This story has been updated. It was originally featured in the April 2004 issue of Popular Science magazine and involves outdated technologies and services. For current advice, read our regularly updated story on how to stop spam emails.
Yes, spam sucks. And not just in the most obvious way: It also sucks resources, bandwidth, and value right out of the internet. Every offer for erectile enhancement is a direct hit to your wallet. That’s because the additional cost of spam in wasted human hours, wasted bandwidth, and wasted CPU cycles drives up the cost of internet access for everyone. A report by Ferris Research found that spam cost US businesses more than $10 billion last year. And the outlook is not sunny: Research firm Gartner Inc. recently reported that spam is increasing 1,000 percent a year and will represent more than 50 percent of all email in 2004.
- Dept: Geek Guide
- Tech: anti-spam tools and software
- Cost: free or up to $40
- Difficulty: beta | | | | | final (Editor’s note: 2/5)
There are about as many proposed solutions as there are offers for cheap prescription drugs, and while spam- fighting tools are constantly improving, none is perfect. Worse, no one has yet solved the core problem: There’s simply no incentive for spammers not to spam. Even the government’s recently passed Can-Spam Act is considered ineffective by most anti-spam groups—as long as junk emails contain a way to “opt out” of future mailings, the law says they’re legit. This is a real blow to Europe, where tougher anti-spam laws can now be bypassed simply by mailing from a US source.
But while the war with spammers wages on, at least you can win a few battles: Teaming the desktop-, server- and network-level technologies below will reduce the number of times you have to read the words “enlargement guaranteed” outside a photo store.
Dozens of spam-blocking programs are available, but here are a few of our favorites. Just make sure the tool you choose works with your email client and operating system.
- SpamAssassin, free
- McAfee SpamKiller, $40
- Spamnix, $30
White lists and blacklists
- Qurb, $30
Challenge and response
- Mailblocks, free to 25 a year
- SpamWatch, free
Three spam battlegrounds
Like it or not, your computer is the front line for most of today’s spam fighting. Email clients like Outlook and Eudora can filter messages by searching them for a list of banned keywords. But this is not very effective since it won’t catch spammers’ intentionally misspelled words. And by automatically blocking porn offers with the phrase “farm girls,” it could just as mindlessly stop a legit message from your cousin in Iowa.
More efficient software uses Bayesian filters, algorithms that “learn” based on what you tell them to trash. Though these typically capture more than 90 percent of spam, the catch is that they must be constantly taught what’s junk and what’s not.
Header-analysis tools ignore an email’s body and look instead at the “from” field, often using white lists and blacklists to accept or reject emails based on whether the sender is in your address book or on a list of known spammers. Keep your contacts up to date, or you could end up trashing friends.
- What’s next? Smart clients that actually understand the content of an email and can apply more complex rules will significantly reduce filtering mistakes.
You can’t fight this war alone, so there are also solutions that attempt to divert spam before it gets to your computer. Challenge and response systems require a sender to complete a human task (like typing a difficult-to-read word) before it will deliver the first email he or she sends you. Until the sender completes the challenge, the system won’t deliver the message. Since automated programs send most spam, this usually works. But for friendly humans, it can be an unexpected and annoying hassle.
In dire circumstances, ISPs or end users can use the nuclear option: server quarantining. If xyz.com is bombarding AOL users with junk, AOL can simply block all material from xyz.com. But this digital shunning creates problems for users at xyz.com, who may not even know that their server has been co-opted (hackers sometimes “steal” a server to launch spam attacks).
- What’s next? Today, email can be spoofed to look like it comes from any server (i.e., AOL or Amazon) to skirt filters. New sending protocols will guarantee an email’s origin, making the whole system more transparent and secure.
While the desktop and server approaches are the most common, they are also clunky. Which is why the future of spam fighting may be on the networks. Peer-to-peer blacklists work by sharing filtering rules among a circle of trusted associates to amplify everyone’s blocking capability. If a certain number of group members have identified an email as spam, it’s automatically deleted from everyone’s inbox.
An even broader approach is to use honeypots—decoy email accounts designed to attract spam. One vendor, Brightmail, has a spam-attack analysis center staffed 24 hours a day. When a new spam attack is launched, Brightmail picks it up through hundreds of thousands of email addresses placed at strategic domains across the Internet, and creates filter rules to pass on to its customers.
- What’s next? A pay-per-infraction system proposed by Bill Gates: Email will still be free to send, but if, say, 50 people return your message as spam, you’re charged a penny for every copy you sent. Suddenly, spam is prohibitively expensive. The only question: Who collects and keeps the money?