly, must be done with the mail protocol—should be forthcoming. But vendor squabbles—often reflected in the lassitude of standards bodies—likely mean that e-mail will remain an essential but increasingly burdensome business tool.

The only thing that seemed to match the spam proliferation rate during the last year was the dizzying number of anti-spam vendors hawking goods designed to thwart unwanted e-mail. An industry consolidation seems inevitable.

However, the tremendous variety of anti-spam consumers—from large enterprises that often go with a stand-alone anti-spam appliance to small and midsize organizations drawn to outsourced anti-spam services or anti-spam software that integrates directly with the e-mail server—means that many spam-stoppers will likely be around for much of 2005.

/zimages/4/ Security Center Editor Larry Seltzer looks back at the biggest security stories of 2004. Read his column here.

Based on anti-spam tests Ive conducted in the last couple of years, its clear that most anti-spam vendors are generally successful at clearing spam out of the incoming mail stream.

For now, this means IT managers who are shopping for anti-spam protection should take advantage of the crowded field to get the best price per mailbox.

However, this doesnt mean that all anti-spam products are equally effective. Aside from platform (appliance, service or software), the biggest differentiator among spam systems is the amount of time it takes to maintain them. Anti-spam tools that require lots of user involvement over a sustained period of time should be scrapped.

Likewise, systems that require administrators to do much more than occasionally print spam catch-rate reports (that is, those that require administrative involvement to resurrect "good" e-mail that was mistakenly marked as spam) should get the heave-ho.

SMTP, the IP upon which e-mail is based, does not provide a reliable way to identify the sender of a mail message. Correcting this fundamental flaw wont, in and of itself, stop spam.

However, sender authentication is essential for any of the anti-spam technologies that have been developed thus far to continue being effective. These technologies include Bayesian filtering, reputation measurement, address-book acceptance lists, call-to-action triggers and even simple keyword filtering.

This is why it was so disheartening to see MARID (MTA Authorization Records in DNS), the IETF Mail Transfer Agent Authentication in the DNS Sender ID scheme, crash in flames this fall. So far, no concerted, industrywide effort seems to have coalesced to pick up the banner of sender authentication.

/zimages/4/28571.gifClick here to read more about the IETFs decision to disband MARID.

This means it will be another great year to be in the spamming business, and IT managers are going to have to go with the flow as anti-spam vendors continue to attempt to outwile the voraciously wiley spammers. Until sender authentication is established, the need to update anti-spam systems will be relentless.

Thank goodness the anti-spam vendors seem up to the task of finding ever-more-clever ways of sorting good e-mail from bad.

To read more Cameron Sturdevant, subscribe to eWEEK magazine.

/zimages/4/28571.gifCheck out eWEEK.coms for more on IM and other collaboration technologies.