How to slam spam

special report The fight against unsolicited, bulk e-mail continues.Various tools and techniques have been employed by companies to beat this malaise.

Slam Spam Special Report

special report The fight against unsolicited, bulk e-mail continues.

Various tools and techniques have been employed by companies to beat this malaise. Even governments have signalled their involvement, and plan to follow the steps of Australia and the United States in enacting anti-spam laws.

Anti-spam Focus
Spamhaus Block List
The Spamhaus Block List (SBL) is a realtime blocklist of spam sources and spam services. The SBL is a real-time database of IP addresses of verified spam sources (including spammers, spam gangs and spam support services), maintained by the Spamhaus Project team and supplied as a free service to help e-mail administrators better manage incoming e-mail streams.

Exploits Block List
The Exploits Block List (XBL) is a real-time blocklist of illegal 3rd party exploits (proxies/worms/trojans). The Spamhaus Exploits Block List (XBL) is a real-time database of IP addresses of illegal third party exploits, including open proxies (HTTP, socks, AnalogX, wingate, etc), worms/viruses with built-in spam engines, and other types of trojan-horse exploits.

The Register Of Known Spam Operations (ROKSO) database collates information and evidence on the known spammers and spam gangs, to assist ISP Abuse Desks and Law Enforcement Agencies.

Some critics argue that anti-spam legislation has not deterred spammers from slowing down. However, anti-spam campaigner Spamhaus disagrees with this assertion.

Executives at Spamhaus have hailed Australia's anti-spam legislation, which carries fines of up to AU$1.1 million a day, as solid and strong.

"Spamhaus is seeing a reduction in activity by known Australian spammers.

"Since the introduction of Australia's strong anti-spam law, Australian spammers have started keeping a low profile, many appear to have almost ceased activities and at least one is known to have left the country. The Australian anti-spam law, is working," Spamhaus said.

Recognition from Spamhaus is a boost for government officials trying to legislate a nascent but destructive industry. And the statistics are staggering.

According to market research firm The Radicati Group, on a worldwide basis, spam is expected to cost businesses US$113 billion by 2007.

The International Telecommunications Union believes approximately 80 percent of all e-mail traffic delivered to corporate mailboxes is spam. The ramifications of unsolicited e-mail has resulted in an increase in security threats, a sharp decline in employee productivity, and a negative impact on the bottom line.

History of the term -spam"
Most people with a twisted sense of humour may be aware that the term "spam" originated from a Monty Python skit.

In the sketch, a restaurant serves all its food with an abundance of spam, and the waitress repeats the word several times in describing the wide usage of the ingredient. When she does this, a group of Vikings (don't ask) start to sing: "Spam, spam, spam, spam, spam, spam, spam, spam, lovely spam! Wonderful spam!" until they are told to shut up.

Thus the Monty Python meaning of the term at least is: something that keeps repeating and repeating to great annoyance. Sound familiar?

The term spam itself in relation to computers was first coined in the late 80s or early 90s by techies who were annoyed at USENET (similar to the newsgroups and forums of today) messages being posted off-topic mainly advertisements for commercial goods and services.

You'll never walk alone
E-mail lists are very easily created. Now, even spammers have diversified into the direct marketing database business by selling millions of e-mail addresses of their own.

One of the simplest ways to create a database of e-mail addresses is to obtain a list of valid domain names and match up a list of common names with those domain names.

This is a relatively hit and miss affair but it's a quick way to generate millions of e-mail addresses. Although many messages would bounce, it doesn't really worry the spammers since the return traffic does not affect them.

There are also bots that go out and "harvest" e-mail addresses from Web sites and other online documents. Some people are even crazy enough to believe the "remove me from the database" links which are contained in e-mails actually work. All this usually does is notify the spammer that the e-mail account is active and spam will usually increase rather than decrease.

The newer sinister form of spam
We all know that spam traditionally has been offering us great discounts on obtaining prescription drugs and various methods of attracting members of the opposite and/or same sex and even options of enhancing certain body parts.

So if all that wasn't bad enough there is also now a darker side to spam in the form of malicious or fraudulent e-mails. Hoaxes such as the 419 or Nigerian scam have led to people being robbed and crimes committed all through a simple e-mail message appealing to the recipients' greed.

Spam is also now being used to transport viruses and worms or even spyware to the recipients system.

Then there is "phishing", (that's spelt with a -ph" instead of a -f") which is the act of deliberately constructing an e-mail to look like it has come from a legitimate organisation such as a bank, online auction house or Internet Service Provider.

These e-mails are sent with the aim of duping recipients to reveal their account login details such as username and access passwords.

Phishing e-mails are commonly linked to and used in conjunction with fraudulent Web sites, (such as banking or financial or auction escrow sites), that are setup to look like legitimate businesses that the recipient commonly uses and has accounts with.

Spam doesn't just cover e-mail systems. Today, it can be applied to other electronic messaging systems such as Short Messagin Service (SMS), instant messaging and newsgroups.

In this special report, ZDNet Australia&nbsp presents a comprehensive resource centre for IT professionals in their quest against spam.

Anti-spam offerings:

  • Ultimate anti-spam guide: 11 products reviewed
  • Slam that spam in 2005
  • Slam that spam: 7 packages tested
  • Clearswift MIMEsweeper for SMTP 5.0
  • GFI MailEssentials
  • MailFrontier Desktop
  • McAfee SpamKiller 2005
  • NetIQ MailMarshal
  • Norton AntiSpam 2005
  • SurfControl
  • To download other anti-spam solutions, click here

    News Resources:

  • How to attack spammers in your sleep
  • Caught in a phishing trap?
  • Lycos anti-spam weapon melts away
  • Lycos launches anti-spam zombie army
  • Aust spam enforcers turn to forensics for 'dobbing' campaign
  • Yahoo adds anti-spam tool, ups e-mail storage
  • Tech execs: Wake up and smell the spam
  • False promises about ending spam
  • Spam cites CareerOne as source
  • Microsoft reworks antispam spec to silence critics
  • Seek warns users over new online job scam
  • Labor claims PM's Net Harbour deals breach Spam Act
  • SpamAssassin sports new open source licence
  • Scammers use Gmail invite as phishing hook

    Legislation and best practices:

  • Australia's Spam Act 2003
  • Australian Direct Marketing Association eMarketing Code of Practice [draft version]
  • United States CAN-SPAM Act

    Legal trail:

  • US$1 million bond set for alleged spammer's freedom
  • Australia's Spam Act knocks down spammers
  • First 'warspamming' case reaches court
  • 'Wardriving' conviction is first under Can-Spam
  • Bulk mailer faces criminal charges