Task force tracks spam in the enterprise

On the surface, it almost sounds like a super hero team from the pages of a comic book – the Anti-Spam Task Force.

But members of the Task Force – established in March and spearheaded by Vancouver-based open source software provider Active State Corp. – say the spam problem is serious, and they’re vowing to tackle the problem once and for all.

As spam becomes more than just a nuisance, and as spammers get wise to current methods of filtering unsolicited e-mail, the cost of accessing enterprise networks is increasing – Active State quoted figures from Ferris Research which recently estimated that in the U.S. spam will translate into more than US$10 billion in lost productivity this year alone.

The group features several prominent anti-spam researchers including Jason Rennie, author of the iFile open-source tool, Tim Peters, creator of the SpamBayes Bayesian filter and Dr. John Graham-Cumming.

According to Jesse Dougherty, Active State’s director of development, the Task Force will focus on anti-spam issues affecting the enterprise, and is specifically working on an adaptive filtering approach to spam and developing enterprises content tools.

While spam may never totally be vanquished, “technology is evolving now to that you can start to limit the freedom of motion of spammers,” Dougherty said. The real driver, Dougherty explained, “is not actually the amount of spam that comes into the enterprise each day, it’s the number of complaints to the help desk.” One of the biggest issues is working towards an anti-spam system with near 100 per cent accuracy, he added.

The company’s own open source roots, specifically its PureMessage antispam products, were a factor in its decision to launch the Task Force, admitted Dougherty. But he added that some of the Task Force’s findings will be incorporated into other open source projects.

Technical initiatives currently underway include improved methods of distinguishing between wanted and unwanted e-mail, engineering a non-spam gateway e-mail filtering features to boost enterprise productivity, and the “Bayesian approach,” a technology that learns as it filters e-mail content by assigning spam probabilities to individual words in an e-mail. Bayesian filters can quarantine messages that use nonsense words, such as words with numbers instead of letters, to elude detection.

In practical terms, said Graham-Cumming, creator of the open source Perl-based Bayesian program, the object of the task force is to figure out how you apply those “on-the-fly” anti-spam techniques into an enterprise environment.

“Given the stresses and strains on the average IT person everyday, (the question is) how do you give them the power of those techniques without taking up all their time training a filter?”

Spamming techniques change rapidly, particularly as spammers implement increasingly complex encoding to try to avoid identification, Graham-Cumming said. This ultimately is the Achilles heel of spam – the spammers’ wide array of techniques will be their undoing and create better anti-spam methods.

“In the future, much like you hear about a new type of virus, you’ll hear about a new spammer technique…which is then quickly blocked, regardless of what they’re trying to sell you,” Graham-Cumming said.

For Neil Schwartzman that future won’t come soon enough. One problem with general spam filtering is that it’s too stringent and weeds out good e-mail in the form of false positives. Schwartzman, chair for the Coalition Against Unsolicited Commercial Email (CAUCE Canada), noted that perhaps legislative and technical methods be used in tandem in dealing with spam. The organization lobbies for and supports legislation restricting the activities of commercial e-mail advertisers.

“Companies are thrust into having to deal with that when people are battering on your mail server to the point where you’re losing legitimate e-mail…more and more reaction to this almost daily…what used to be an annoyance is becoming is now a denial of service,” Schwartzman said.

Fighting spam through legislation alone might be difficult considering the elusive nature of spammers – but together with technology it can at least keep them at bay, according to Active State.