Because so much of today’s e-mail stream is spam, every message that’s received has to be filtered before it can reach your inbox. Today the best filtering systems perform a variety of tests, including content analysis and attribution—that is, they try to figure out who the real sender of the e-mail message is, as well as what product or website is being promoted, and then check the blacklists to see if the senders are known spammers. Attribution is also important in fighting other forms of Internet crime. A significant amount of spam that reaches its intended destination contains phishing attacks. These attacks exploit a variety of security problems made possible by the Human/Computer Interface (HCI). As readers of this column know, HCI security is an important research area for both academia and industry.

Closing the cycle, those involved in this underground economy also need to recruit new computers to their botnets. Some spammers do this directly, while others rely on so-called bot-herder specialists. Typical herding techniques include sending out specially written infection programs by e-mail and spamming with the URLs of websites that are designed to exploit browser bugs. These techniques work because some people are still dumb enough to click on programs they receive, while other people are browsing the Internet with unpatched copies of Internet Explorer and Firefox.

Spammers have the upper hand in this cycle. Because herders have been so successful at recruiting bots, spammers have both more computational power and more Internet bandwidth available at their disposal than even the largest antispam providers. Spammers get instant feedback when their spam gets through because people click on the links. Because they are part of the underground economy, spammers generally don’t pay taxes on ill-gotten gains. Spammers can afford to experiment, because when their experiments fail, the worst that happens is that some of their spam doesn’t get sent. One result of this cycle is that spammers will continue to develop more effective spamming techniques as time passes because they are financially rewarded for doing so—there is positive market feedback.

As a result of this positive feedback, spammers are becoming increasingly sophisticated. “It’s become clear to anyone working in antispam that there have been a lot of developments,” says Matt Sergeant, MessageLabs’ senior antispam technologist. “Our speculation is that most of this is coming out of the ex-Soviet Russia and the Eastern Block. They really have teams of programmers on hand now. I am sure that somewhere there is a bunch of programmers, quality assurance teams [and other employees], all set up for creating this stuff. That presents a real challenge. They are thinking about this stuff on a technical level—exactly how they can get through our filters, what they can do to stay out of our blacklists.”