2005: yet another year of spam

You can always rely on one constant in life, and at the moment it seems that constant, for the IT industry, is spam.



commentary You can always rely on one constant in life, and at the moment it seems that constant, for the IT industry, is spam.

Numerous commentators have stood at the threshold of the new year and predicted a host of new information technologies and their applications for 2005 and beyond.

While there are as many opinions as there are seers to offer them, they agree on one constant -- spam will continue to blight e-communications.

Dealing with unwanted e-mail absorbs about 10 working days a year for the average Internet user.
At the Spam Conference held recently at MIT in Massachusetts, there was a general view that while spam is not going away anytime soon (it is in fact increasing), that on the technological and legal fronts the tide is turning against the Viagra merchants and their cronies. There was a general consensus that filter technology is sifting out around 97 percent of unwanted messages and, as Bayesian-based systems (as most are) have just about reached their development limits, the flow of junk has been stemmed to "acceptable levels".

Acceptability is a matter of opinion. According to a Stanford University study, dealing with unwanted e-mail absorbs about 10 working days a year for the average Internet user.

Major e-mail security provider Postini says that of the 2.5 billion messages it processes each week, only 22 percent at the beginning of 2004 were legitimate (non-spam). By the end of the year, that had dropped to just 12 percent. Another vendor, MX Logic, reported 67 percent of all messages to be spam in February 2004, rising to 75 percent eight months later.

A year ago, the US Government passed the Controlling the Assault of Non-Solicited Pornography and Marketing ACT legislation, or CAN-SPAM as it has become known. It brought with it the promise of swift legal response and hefty penalties for those who clog bandwidth with their unwanted e-crud. In this column a year ago, I said I doubted this policy's effectiveness for a couple of reasons: first, it requires recipients to "opt-out" and second, it allows only US state attorneys general and Internet service providers to bring civil action against spammers.

The Australian Spam Act is a better-framed piece of legislation in that users have to "opt-in" to accept unwanted mail -- in other words, "unless I say otherwise, leave me alone". On the surface, perhaps, this is a relatively insignificant differentiator -- but there's no doubt our legislation has been far more effective than CAN-SPAM has proved.

CAN-SPAM has seen one significant result in Jeremy Jaynes, number eight on the spammer's most-wanted list, being convicted in a Virginia court and sentenced to nine years, and few smaller fry have faced court and await sentencing. A plethora of civil actions await decisions so perhaps the legal repercussions are having some effect but that's not reflected in current spam volumes.

But one effect of CAN-SPAM has been a shift by spammers to so-called "zombies", either single or clusters of PCs -- or entire enterprise networks -- which have been hijacked by Trojan horse infections to send waves of spam. By the end of last year, industry pundits were finding that two-thirds of spam was being distributed by zombies, making perpetrators much harder for authorities to identify.

Spam filtering technologies and firewalls may be effective ways to stop these attacks, but that does not stop the human behaviour element. Getting people to stop answering these malicious messages, will be a harder nut to crack in the fight against spam. People still reply to spam offers; a US survey found that one percent of respondents, and two percent of those over 55, bought from known spammers. That's enough to make a spammer's profit, and, in the end, to keep them sending us spam.

Edward Mandla is National President of the Australian Computer Society (ACS, www.acs.org.au). The ACS attracts a membership (over 16,000) from all levels of the IT industry and provides a wide range of services. The society can contacted on 02 9299 3666, or e-mail info@acs.org.au.

This article was first published in Technology & Business magazine.
Click here for subscription information.