Building a better spam trap

A group of researchers and developers hopes to cut back the burgeoning growth of unsolicited e-mail by coming up with new ways to block unwanted messages.

Margaret Kane Former Staff writer, CNET News
Margaret is a former news editor for CNET News, based in the Boston bureau.
Margaret Kane
2 min read
CAMBRIDGE, MASS.--If experts here get their way, spam may soon be dead meat.

Unsolicited e-mail messages, or spam, are on track to make up the majority of traffic on the Internet. But a group of researchers and developers gathered here Friday hopes to halt that by coming up with better ways of blocking those messages from consumers' in-boxes.

The Spam Conference, held at the Massachusetts Institute of Technology, was originally intended to be an informal gathering of 30 people or so. But more than 500 registered to discuss and debate the best way to battle the problem.

"Spam-filtering is shooting at a target that is not just moving, it's taking evasive action," said Bill Yerazunis, a research scientist at the Mitsubishi Electronics Research Lab and the author of the CRM114 Discriminator, a spam filter.

Earlier methods of fighting spam focused on certain aspects: blocking e-mail from an address, or with the word sex in the subject line, for example. But spammers have found many ways to bypass these methods.

More recently, spam-fighters have been looking at statistical analysis to help determine whether a message is spam or not. Programmers can use large archives of known junk e-mail to search for patterns and properties, then use those results to test incoming mail.

Those filtering methods can help combat one problem in spam-fighting: false positives, which lead legitimate e-mail to get mislabeled as spam. And the methods may also be more difficult for spammers to fight than traditional defenses.

"Spammers haven't yet made a concerted effort to get past statistical filters," software developer Paul Graham said at the conference.

And the more consumers use statistical filters, the more difficult it gets for spammers to get mail through, Graham said. Since people's filters will be based on their in-box, there will be slight differences, he said.

While much of the discussion at the conference centered on the technical issues, some attendees did address the need for a more concerted effort to set up formal structures for fighting spam.

While many developers are working on new methods of filtering, for instance, there is a need for other types of tools, such as methods of visualizing and measuring global spam activity, said Paul Judge, director of research and development at e-mail security company CipherTrust.

Last November, CipherTrust set up the SpamArchive, a public database of junk e-mail that developers can use to study and test solutions on.

Of course, one of the main problems is that spammers can be as creative as spam fighters, figuring out ways around blockades and filters.

And as e-mail usage spreads beyond PCs, fighting spam can mean more than just saving time, it can mean saving money. For instance, consumers who download e-mail on smart phones may have to pay for every byte they download.

"The technical ability (of spammers) should be respected," said John Graham-Cumming, the author of the POPFile e-mail filter. "But the real costs of spam can't be ignored."