Langa Letter: Real-Life Spam Solutions - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications
04:00 PM
Fred Langa
Fred Langa

Langa Letter: Real-Life Spam Solutions

A new generation of anti-spam tools is just around the corner. But until then, these spam blockers and handlers may be the next best thing.

We all know spam is annoying, but have you thought about how much it actually costs you? If you spend, say, 10 minutes each workday identifying, deleting, or otherwise dealing with spam, then you're expending some 43 hours a year--more than a week's worth of lost productivity--on spam. If you earn $50,000 a year, then the value of that lost time is something like $1,000. Of course, your actual numbers may be higher or lower depending on how much spam you get and what your time is worth, but you get the idea.

Now use the same technique to estimate the average amount of time and money lost to spam across your entire company, or nationwide, or worldwide, and you'll arrive at a staggering, almost scary number. Spam isn't just an irritant; it's costing us all huge amounts of time and money.

And it's getting worse: One anti-spam company,, has tracked spam worldwide for the last 18 months and seen the volume of spam increase fivefold in that time. Brightmail says that spam now accounts for almost 40% of the world's E-mail traffic, a colossal waste of bandwidth, storage, computing power, and human effort.

Present Tools Are Inadequate
When spam first became a problem, some very clever programmers began to notice patterns. For example, a high percentage of spam originated from a relatively small group of servers that tended to be hosts to spammers. The programmers came up with the idea of collecting data on spam's origins and sharing this information in "blacklists" (sometimes called "blocklists") that ISPs and mail-server administrators could use to block all mail from the known-as-bad IP addresses.

This worked for a time, but then spammers got smarter and started using more-sophisticated methods of broadcasting spam. As just one example, consider the hit-and-run technique, where a spammer might use a particular IP for only a short time. By the time a blacklist-keeper reacts and adds the offending IP to its database, the spammer has moved on, so no spam is blocked. Worse, because the now non-spamming IP or IP range is still in the blacklist, all totally valid E-mail from that IP or IP range continues to be blocked, at least until the blacklist is updated again. This is a classic double negative--the original problem isn't solved (spam isn't blocked), and a whole new problem is created (good E-mail is blocked).

That's not a made-up example: Most blacklists now really do cause more harm than good. Want proof? A study by Giga Information Group found that the best-known blacklist, MAPS RBL (Mail Abuse Prevention System Realtime Black List), catches less than 25% of spam but blocks 34% of good mail. In other words, it doesn't catch much spam in the first place, and then, for every spam that's blocked, it also blocks 1.4 totally valid nonspam E-mails!

The defenders of blacklists swear by them because that low 24% success rate still may mean that a large number of spam messages are blocked. But how can anyone possibly regard a technology as successful if it has a 76% failure rate (76% of spam gets through) and if it also generates collateral damage through a "false positive" error rate of 140%? To any rational person, grotesque failure rates like those are a clear indication that the technology simply isn't working.

But it gets even worse: Blacklists also can be actively misused through malice, ignorance, or simple misapplication. This has caused groups as diverse as the ACLU, the Electronic Frontier Foundation, and Computer Professionals for Social Responsibility to speak out against blacklists. (See, for example, MAPS RBL Is Now Censorware, The Coalition Statement Against "Stealth Blocking", When Spam Policing Gets Out Of Control, World Justice, or Big Class Action.)

Clearly, blacklists are an outmoded tool, a very blunt instrument, that have outlived their usefulness. Very simply, blacklists now do vastly more harm than good.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 4
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Tech Spending Climbs as Digital Business Initiatives Grow
Jessica Davis, Senior Editor, Enterprise Apps,  4/22/2021
Optimizing the CIO and CFO Relationship
Mary E. Shacklett, Technology commentator and President of Transworld Data,  4/13/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll