Blended anti-spamming blocks out rivals

Antispam providers this week locked horns over which technology is better, blocking or combined filtering.

According to Consumer Reports' 2006 State of the Net survey, which collected 2000 respondents with Internet access, over the past two years US users lost $10.5 billion ($US8 billion) as a result of online scams including viruses, spyware and phishing schemes.

Peter Stewart, CEO of antispam vendor TotalBlock, said those affected would save billions if blocking was used instead of other filters.

"If all those users had used antispam software that relies on challenge-response (blocking) techniques rather than the usual filtering technology, billions of dollars would have been saved, because blocking results in zero spam," Stewart said.

"Challenge-response works by blocking all machine generated e-mail [by] building a list of acceptable incoming e-mail senders, using an address book as well as automatically replying to senders who are not on the allowed list [with] a simple action that requires human intervention to add the sender to the list."

However, research firm Hydrasight managing director Michael Warrilow said this exclusion reduces blocking's relevance.

"Blocking is only suited to a trusted environment where there is an existing relationship between sender and receiver, [while] the benefits of e-mail is anyone can e-mail anyone - this is the beauty and the weakness of the system," Warrilow said.

"We really haven't seen that much success with that type of blocking approach - the only exception is where the mailing relays and ISPs use it as the back door."

He said the most popular approach is blended filtering solutions as they do not restrict legitimate e-mails.

"An heuristic approach using different filters and algorithms is needed to fill the cocktail base - that's the approach most people have taken because they need to ensure people without a pre-existing relationship can e-mail them."

Sophos head of technology for Asia Pacific Paul Ducklin agreed, saying a mixed approach is needed, because a complete, single antispam method does not exist.

"You are aiming for accuracy and speed; there is no 'one technique' that works for everything so a good product must include a number of techniques," Ducklin said.

"Spam filtering systems must use a variety of different mechanisms for analyzing and categorizing e-mails, [which] may include older filtering techniques, that deploys them in a way that gives accurate results quickly."

He said challenge-response filters, such as blocking, slow the process down by adding an unnecessary layer.

"Challenge and response filters work similar to greylisting in that they attempt to determine the legitimacy of a source by [issuing a challenge] to incoming mail; however, this has the same shortcomings where it fails to recognize legitimate mail sent through different servers."

Warrilow and Ducklin said similarities between virus and spam techniques have led to a merging of antivirus and antispam solutions.

"You are seeing people move towards blended antivirus and antispam solutions - there are overlaps in spam and viruses in terms of looking for anomalies and certain behaviours, which has led to a surge in outsourcing for the two," Warrilow said.

"Spammers use botnets to infect users with spam tools and virus creators use spam to distribute their malware - they often use similar coding so it's obvious they're in each others' pockets," Ducklin said.

Anti-spamming techniques include challenge-response, sender policy framework (SPF) or Microsoft's Sender ID, tagged message delivery agents (TMDAs) and Bayesian filters.

Join the newsletter!

Error: Please check your email address.

More about BillionMicrosoftSophosSpeed

Show Comments