You've got spam!

From just a trickle a few years ago spam e-mail is fast becoming a flood - and its one that could wash away a lot of the internet's usefulness. Windows Middle East looks at the sources of spam and what you can do about it

  • E-Mail
By  Peter Branton Published  June 1, 2003

Introduction|~||~||~|Across the Middle East, internet access rates are soaring with more and more users in the region getting online. The UAE, for instance, is now ranked in the top 20 globally for internet access penetration. Which is good news for one group of people in the region: spammers.

As night follows day, spam follows the spread of e-mail access. Spam messages have become the IT equivalent of wire coat hangers: you don’t really know where they came from, but suddenly you’ve got a load of them in your in-box. Unlike coat hangers, most if not all spam is completely useless, with the products and services offered being usually unwelcome, and sometimes downright offensive. On a daily basis the average computer user has to wade through promises of instant wealth, cheapo mortgage deals, herbal viagra, pornography, be threatened with curses for breaking a trite chain letter, and be promised added size and potency.

While most people accept this as part and parcel of the hassles of the normal day – along with traffic jams on the way to work, ad jingles on the radio and so on – spam does actually have an impact on the business and home user. Last year, spam accounted for as much as a quarter of all e-mail traffic according to research firm Gartner, compared to less than 10% in 2001. This year, it could be running at as much as 45% of all e-mail traffic. Suddenly the “killer app” that popularised the spread of internet access – and by extension a lot of other computer technology – in the first place isn’t such a killer anymore, its looking more like a victim.

While even at the beginning of this year spam was seen as little more than a nuisance, the sheer volume of it means people are having to take it more seriously. In the US, the Federal Trade Commission has held talks in the past month with regulators, business leaders and consumer activists to discuss the issue. Industry giants are also wading in, with Microsoft teaming up with America Online (AOL) to call for federal legislation to stop spam. AOL has also filed lawsuits against some of the biggest spammers. AOL is estimated to block as many as 780 million junk emails a day – more than it actually delivers.

That sort of volume costs money. Storage, transmission and computing costs imposed on internet service providers (ISPs) to handle that level of traffic have to be paid by somebody, and its most likely to be the hapless customer who doesn’t want to receive the spam in the first place, who will be lumbered with paying for it. To add on to the cost of bandwidth is the human cost: knowledge workers, who will be relatively well paid, have to sift through their e-mail, deleting message after message, and taking longer to get to messages of actual importance.

||**||Extent of threat|~||~||~|And that’s assuming that all spam is harmless, which is certainly not the case. Again in the US, as many as half of all fraud complaints are filed about online fraud, with spam being a major vehicle for unscrupulous fraudsters to target victims. Patent cures for the Sars virus have been offered by spam mails, in poor taste and of course completely useless.

Spam is also used to spread viruses of course, and while the danger can be averted with anti-virus software, the potential for malicious damage is still there. Many spam mails will have a line saying if you no longer wish to receive such mails then you just click on a part of the message to delete it: as a word of advice, don’t, you’ll almost certainly have your e-mail address forwarded to more spammers, or something worse may happen to your PC.

While figures are sketchy for the Middle East, spam is clearly growing here. “We do receive a fair amount of complaints about spam, but at this stage I wouldn’t say we receive a lot compared to other ISPs globally. However, we accept that spam will grow in this region because the number of internet users here is growing,” says Moawyah El Wazeer, marketing manager for hosting and messaging services for the UAE’s ISP, Emirates Internet and Multimedia (EIM). “Bear in mind that a lot of these people will be well educated, with good earnings, so they are just the sort of people that marketers want to reach,” he says.

The ability to reach a reasonably affluent demographic for next to nothing is of course why spam has taken off. While sending “junk” mail by old-fashioned paper and post may need a response rate of no more than one in 100, for e-mail it may be more like one in 100,000. Spamming software can compile lists of e-mail addresses by scouring company web sites, news groups, chat rooms, and subscriber lists, or a spammer can just fire off a mass mail at made up-addresses, and then wait and see which ones are returned as undeliverable: those that aren’t are real addresses, and therefore can be targeted.

