Deep-Sixing Spam

No one knows how to stop it, but at least you can slow it down--the latest tech for protecting your inbox.

Dept: Geek Guide

Tech: Anti-spam tools and software

Cost: Freeâ€$40

BETA | | | | | FINAL

Yes, spam sucks. And not just in the most obvious way: It also sucks resources, bandwidth and value right out of the Internet. Every offer for erectile enhancement is a direct hit to your wallet. That's because the additional cost of spam in wasted human hours, wasted bandwidth and wasted CPU cycles drives up the cost of Internet access for everyone. A report by Ferris Research found that spam cost U.S. businesses more than $10 billion last year. And the outlook is not sunny: Research firm Gartner Inc. recently reported that spam is increasing 1,000 percent a year and will represent more than 50 percent of all e-mail in 2004.

There are about as many proposed solutions as there are offers for cheap prescription drugs, and while spam- fighting tools are constantly improving, none is perfect. Worse, no one has yet solved the core problem: There's
simply no incentive for spammers not to spam. Even the government's recently passed Can-Spam Act is considered ineffective by most anti-spam groups--as long as junk e-mails contain a way to "opt out" of future mailings, the law says they're legit. This is a real blow to Europe, where tougher anti-spam laws can now be bypassed simply by mailing from a U.S. source.

But while the war with spammers wages on, at least you can win a few battles: Teaming the desktop-, server- and network-level technologies below will reduce the number of times you have to read the words "enlargement guaranteed" outside a photo store.

Anti-Spam weapons
Dozens of spam-blocking programs are available, but here are a few of our favorites. Just make sure the tool you choose works with your e-mail client and operating system.

Bayesian filters
SpamAssassin, free; spamassassin.org
McAfee SpamKiller, $40; spamkiller.com
Spamnix, $30; spamnix.com

White lists/blacklists
Qurb, $30; qurb.com

Challenge and response
Mailblocks, freeâ€$25/year; mailblocks.com
Peer-to-peer blacklists

Three Spam Battlegrounds.

The Desktop
Like it or not, your computer is the front line for most of today's spam fighting. E-mail clients like Outlook and Eudora can filter messages by searching them for a list of banned keywords. But this is not very effective since it won't catch spammers' intentionally misspelled words. And by automatically blocking porn offers with the phrase "farm girls," it could just as mindlessly stop a legit message from your cousin in Iowa.

More efficient software uses Bayesian filters, algorithms that "learn" based on what you tell them to trash. Though these typically capture more than 90 percent of spam, the catch is that they must be constantly taught what's junk and what's not.

Header-analysis tools ignore an e-mail's body and look instead at the "from" field, often using white lists and blacklists to accept or reject e-mails based on whether the sender is in your address book or on a list of known spammers. Keep your contacts up to date, or you could end up trashing friends.

What's Next? Smart clients that actually understand the content of an e-mail and can apply more complex rules will significantly reduce filtering mistakes.

The Server
You can't fight this war alone, so there are also solutions that attempt to divert spam before it gets to your computer. Challenge and response systems require a sender to complete a human task (like typing a difficult-to-read word) before it will deliver the first e-mail he or she sends you. Until the sender completes the challenge, the system won't deliver the message. Since automated programs send most spam, this usually works. But for friendly humans, it can be an unexpected and annoying hassle.

In dire circumstances, ISPs or end users can use the nuclear option: server quarantining. If xyz.com is bombarding AOL users with junk, AOL can simply block all material from xyz.com. But this digital shunning creates problems for users at xyz.com, who may not even know that their server has been co-opted (hackers sometimes "steal" a server to launch spam attacks).

What's Next? Today, e-mail can be spoofed to look like it comes from any server (i.e., AOL or Amazon) to skirt filters. New sending protocols will guarantee an e-mail's origin, making the whole system more transparent and secure.

The Network
While the desktop and server approaches are the most common, they are also clunky. Which is why the future of spam fighting may be on the networks. Peer-to-peer blacklists work by sharing filtering rules among a circle of trusted associates to amplify everyone's blocking capability. If a certain number of group members have identified an e-mail as spam, it's automatically deleted from everyone's inbox.

An even broader approach is to use honeypots--decoy e-mail accounts designed to attract spam. One vendor, Brightmail (brightmail.com), has a spam-attack analysis center staffed 24 hours a day. When a new spam attack is launched, Brightmail picks it up through hundreds of thousands of e-mail addresses placed at strategic domains across the Internet, and creates filter rules to pass on to its customers.

What's Next? A pay-per-infraction system proposed by Bill Gates: E-mail will still be free to send, but if, say, 50 people return your message as spam, you're charged a penny for every copy you sent. Suddenly, spam is prohibitively expensive. The only question: Who collects and keeps the money?