More than 13 billion unwanted e-mail messages swamp the Internet every day, worldwide. This time-wasting junk is a $10 billion annual drag on worker productivity in the United States alone. In a perverse analogy to Moore’s Law, the number of spam messages is doubling roughly every 18 months. It has risen from 8 percent of all e-mail in 2000 to more than 40 percent by the end of 2002, and is now more than 50 percent. Conceivably, spam could soon represent 90 percent of all e-mail.

Complicating the issue is the virus problem—unwanted emails that cause serious damage to individual computers, or complete networks. 2003 was only about a month old when there was yet another major computer virus attack (the SQL virus) that shut down a lot of major banking and business systems worldwide. Malicious code attacks are continuing to run rampant, with the problem getting ever worse. New virus versions are still emerging, trying to outsmart all of the latest antivirus software.

One of every 200 e-mails sent last year contained a computer virus, and one in three e-mails was unsolicited spam. The most worrisome trend is spam e-mails combined with viruses, making spam more difficult to detect and more dangerous. Also, the virus-to-e-mail ratio is growing worse, mainly because many users and resource managers don’t keep their security up to date.

Countermeasures

Until recently, there didn’t seem to be a foolproof way to eliminate spam. As quickly as systems managers added filters (catching specific words), spammers came up with new ways to bypass those filters. But smarter filtering techniques are yielding good results.

Here’s a summary:

• Blacklist: Identify the IP address of the spam sender’s computer, then advise the service provider to block mail from that address. This method is effective, but it inevitably leads to a cat-and-mouse game between spammers and blockers.
• Distributed identification: A community of users flag spam for one another. When enough recipients object to a particular message, it is automatically transferred to everyone else’s spam folders.
• Profiles: Heuristic analysis software looks for invalid message traits—as defined by an evolving set of rules—and develops a numerical score for each incoming e-mail. If the score hits a designated limit, the e-mail is blocked. Of course, some good messages get flagged too.
• Filtering: Bayesian filtering doesn’t adhere to any particular set of rules—it learns and re-learns how to spot spam by scanning the mail that’s accepted and rejected. The filter calculates probabilities based on the most unusual characteristics of each message. With time, it “knows” what kind of email to deliver, and what to delete. This “artificial intelligence” filtering eliminates more than 99 percent of unwanted messages. This is already popular in the open source community and may soon be adopted commercially.

• Labels: More than 25 states already require senders to label spam as spam, and legislation is being proposed to fine spammers. This is similar to proposed stiff penalties for telemarketing calls to numbers on a prohibited list.
• E-mail fees: Because e-mail is essentially free, spammers can literally send millions of messages at minimal cost. Levying a charge (however small) on legitimate e-mail distribution will limit mass mailings, though it won’t stop it.