The Cost of Spam
Pragmatic Anti-Spam Guide
Everybody hates spam, but not everybody knows how to minimize the lost time that spam causes. In this guide we will show you the biggest impact spam has on you, and the correct course of action to take to block it.
If asked the question, "Why do you hate spam?", most people will say "Because it wastes my time". Correct! The worst thing spammers do is waste your time. This is the primary; if not the only reason that people hate spam. So, when people choose an anti-spam solution, the sole criterion should be "Can this product save me time?" Unfortunately, people do not always follow this simple but important guideline while evaluating anti-spam products and services. They are misguided either by the producer's biased opinion, by the fancy program interface, or worse, by their unquenchable flames of fury toward spammers.
This guide was prepared to help you get an idea of what constitutes a good anti-spam product. We compared various technologies and analyzed why a particular technology is good or bad. We do not, however, comment on particular products that use the technologies described here. After you have selected the technology that fits your rationale and goals, you still need to evaluate other aspects of the product (such as performance, stability and customer support) to ensure complete satisfaction.
1. Track spammers and fight back
This is the classic method. There are many guides on the net that teach you how to analyze email headers, and then, using Internic and other online resources, help you locate the spammer, and complain to his or her ISP.
Recommendation: Don't do it. It's not worth your time. Think how much time you would spend on this process, compared to simply hitting the "delete" key on your keyboard. Should it be the legislator's responsibility to prevent spam the legal way? Some advocators argue that this is like a "neighborhood watch" that prevents community crimes. We don't agree with this analogy. Just take a look at viruses as an example. Making and distributing viruses is of course illegal, but did we see the number of viruses decrease simply because of the laws?
2. Challenge Response
This is another trick becoming popular on the anti-spam battle-field. The idea is to send a "challenge" to the sender of the message, which asks him/her to reply. If a reply is received, the sender is added to a white-list and won't be challenged again. Otherwise, messages from this sender will not be shown to the recipient.
Recommendation: Do not ever try it! No matter what the advocates of this technology say, or how enticing it sounds, it is NOT a "surefire way" of eliminating spam. This technique has consequences far beyond stymieing spam-spitting software robots, and some leading anti-spam activists fear it could backfire and render e-mail useless if widely adopted. Below is a partial list of drawbacks of the challenge-response technology:
It is very unfriendly and rude to legitimate senders
Legitimate senders may, on occasion, use another email address that has not been white-listed. They will be challenged again, which is even more frustrating.
Legitimate senders may forget to respond, or may not receive their email for several days because they are on a trip and don't have access to their computers. In this case, the original messages (which may be important) can be very significantly delayed.
If both the sender and recipient install challenge-response based software, there will be an endless loop of challenge-responses, which will eventually paralyze the system.
All messages from automated services, such as registration confirmations, and trade information (from sites like Amazon or e-Bay), will have no chance of reaching the users inbox. Messages of this type are sent by robots, which never respond to a challenge.
Mailing list subscribers will be bombarded with challenge messages.
For big ISPs, the sheer amount of challenge messages will double their traffic and penalize the system significantly. We are sure that those ISPs are not at all happy to see that their already harmed systems will be double-taxed by spammers.
Steve Atkins, an anti-spam consultant in Redwood City, California said, "It's sufficiently tempting that people will use it and will not realize all the bad things that will begin happening." We would like to suggest that if you are using challenge-response technology, and happily find that your inbox is clean, check the above list to see if you are affected in any way. Think twice before starting to use (or continuing to use) this technology at all!
3. Unsubscribe or bounce back
The seemingly simplest way to stop spam, would be to use the "unsubscribe" link found in most such messages to "opt-out". Other tools are available that will let you bounce spam messages back to the spammer that would suggest that your e-mail address is wrong or does not exists. The hope is that they'll stop trying to send you messages.
Recommendation: Don't use this method either. Most spammers use fake addresses, and bounce back does not work at all. If you choose to unsubscribe, you are caught! The unsubscribe link's only purpose is to verify that there is a human being reading their message. If you unsubscribe, you will receive even more spam!
4. Collaborative anti-spam networks
The advocators of collaborative anti-spam technology argue that spammers usually send out the same message to millions of people. So, if a user finds a spam message, he or she can use a "collaborative network" to send out a "signature" of the message to all users subscribing to the same service. The expectation is that action on the part of one user will prevent other users from being disturbed by the same message.
Recommendation: This technology does work. However, it has some drawbacks:
1) The detection rates of collaborative networks are not as high as they are said to be.
2) Detection speed is slow, and prone to network errors. Our tests have shown that generally speaking, all products that rely on "online updating of spam definition databases", will cause some inconvenience in usage. Nevertheless, the actual user experience depends upon the design and quality of the particular product.
5. Key phrase matching
Keyword matching is a very old technology. It marks a message as spam if certain "bad words" are found, and it marks it as non-spam if "good words" are found.
Recommendation: Do not use this technology. It wastes too much of your time defining and updating keyword lists. The detection rate is not at all satisfactory. Both false-positives and false negatives are high. Some sophisticated products even use "regular expressions", which are very hard to understand unless you're a computer expert.
6. Black-listing and white-listing
Black-listed senders are blocked and white-listed senders are welcome. Messages from unknown senders need to be processed manually by the recipient.
Recommendation: It is not a good idea to rely solely on black-lists or white-lists. The reason is that it is unmanageable for those receiving large amount of emails from strangers. However, the technology itself is not entirely useless. It can be used with other technologies to improve detection rates and to make anti-spam software easier to use and more customizable.
7. Statistical content filtering
This is another old technology that is now becoming popular on the anti-spam battlefield. Naive Bayesian classification is based on English scientist T. Bayes' statistics theory. It is a very old technology, yet extremely effective in detecting spam.
Recommendation: This is the technology of choice. Bayesian filters learn by examples. When you first use it, it may not be very clever and may appear to be unsatisfactory. However, after days of training, it will become extremely precise. It is currently the only technology that reflects your own definition of what is and isn't spam. Although training can be a little bit troublesome, compared to the effort required by other methods, it's trivial, and the benefits far outweigh the cost.
8. Checkers vs. Proxies
Apart from core technologies used, the design of a spam filter also greatly affects the overall usability of an spam blocker. Some spam blockers are designed as "Checkers" while others are "Proxies". "Checkers" require you to use them to check your mailbox and remove spam prior to launching your email program to retrieve your email. "Proxies" sit between the mail server and your inbox, and filter out spam transparently.
Recommendation: Do not consider spam blockers that are "Checkers". Remember, the reason you are buying an anti-spam software is to save time, not to kill spam or "shoot spammers dead". No one enjoys the process of deleting spam, that's why people need spam blockers. Checkers are simply too expensive to use in terms of time.
End Notes
We are an anti-spam product vendor. The purpose of this guide is to promote our philosophy, not our product. We design our product in accordance with what we think an anti-spam software should be. After reading this guide, we encourage you to try our product as well as our competitor's. We'll be very glad if you agree which our philosophy, even if you don't choose our product.
Please visit our web site at http://www.spamweed.com and email us with your critiques and comments.
Don't buy an anti-spam product because you hate spam! When evaluating an anti-spam product, think "does it save my time compared to just simply deleting the spam?"
Our goal is to save your time. If your time is precious, please give us your support!
|