The internet of course was originally intended to be an advertising-free zone. What is widely regarded as the first example of spam was a mailing sent from the now-defunct Digital Equipment Corporation on the arpanet (precursor to the internet) in 1978. Around 600 users were told about a new computer system before the US government said this was a breach of policy and assured users it would not be allowed to happen again. The privatisation of the internet in 1993 opened the way for commercial use, but strictures remained on breaches of “netiquette”. A law firm that posted an advert for its services on 6000 news groups in 1994 had its internet access cut off, and the firm subsequently went out of business.

||**||Problems of spam|~||~||~|If only such strictures existed today. While there is some software available to deal with spam, its use remains problematic. “The problem is that what is spam to me may not be spam to you,” says Wazeer. “At this stage we don’t believe the technology available on the market is accurate enough, there are just too many false positives.” False postives are e-mails from a valid user that may be falsely identified as spam. Spammers can also counter filtering software, by making each copy of a mailing slightly different (this explains why you may get a mail like “paul72220p@whatever). More than 90% of spam is now believed to be unique, making filtering harder.

While there has been a lot of attention paid to legal remedies, these also remain unlikely to succeed, not least because the nature of the internet makes it possible to cross national boundaries. Without any form of unified law on internet access in this region, stopping spam by legal recourse would be next to impossible.

Also, some spam may be annoying, but that’s not to say its unreasonable for a firm to send it. “Its like leaving your business card around at a trade show,” says Wazeer. “If you do that, you’re inviting people to mail you their company information, even if you were just trying to get some freebie at the time.” Marketing firms argue with some validity that they shouldn’t be prevented from using technology to reduce their overheads if they are marketing a legitimate product: such savings can be passed on to the customer.

Which is not to say that nothing can be done about spam. While it will always be a battle between vendor and spammer to produce the better technology, as awareness increases about the problem of spam, then budgets allocated to it will increase, which means the resources devoted to it by vendors increase.

“Spam wasn’t really considered a threat six months ago, but now we’re seeing a lot more interest in filtering software, as people realise just how bad the problem is” says Abdul Karim Riyaz, director of eTrust security solutions at Computer Associates Middle East. “Customers are looking at what traffic comes into the network, so that is happening from a corporate point of view, but still a good percentage of corporate customers are still not looking at spam as a serious problem, or they are not aware of the bandwidth and resources that are being utilised by this useless mail that comes in.”

Other vendors are offering spam filtering systems as part of their overall security package. This year security firm Network Associates has made a number of acquisitions of technology firms to round out its product range, including Deersoft, a provider of anti-spam applications. The products have been integrated with its McAfee technology, and are now available in Saudi Arabia, with launch expected for the rest of the region shortly.
“The Deersoft solution has been selected as the most effective system for deployment at the gateway or on email servers, and can scale for use by a large enterprise,” says Thomas Mina, territory manager for Network Associates. “This marks a significant investment in spam and content filtering.”

Vendor Symantec is also looking to launch a product some time towards the end of this year, according to Prajit Arrakel, Symantec business manager at Aptec. “It is being released because spam is becoming more and more of a nuisance,” he says.

||**||Industry action|~||~||~|EIM has implemented a Web filtering system that allows users to block to domain level, and Wazeer says it does take action against its own users who send spam. “We start with a warning telling them they are violating the terms and conditions of their contract by doing so,” he says. “At this stage we prefer not to talk about what other actions we have done but the full terms of the contract do allow us to discontinue the service. In the main though, we don’t believe spamming is coming from our users, we believe they are the victims of spam.”

In Europe, the European Union has passed a directive banning the sending of e-mail unless the recipient has specifically opted to receive it. All countries in the EU have until October this year to pass national legislation implementing this ruling. However, there are concerns as to just how practical this is going to be. The main benefit of getting rid of spam for the end user would be to free up time spent managing his in-box. If that extra time has to be spent deciding what messages should be accepted in the first place, it defeats the object. And while large marketing firms may be forced to comply with such legislation, they argue that they are hardly the worst of the problem. Pornographers pushing their wares online are unlikely to be troubled by the fact that it is unlawful to do so - its probably illegal anyway - and fraudsters are just going to make sure that they are difficult to track down.

Gartner breaks spammers into a number of different categories, with fraudulent schemes, chain letters and the like classified as a bigger threat than general business mail, and indeed the irrelevant e-mail generated within a company – memos you didn’t need to be copied in on, requests that have already been answered and so on.

The best answer is likely to be technology. While spammers look to making their e-mails unique, vendors have devised algorithms that can look at the overall content of a message, and determine which are variable so that changing a few characters in the subject or in the sender’s address becomes pointless. Already though, a countermeasure to this has been developed by spammers: “scramblespam”, in which random characters are not a minor addition to the message but effectively make up the message, the actual content of the ad may be buried in an image or other attachment. Vendors are now working on algorithms to defeat these and so on….

While it seems impossible to see an end to spam, it does look like you will be able to limit its effect in future. However, so long as one of the main benefits of e-mail is that you can get a message from someone you’ve never met, not to mention long-lost friends wanting to get back in touch there’s always going to be scope for spammers.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code