March 15, 2012
Is Anti-Spam Becoming Worse Than The Problem?
Peter Suciu for RedOrbit.com
No one actually likes spam, at least not the unwanted junk email variety. Whether it is proposals from would-be deposed Nigerian dictators, ads for Viagra, or fake Better Business Bureau alerts, spam is annoying. Coupled with phishing scams, links to spoofed websites and other attempts to deceive, spam is very dangerous.
But are the counter-measures actually helping, or are they becoming worse than the problem?
There are essentially several methods for stopping spam, and these include proactive and reactive methods. And some can be frustrating, and worse can actually block legitimate email. And this begs the question, which is worse -- getting annoying email or not having your own email go through?
The irony is that the Can-Spam Act of 2003 was supposed to allow people to opt out of commercial emails, while still providing a way for businesses to legitimately send bulk email. The problem is that it caused many less than legit types to devise new ways of sending that bulk email.
The question to ask is why do the spammers bother?
It really comes down to two types of spam. There are those criminal, phishing and other nefarious individuals or organizations that look for prey. Since they are looking to pull a con of some sort, the Can-Spam Act is meaningless to them anyway. The problem is that these emails can look like legitimate emails — whether from a bank, business or individual and thus get through as a type of spam.
The other types are just the usual business spam that falls into a gray area. While not wanted, the spammers work by sending out enough emails that if a few get through and hook a would-be customer for a (likely) worthless product or service it is mission accomplished.
Thus an industry has cropped up to stop spam, but in the process it can be as frustrating as the spam.
One of the most common methods of reducing spam is to use a junk mail filter. Many email clients offer such options, and this works by blocking emails that seem to be unsolicited. The biggest problem is that on the one hand false positives can get blocked whilst actual spam gets through. Thus many users of filters end up missing emails from friends, colleagues and legitimate warnings from the bank or a business, or have to be diligent in their efforts to go through junk mail folders to ensure that an important email didn´t go astray.
To some this might seem like a minor inconvenience, but for small businesses -- where every email may count -- this can be a problem. It can result in lost customers, and worse a reputation for not responding. Unfortunately the only solution is to do a daily sweep of your junk mail folders. Some of these “learn” and realize when names or email address are removed those are not junk. But make a new friend or colleague and they may wonder why you didn´t respond. So check the junk mail folder often!
This reactive filter can get worse if services such as SpamCop are employed. This service works behind the scenes and can block email from IP addresses or servers that have been temporary blacklisted. This occurs when large volumes of spam are sent by those addresses or servers. In theory this sounds like a perfect solution, right?
Not exactly and here is why.
Spammers -- especially those operating in the gray areas -- can hijack an IP address or server through various means, send out thousands or even millions of emails and move on. SpamCop and services like it step in and protect their own servers by blocking any email coming from IP addresses or servers even remotely associated with the spammers. Again, sounds good. But it isn´t.
Chances are the spammers will move on quickly, and those with legitimate businesses or personal email utilizing those servers are left with their emails blocked. This is because all email from these servers are now considered spam or junk mail.
The service doing the blocking sends back an email that says it is blocked and that the sender should contact their email administrator. For most of us that isn´t as easy as picking up the phone. This can mean long waits on the customer service line, followed by assurances that someone is “on it.” In truth these matters resolve themselves in 24 hours or so if no further waves of spam are detected, but those on a block ISP are basically part of the collateral damage. The best solution is to have multiple accounts, including a Gmail one as this allows a way to send out email should your IP address end up blacklisted.
On the flip side there are methods for proactive filtering, and there are two primary methods and both can be do a great job at stopping the flow of email but again are very annoying to those sending an email.
The first is employing a reCaptcha. This technology, which was developed at Carnegie Mellon University in Pittsburgh was created to help digitize books, but has been used to protect websites from bots attempting to access restricted areas. This in turn was used as a way to ensure that it was a human sending an email — instead of a bot.
And here is the problem. Humans could still bypass the reCaptcha easily by filling out the form and sending spam. Most probably wouldn´t take the time, but then this reporter wonders how many sites really need it when email address and name must already be entered. Is spam that much of a problem with a business´s contact form that it requires this added security?
The reCaptcha is annoying because the letters are purposely blurred and distorted so that a bot can´t read it. Those with vision problems also have a great deal of trouble discerning the letters, and while an audio version can be provided this has left much to be desired. Again, this is solving a problem with another problem.
Finally there are white lists, which are almost as annoying for the sender of email as finding that their ISP or IP addresses is on a blacklist. A white list works by requiring all email senders to PROVE they aren´t spam, either through filling out a form or by sending some sort of request.
For urgent communications it can truly slow down the process. And interestingly it has several shortcomings. The first is that bots can try to trick the system by responding to follow up requests. This still means that the user ends up with emails he/she may not desire, and worse it does nothing to block hi-jacked emails from friends and colleagues — not that any spam program would.
So in the end spam is something we live with, and unfortunately the solutions are in many ways as great as the problem they tried to solve.