Dealing with Spam
Spam is a nuisance. According to Postini.com, spam has increased 65% since January 2002. The sad part is: it’s not getting any better. We’ve taken a couple approaches to combatting spam: a proative approach utilizing challenge response as the chief means of dealing with spam, the other being more reactive – analyizing spam as it comes in and flagging or quarantining those messages for processing by the user.
Challenge Response
Challenge Response handles spam proactively, requiring little to no input from a user. Incoming messages are challenged if a user has never sent email to a user before, or if it is a suspected spam message. This challenge is used to legitimize the email, by qualifying whether it came from a human. If a challenge isn’t met with a response, the email never makes it through to a person’s inbox. If a challenge is answered, the sender is whitelisted, and would not encounter any further issues sending email.
In theory, Challenge Response is a great idea. In reality, it contributes to the problem of “spam”.
When a Challenge Response is issued, it is done automatically by the mail server. It sends an email out with a link asking the user to verify themselves as the sender. They are given a link to click which brings them to a page where they are “challenged” to do something robots could not complete. The challenge response system assumes that if someone is willing to go through the trouble of clicking on the link and filling out the requested information on the form, they are legitimate (i.e. human) senders. Herein lies the problem with Challenge Response &emdash; some email systems treat these challenges as spam.
We found this out the hard way. Our server was blacklisted by SpamCop because of the challenges that were being sent out. This effected the ability of several clients to send emails to any address that resolved to our mail server’s IP address. It also effected our ability to send emails out to some users, because their mail server wouldn’t accept email from our server.
Because of the interruption in service that it caused, we have since disabled Challenge Response on our mail server.
Flagging Spam
Instead of issuing a challenge when suspected email arrives, our mail server flags messages it detects as spam. Incoming messages are rated from 0 to 10 based on the content of the message, attachments, etc. If they pass a certain threshold, the server classifies the message as spam. Messages that are flagged as spam get “[SPAM] ” appended to the subject line. They can also be quarantined on the server, if desired.
This then creates a situation that requires user involvement. Spam still gets through. We simply make it easier to identify what is spam. The user must decide what to do with those messages.
You can do this by using Mail Filters – if your email client supports them – or by utilizing third-party tools, such as Computer Associates’ Qurb. Qurb is a plug-in that integrates with Outlook and Outlook Express. It quarantines email when it comes in, and let’s the user approve or deny messages as they come in. It learns, based on your selections, what is legitimate email and what is spam based on your selections.
In the coming weeks, we’ll be reviewing several applications, such as Qurb, that allow users to better manage incoming messages. Until then, stay posted…