We are all used to spam arriving in our e-mail inboxes, but now the problem is spreading to other communications methods.
Research by Wireless Services Corporation shows almost half of the mobile phone text messages received in the US are spam, compared with 18% a year ago. Another problem is the growing menace of spam over instant messaging (spim), with Meta Group reporting 28% of instant messaging users hit by spim.
Meanwhile, IT managers are turning to new methods of trapping e-mail-born spam at the network edge. According to e-mail security provider Postini, 88% of e-mail is spam and Symantec reports 70% (their Brightmail Antispam product is used by ASPs such as MessageLabs) with 80% from overseas, particularly China and Russia. Appliance servers are now available that claim to trap “dark traffic” such as unwanted inbound SMTP traffic, directory harvest and e-mail denial of service (DoS) attacks, malformed and invalid recipient addresses.
Last month, Microsoft acquired Sybari and according to IT Week, the Sybari tools are likely to be offered as a plug in for the virus-scanning API in Exchange Server 2003 service pack 1, as well as part of Microsoft’s plans to offer edge services in forthcoming Exchange Server releases, including Sender ID e-mail authentication in Exchange Server service pack 2, IP safe lists, and a requirement for senders to solve a computational puzzle for each e-mail sent, increasing overheads for spammers (and unfortunately for the rest of us too).
Some industry commentators criticise the use of filtering products, citing examples of blocked legitimate e-mail. Sadly this will always be the case (one of my wife’s potential customers once claimed that her domain name pr-co.co.uk is invalid, blocking all addresses containing hyphens) and many of my clients (wisely, if in a somewhat draconian style in some cases) block various attachment types. A few weeks back, even a reply which I sent to a request for assistance left on this blog was picked up as spam. There will always be a trade off between false positives and a small amount of spam getting through – what is needed is for a real person to double check the filtered e-mail, combined with an overall increase in the use of digitally signed e-mail.
Practical measures for combating spam (MessageLabs)