Netting the Spammers

Until mid-2001, I had a set of Outlook Rules Wizard rules for identifying junk mail; these rules were about 95 percent accurate. One of the key rules quarantined items that weren't sent directly to my address or to a list that I had knowingly subscribed to. But then senders of unsolicited commercial email (UCE)—or "spam"—switched tactics and starting addressing messages individually, rather than sending bulk mail with the addresses in the Bcc field. I gained back a little ground with Outlook 2002's support for a "whitelisting" filter that separates out messages from addresses in your Contacts folders (for more information about this feature, see "Outwitting Spammers," http://www.exchangeadmin.com , InstantDoc ID 21738). But I was beginning to feel that screening out junk mail with Outlook tools alone was a losing battle.

I'm now beta testing SpamNet, an add-in and service for Outlook 2002 and Outlook 2000 that takes a different approach to filtering spam. The SpamNet service uses a network of thousands of users to build a vast database of known spam messages. The add-in running in Outlook receives updates from the network and quarantines suspected spam into a Spam folder. SpamNet is from Cloudmark, whose principals include Napster cofounder Jordan Ritter.

Here's how SpamNet works: As you receive messages in Outlook, SpamNet works in the background, comparing the new mail in your Inbox against a list of known spam messages that other SpamNet users have already reported. If SpamNet finds a match, it moves the suspected spam from the Inbox to the Spam folder. If SpamNet misses a piece of junk mail, you can use a new Block button on the toolbar to move the item to the Spam folder and, at the same time, report it to SpamNet. Similarly, an Unblock button lets you mark items that were misidentified as junk mail. You can also run SpamNet on demand against any Outlook mail folder.

SpamNet weights spam reports from its users by various factors, such as the amount of spam the user has received and reported and the accuracy of the user's previous reports. SpamNet also lets you whitelist a sender's email address so that the add-in never marks that sender's messages as spam on your machine.

The SpamNet public beta has been under way only since late June, but in its first 14 days, the database collected 4GB of spam. Cloudmark's Tricia Fahey says that when SpamNet was released, it was already capable of catching 75 percent of spam by using information gleaned over the past year by Razor, an open-source, UNIX-based, distributed spam-detection tool for ISPs developed by Cloudmark cofounder Vipul Ved Prakash. Fahey says the company estimates that SpamNet is now catching better than 90 percent of spam sent to its Outlook testers and that some SpamNet users are reporting as much as 98 percent effectiveness.

The service has at least a couple of potential hitches. The first is that because SpamNet is a distributed service like Napster, it works only when you're online. The program will have to work fast to do its analysis before a dial-up user hangs up after downloading messages.

The second is privacy concerns. Obviously, SpamNet must read a mail message to identify whether it matches anything in the spam database. SpamNet uses a unique "signature" generated from the message to test for matches, and Cloudmark says this method protects users' privacy. The SpamNet database stores both messages that SpamNet users report and message signatures, but end users don't have access to the messages. Their copy of SpamNet accesses just the signatures in the database. I'm also concerned about SpamNet's interaction with Rules Wizard rules that also operate on incoming messages, but so far, Rules Wizard and SpamNet haven't collided on my machine.

Reporting spam to other Outlook users, even through a third party's database, sure seems a lot more effective than trying to report spammers to their ISPs. Cloudmark plans to offer a feature-enhanced service to consumers for a fee and provide a spam-detection service to ISPs and corporations, but Fahey says the current product will remain free. It will be interesting to see whether the enterprise product will include an Exchange 2000 Server interface.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish