Shark Bait

Knowledge Centers

Operating Systems

Networking & Internet

Mobile & Wireless

Security

Storage

Business Intelligence

Servers & Data Center

Computerworld Reports

Industry

See your link here

Curt Monash

Antispam -- focus on the message, not the messenger!

5 comments

IT TOPICS:Security, Software

Richi Jennings disagreed with my criticsms of Microsoft and SenderID. After some back and forth, he eventually followed up with a substantive post on his own blog making his case.

My basic argument is twofold. First of all, I believe that blacklists will inevitably include people who shouldn't actually be on them. This was my primary theme, and so far as I can tell Richi's primary rebuttal is "Don't worry; it isn't really a blacklist; it's rather more of a dark-gray list, and anyhow it won't be implemented for a few more months. " At least, that's what I think he was arguing.

Well I'm sorry, but that's pretty weak. A good antispam system has 50,000+ rules. To say that there's one rule which is merely a contributing factor like the other 50,000 isn't worthy of an AP story or a press release or an entire Ferris Research implementation report. Either the lack of SenderID validation is enough to get you pretty effectively blacklisted, or the whole subject is a huge waste of everybody's time.

Second, I believe that antispam filters focusing entirely on the "call to action" can and do get most of the job done with negligible false positives. Spammers' motives for sending spam are almost always to get money or information out of you.. Thus, they need to provide a place for you to send the money, enter the information, etc. -- or they need to get you to go to website that will download some malicious code. Whatever the details of their scheme, there's a "call to action" -- most commonly a URL, sometimes an address or phone number. Antispam systems focusing on the call-to-action have very high levels of accuracy and reliability..

There are of course a couple of kinds of spam without clear filterable calls to action. One is stock-hyping; purported stock research reports to drive up the price of some security for pump-and-dump schemes. But those are pretty easy to filter out strictly by their content. Another kind is purely political spam -- say, an antisemetic rant that does NOT have a URL to click on for further information. Well, I'm sorry -- but if the only kind of spam that isn't filtered out by an antispam system is the expression of vile political opinions, I think that antispam system is doing a darned good job.

I must confess that my opinions are based mainly on research that's slightly over a year old, and that I am somewhat puzzled by people's insistence in real life on implementing other kinds of antispam rules that produce way too many false positives. But for now, I'm standing by these opinions, because I haven't seen anything that resembles convincing evidence to the contrary.

EDIT: Richi (in the post I linked to above) has responded to some of the points above. I find his whitelist/blacklist/blocklist argument singularly unconvincing, and so by the way do a lot of other people. Every description I've seen of the plan, including his, suggests that a message whose sender isn't behaving nicely wil be rejected as spam, period -- and hence Microsoft is indeed the sole arbiter of who gets to send email to Hotmail users, or to anybody else who uses the same implementation of the technology.

I also find his processing-power argument unconvincing -- searching for a call-to-action is simply not that expensive.

His third argument, I guess, carries a little more weight -- if call-to-action blocking were all that great, why wouldn't the antispam vendors be more in love with it? But I have at least one theory in response: Brightmail was by far the biggest advocate of this approach, so Brightmail's competitors have for differentiation pushed different approaches. Only -- Brightmail was acquired by Symantec in the interim, and has made hardly a marketing peep since, leaving a huge void in the antispam dialogue that still remains to be filled.

Email this

Digg this

What People Are Saying

Add new comment

It would be very tough to

Submitted by Curt Monash on July 15, 2005 - 3:36 P.M.

It would be very tough to pin the blame on Pfizer for what resellers of their products are doing with them.

if you can't hold the gun companies liable for what happens at gun shows, you surely will never be able to stick Pfizer with responsibility for what illegal resellers in foreign countries do.

Besides, a lot of those drugs are fake anyway, without any Pfizer* involvement at any point in the process.

*Using Pfizer as just an example here, of course.

Report this comment

We got this all wrong.

Submitted by Marco Rosales on June 27, 2005 - 7:59 A.M.

We got this all wrong. Focusing on the messenger is like going after on the US Post Office for all of the junk mail we get. Our legal efforts should be focused on the manfacturers/vendors of the products being pushed through spam. Let them clean up THEIR mess. The messenger isn't working for free. They are in one way or another being paid by the manufacturers.

If we got compensated for every Viagra spam email we received, Pfizer would have cleaned that mess real quickly.

The Recording Industry went after illegal anonymous downloaders very aggressively and I am sure ever manufacturer will do the same if you hit them where it hurts the most.

Marco -

Report this comment

My comments keep

Submitted by IT Blogwatch on June 26, 2005 - 9:24 A.M.

My comments keep disappearing, so let's try this.

Report this comment

That's not a flame. You'd

Submitted by IT Blogwatch on June 24, 2005 - 4:40 A.M.

That's not a flame. You'd know if you'd been flamed ;-)

More thoughts here. Summary: we're in violent agreement about some things, but I argue that call-to-action filters didn't work out to be a silver bullet, and Hotmail's move shouldn't cause any additional false positives.

richi.
PS, long time since anyone called me a "boy." Having just turned 40, I'm kinda grateful...

Report this comment

If it's an ad hominem

Submitted by Curt Monash on June 24, 2005 - 5:31 A.M.

If it's an ad hominem attack, it's a flame as far as I'm concerned. But given the freedom we usually get from on high, I have without complaint edited my post as directed.

But I do have one thought to add -- your argument seems to rely on an implicit faith in Microsoft's infallible wisdom and technical perfection. If I saw them (and the other companies you think will implement the same approach) in the same light you appear to, I might indeed share your views on the desirability of this technology.

For more information about Curt Monash, see his bio.

Report this comment

And things were going along so well, too

Eugene Kaspersky wants no net anonymity

Microsoft: XP is far more vulnerable than Vista, Windows 7

Microsoft Security Essentials: Free is great, but is it effective?

LIVE Nov 10, 2009 12:00 PM ET

Architecting Business Intelligence Applications for Change: The Open Solution

LIVE Nov 12, 2009 02:00 PM ET

The State of PCI DSS Compliance at Organizations Today
Download this resource today!

Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...

Can Heuristic Technology Help Your Company Fight Viruses?
What is Heuristic Technology and how can it help safeguard your business against viruses? Learn more.

Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.

Why Email Must Operate 24/7 and How to Make This Happen
Learn how to avoid an email outage by implementing a hosted email continuity solution.

Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!

All White Papers | All Webcasts

Computerworld Reports

8 Questions To Ask About Your Intrusion-Security Solution

Computerworld Technology Briefings IT Service Management

Computerworld Briefing - Analytics: The Art and Science of Better

All Computerworld Reports

Receive the latest technology news and information.

	Computerworld Daily News (First Look and Wrap-Up)
	Computerworld Blogs Newsletter
	The Weekly Top 10

View all newsletters

* E-mail Address:

* Industry:

* Job Title:

* Company Size:

* Country:

* State:

I would like to receive offers via e-mail from Computerworld partners.

Curt Monash's Archive

IT Topics

Sponsored Links

Play NetApp's New Data Defense Game.

How Do You Rank as an Innovation Leader? Download Recent Study.

Play NetApp's New Data Defense Game.

Extraordinary times demand Brocade Extraordinary Networks.

No Payments for Up to 6 Months on Orders over $500.

NetScaler VPX : Harness the Power of Virtualized Web App Delivery

64-page prescriptive guide to security, compliance, and IT operations.

Streamline IT Costs. Boost Performance with WAN Optimization

Enterprise Network & Server Monitoring Software. Cross over to Traverse...

Keep your IT expertise up to date. Join the Intel Premier IT Professionals.

Crystal Reports Server: More options. Not more money.

Parallelism is not just for HPC. Create rich apps from desktop to device. Get the eval.

Tolly Performance Report "Citrix NetScaler with nCore Outperforms F5 BIG-IP"

Save up to 61% plus Free Cheesecake

Find IT jobs in the Healthcare industry on Dice.com

With the NEW KODAK i700 Series Scanners get full speed at 300dpi!

Not All QSAs Are Created Equal: What You Should Know Before You Buy

The arrival of Serial Attached SCSI (SAS) marks a new era in storage scalability

The AMD Virtual Experience Virtual Trade Show

New DW Options and Price Points. View Teradata Platform Family Data Sheet.

See how AT&T can help protect your network.

3 Innovations. 3 Free Downloads. Free trials of Windows 7, Windows Server 2008 R2 and Exchange Server 2010.

Take the Netezza TwinFin TestDrive!

Citrix NetScaler with nCore Outperforms F5 BIG-IP - Learn More

New Analytical Platform Options. Download Data Sheet and More.

Get more enterprise mobility value for up to 25% less.

Unified Communications: Thoughts, Strategies and Predictions. Join the discussion.

NYUs M.S. in Management and Systems. Offered Online and On-site.

Increase UPS efficiency without sacrificing protection

Crystal Reports Server: Single server access to reports & dashboards

Create new opportunities. See business making progress now

ESET NOD32 with ThreatSense(R) - Get your free trial now!

Looking to add Unix/Linux functionality to Windows?

Join the conversation about the hottest IT trends with Computerworld on Twitter.

ITwhitepapers.com - Access thousands of white papers on 300+ technical topics.

Leverage Your Cisco infrastructure for Superior Application Performance

Learn about the AMD Virtual Experience

Introducing: Project Icebreaker

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map

CIO

Computerworld

CSO

DEMO

GamePro

Games.net

IDC

IDG

IDG Connect

IDG Knowledge Hub

IDG TechNetwork

IDG Ventures

IDG.net

InfoWorld

ITwhitepapers

ITworld

JavaWorld

LinuxWorld

Macworld

Network World

PC World

The Industry Standard

Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.

Antispam -- focus on the message, not the messenger!

What People Are Saying

It would be very tough to

We got this all wrong.

My comments keep

That's not a flame. You'd

If it's an ad hominem

Related Posts

Today's Top Stories

Hot Posts

Recent Comments

White Papers & Webcasts

Computerworld Reports

Newsletters

Curt Monash's Archive

IT Topics

Sponsored Links