Web security firm Message Labs claim that cybercrime will increase significantly in 2008 with spammers using ever more sophisticated malware tools to get their messages out. The lucrative $105 billion market is attracting a steady stream of new players using new tactics such as video file spam and the ‘storm worm’ (a Trojan attachment associated with mass email-outs). Despite all the new e-crime tools available, email spam remains at the heart of this massive problem that affects every computer user.
In 2004 Bill Gates predicted that the spam problem would be solved within two years. He was spectacularly wrong. The problem got worse and 2007 was the worst year yet for email spam. Experts believe that up to 90 per cent of all email is now generated by spam robots. 2007 was also the year where the total of spam emails surpassed genuine person-to-person emails: 10.8 trillion to 10.5 trillion. The gap is only likely to increase. Estimates range from 60 to 150 million emails a day spruiking penis extensions, Viagra and a variety of get-rich schemes. While the most common reaction to spam is annoyance, it is also harmful.
Spam is generally used to refer to unsolicited or unrequested junk
emails over the Internet, known as unsolicited bulk emails. Unlike regular advertising email, the sender cannot be reliable contacted and the receiver cannot unsubscribe. Spam affects productivity. In Australia, the time and bandwidth lost to spam is estimated to cost business $2 billion a year. A 2004 National Technology Readiness survey (pdf) in the US found workers spend 2.8 minutes a day deleting spam at a cost to business of $21.6 billion in lost productivity.
In response to the growing problem, the US implemented the CAN-SPAM Act in 2003. The act banned misleading header information, deceptive subject lines, and gave email recipients an opt out method that asked the sender not to send future email messages to that email address. The act was heavily watered down after pressure from lobby groups including the Direct Marketing Association. Anti-spam activists dubbed the act ‘you can spam act’ saying the act did not outlaw the practice and instead appeared to give federal approval to spammers.
Where as the US legislation is opt-out, the Australian Spam Act of the same year went much further with its ‘opt in’ clause. The act makes it illegal to send ‘unsolicited commercial electronic messages’ from Australia exempting only charities, religious organisations, political parties and the Government. The act covers email, instant messaging and other mobile phone messaging but does not include telephone traffic. Despite the stiff million dollar plus penalties, the act has been ineffective due to its inability to reach foreign spammers.
As Email filters have become more sophisticated in their response to the problem, so too have the spammers tactics themselves. Thus while filters look for common used spam words, do check-sum based filtering, and perform statistical analysis and authorisation, the spammers have hit back by disguising their messages. Thus they are replete with words like “pen1s”, “s3x” and “\ /i@gra”. And to overcome the Bayesian filtering technique (based on keyword likelihood theories), spammers include nonsense text such as “group jed dash grille.jar aghast waxen squad kerry”, a technique known as Bayesian poisoning.
While mail servers run spam filtering software such as Spam Assassin to mark those mails it thinks are spam and place them in dedicated spam folders, it remains an inexact science. User must continue to examine spam emails before deletion in case they really are not spam. Spammers get most of their distribution lists by using programs to crawl the web sniffing out email addresses.
A Center for Democracy & Technology study of what types of addresses are more likely targeted, showed the best way of combating this is by publicly listing an address in human readable form such “name AT place DOT com” so that bots cannot pilfer it for spam use. Despite these measures, spam is likely here to stay, according to Greg Toto, vice president of products and operations at computer security firm BigFix. “Eliminating spam is a war you cannot win," he says. "It is much cheaper to send spam than stop it.”