Home > Uncategorized > The Spam Epidemic: Part 1

The Spam Epidemic: Part 1

Last night I got back from an extended business trip to both the UK and Germany. On trips such as these I am often so busy that I have little time to really do justice to most of the email that I receive. This frequently results in my trying to pick out what appear to be the seven or eight most important messages, read them, and respond to them before I have to rush off to do something else; my recent trip was no exception. Today was the day of reckoning—I am still going through the email that came to both my High Tower and personal ISP accounts. As I sort through everything I have received, the fact that I am having to deal with an excessive amount of spam traffic once again became very apparent to me. What is particularly irritating is the ineffectiveness of spam filters in spotting and deleting messages advertising watches and blue pills when they are so very obviously spam and nothing more.

Twenty years ago, Internet spam was almost non-existent. The Internet was originally intended to be used for other than commercial purposes. If someone sent messages marketing or promoting some kind of commercial cause, the sender often received a barrage of negative responses from disgruntled users. Studies of spam show that spam started to substantially increase in the early part of the current decade to the point that somewhere between 80 and 90 percent of traffic going through ISPs’ connections is now spam. Spam has truly reached the point that it can be safely labeled as an epidemic. The toll is not trivial, either. ISPs are charged on the basis of their volume of traffic—spam runs up this cost considerably. I also suspect that users such as myself lose at least one hour or more of otherwise productive work time cleaning out their email queues of the volumes of spam that accumulate each week. When you multiply this amount of time by the number of computer users within an organization, the productivity loss figure can be alarming.

Spam is a strange problem from an information security perspective in that it does not really result in loss of confidentiality, loss of integrity, disruption of availability, inability to assure non-repudiation, inability to establish accountability, and so forth. Cyberattacks invariably represent attempts to exploit vulnerabilities, but this is not in general true of spam. The only facets of spam that are more or less related to information security are the fact that so many spammers falsify senders’ addresses and also the fact that spammers sometimes launch attacks in an attempt to take over machines that they use to spew spam. It is thus somewhat bizarre that information security functions within organizations are so often called upon to counter the spam problem.

Various anti-spam solutions, of which the classic “spam wall” designed to analyze incoming email and block messages that match criteria for junk mail, are the most widely used. Somewhat more visionary solutions provide mechanisms that trace email to the server from which it has been sent; a mismatch between the indicated and actual originating server results in incoming messages being dropped. Presently, however, more visionary solutions are not at all widely implemented, let alone agreed upon. The Internet is in fact now more at the mercy of spammers than ever before. One of the greatest challenges, therefore, is to create, agree upon, and implement suitable anti-spam solutions before the problem becomes even greater—so great that the attractiveness and utility of the Internet to users and organizations is greatly diminished.

Categories: Uncategorized Tags:
  1. No comments yet.
  1. No trackbacks yet.
You must be logged in to post a comment.