June 1 , 2002
What's new at the Firewall
The technology answers, Turajski says, fall into two categories. One is to re-architect the Internet to make spamming more difficult by, for example, providing authenticated e-mails. But Turajski and other experts dismiss that notion fairly quickly as being too difficult to implement.
The more realistic avenue, he says, is to provide intelligent ways to inspect e-mails. One way to do that is to focus on the linguistics aspect of e-mails, as many start-up companies are doing. Such spam filters operate by sets of rules and keywords that filter mail at the mail server, before it goes to individual users. But linguistics-based systems are constantly playing catch-up to the latest spammer strategy to bypass such filters. For example, notice how many different ways spammers have found to spell Viagra? Or is that V*i_a*G!r*a?
Ameren is looking at two possible solutions, according to Knott. One is a client-based tool to help those individuals who are inundated right now. (Knott says that some of his users receive almost no spam, while others are overloaded.) The other type of fix would be a perimeter-based tool that catches spam before it even gets into Ameren's network.
With the increase in hybrid spam/virus incidents, Turajski advocates a holistic approach to combating the problem. Rather than parking a linguistics filter at the e-mail server, Trend Micro and several other anti-virus and security vendors are now placing their software at the client's gateway-the point at which all electronic traffic, including e-mail and Web traffic, enters the company.
Turajski says that a gateway approach is the most economic way to combat spam, stopping unwanted e-mails before they get to users and consume time and productivity resources.
Trend Micro historically has used spam databases to combat the problem at the gateway. Those database tools would look at different e-mail signatures, the sender, keyword, or phone number, and compare them to known spam sources in the database. The database approach was useful with spam that used the same text, such as the one soliciting funds to aid a deposed or wronged former African official. Now, Turajski says he is seeing a lot of "new" spam, or one-off spam. Spammers use serialization-numbers or letters at the end of a subject line-or reformatting within the messages, randomizing paragraphs, and adding HTML tables within messages. All of these techniques create inconsistencies that make it harder to combat spam through database rules and linguistics alone. Consequently, many anti-spam companies, including Trend Micro, have put their efforts into building heuristic tools to fight the rising tide.
Heuristics use contextual analysis of various parts of the message. Turajski maintains that heuristics are more effective over time in combating spam, because a company can fine-tune definitions of what spam is. One person's spam is another's legitimate industry ad, he points out.
For example, most spam filters, linguistic or heuristically based, might easily contain a default rule that would label an e-mail as spam if the subject line included "increase" and "energy." And at utilities, filtering a message encouraging you to "increase your energy and vitality" wouldn't be a problem.