SPAM Still Not Canned By CAN-SPAM Act

The CAN-SPAM Act set out to reduce unsolicited e-mail by targeting the fraudulent use of third-party computer systems to relay e-mail messages, as well as messages that are unsigned or have fraudulent return addresses, and requires all messages to include opt-out functions.

Although the law looks good on paper, mass mailers have already found ways around it, such as turning to offshore relays. Spammers are also finding ways to defeat antispam filters by seizing legitimate e-mail addresses and falsifying subject lines.

\

FRANK J. OHLHORST

\

Technology Editor

The majority of spam filtering tools on the market use blacklists of known spammers and their domains. In addition, some filters add text and image heuristics to identify content and classify it as spam. Spammers are starting to defeat those filters by falsifying e-mail header information and by introducing spelling errors or added spacing into subject and text areas, such as writing "m0rt gage" for a mortgage-related e-mail.

As a direct result of the increased spam filtering, companies are faced with a growing problem of false positives, or legitimate e-mail messages erroneously being identified as spam. To combat that, some antispam vendors are turning to whitelists of addresses from which the e-mail program application is permitted to receive e-mail. While that concept works well in theory, the downside is that someone has to maintain the list or set up an automated process.

id
unit-1659132512259
type
Sponsored post

The key to effectively combating spam is to leverage current technologies while employing newer tactics and customizing the solution to the specific customer's needs.

2003 SPAM STATISTICS

When crafting an anti-spam solution, integrators must consider some key aspects offered by available technologies and define their prospective customer's expectations. The administrative burdens first must be addressed, such as who will maintain the whitelists and blacklists, or whether those will be provided under a subscription.

Secondly, integrators will have to determine where spam prevention will take place. Solution providers may find that combining server and client filtering offers the best of both worlds. Another issue is how much control an end user should have over spam. Better solutions allow the recipient to access a spam folder and add legitimate e-mail addresses to a whitelist and unsolicited e-mail to a blacklist.

Integrators also can implement a challenge and response authorization system, which shifts the spam identification burden to the sender. Simply put, when a new sender sends an e-mail, a return e-mail form is automatically sent asking the author to validate who they are. Valid senders are added to a whitelist and their e-mails can be delivered. Challenge-based solutions are effective at weeding out e-mail sent by bulk mail robots or humans using false addresses.

Challenge-based systems often are not practical for companies that rely on receiving unsolicited

e-mails from prospective customers. The upside of the technology is that spam can be effectively eliminated from most inboxes while still giving some control to the receiver.

With no end in sight to the spam morass, integrators must craft defenses by combining technologies such as custom solutions and off-the-shelf hardware and software.