Does your PC have a good rep? To send e-mail, it better

Most computers that send e-mail are bad Netizens, say firms using new "reputation-based" scoring to filter client e-mails.

Joris Evers
Joris Evers Staff Writer, CNET News.com

Joris Evers covers security.

2 min read
Nearly all of the Internet-connected computers that send e-mail are controlled by spammers, according to companies that track e-mail reputations.

Less than 1 percent of systems that send e-mail can be deemed a good citizen of the Internet, according to Return Path, a company that compiles e-mail reputation data. Return Path collects data on 20 million Internet Protocol addresses that send e-mail, the company said Tuesday.

"The majority of e-mail out there is spam. It is coming from compromised hosts," said George Bilbrey, general manager of delivery assurance products at New York-based Return Path, which specializes in helping companies get their e-mail delivered to in-boxes.

Reputation-based filtering is emerging as a new technique to keep spam out of in-boxes. Senders are graded on their practices and assigned a reputation score based on several variables, such as complaint rates, volume of mail sent, and response to unsubscribe requests.

Companies like Return Path and Mountain View, Calif.-based Habeas are stepping in with reputation services, hoping to make money by placing paying customers on "safe" lists and providing information about bad e-mailers to Internet service providers and sellers of e-mail security products, such as IronPort.

Of the 20 million IP addresses that send e-mail and are tracked by Return Path, only 0.9 percent have earned a reputation score that will allow their e-mails to be delivered to Return Path clients, the company said. About 2.5 percent encounter problems such as spam traps or having garnered too many complaints. But 96.7 percent score so badly that the sending computer is likely to be a hacked PC, the company said.

Spam makes up almost 75 percent of all messages sent today, according to e-mail security service Postini. A lot of spam is sent through hijacked computers, popularly called zombies. Yet, zombies aren't the only ones with trouble: Up to 25 percent of legitimate, commercial e-mail gets blocked, according to Return Path.

The statistics that Habeas reports are similar to Return Path's data. Habeas tracks 140 million IP addresses that send e-mail. "Over 99 percent of those are evil," Habeas CEO Des Cahill said.

Habeas and Return Path use the statistics to pitch their products, which they promise can improve spam filters and help commercial e-mailers, such as banks and online ticket-booking agencies, get their messages delivered to customers.