I got into a spirited discussion online last week about what constitutes spam that helped clarify my own ideas about spam and the methodologies available to fight it. The dispute started when someone stated that all bulk commercial email is spam and that "bulk" means any message sent to more than one person.
I argued that it makes no sense to classify as spam any message sent to two or more people. Furthermore, most of the spam sent today is sent to one address. Instead of sending one message to thousands of recipients, most spammers today send thousands of messages, each to one recipient. This change in tactics is one of the reasons spam has become a much bigger problem than it was a couple of years ago. You used to be able to just block most mail that didn't have your address on it. But now, with personally addressed spam, you have to make a determination based on the sender or the message content.
Not every commercial message sent to multiple addresses is spam. For example, this newsletter from Penton Media goes out to thousands of subscribers. But it isn't spam because you explicitly signed up for it. (Newsletter publishers call this process "opting in.")
The formal name for spam that you see most often is unsolicited commercial email (UCE). The first word is the key. A message is spam not because of the number of people it was sent to but because those people didn't ask for that message. Any commercial mailing that you didn't ask for is spam, according to a strict definition.
Some people would make an exception for mailings from a company that you have a prior relationship with, but I feel that exception applies only when the company gives you the choice of receiving their communications and you explicitly opt in. If you're getting mail from a company just because you ordered something from it in the past, that mail is spam.
I would broaden the definition of spam to include unsolicited solicitations of all kinds, commercial and noncommercial (e.g., political entreaties, chain letters, missing persons pleas). Personally, I also delete without reading all joke lists, Internet legend stories, and so on—even from people I know. (I guess I'd call those messages junk mail rather than spam because they don't ask me to take any action.) That said, I agree with the Coalition Against Unsolicited Commercial Email (CAUCE) that UCE is the biggest spam problem we face today.
So far, we have three basic approaches to fighting spam—blocking it based on the sender, blocking it based on the message content, and identifying, reporting, and eventually prosecuting the spammers. Many antispam applications combine the first two techniques. Some companies use both server- and client-based methods.
A server-based approach is particularly important when Outlook is the client. Antispam add-ons designed for Outlook must retrieve the message from the server first. Such tools can't just look at the message headers and delete the message directly from the server. Therefore, if you want to minimize spam traffic on your network and you have Outlook clients, you'll want to install a strong antispam solution at the mail server.
If a server-based antispam solution isn't an option for some reason, a client tool such as MailWasher can connect to the mail server, check headers, and identify likely spam without downloading the entire message. After such an antispam tool processes the mail, Outlook will have fewer complete messages to download. I'll look at other antispam methodologies in coming weeks.