by CIO Staff

Blended Antispam Blocks Out Rivals

Sep 05, 20063 mins

Antispam providers this week locked horns over which technology is better, blocking or combined filtering.

According to Consumer Reports’ 2006 State of the Net survey, which collected 2,000 respondents with Internet access, U.S. users over the past two years lost 10.5 billion Australian dollars (US$8 billion) as a result of online scams including viruses, spyware and phishing schemes.

Peter Stewart, CEO of antispam vendor TotalBlock, said those affected would save billions if blocking was used instead of other filters.

“If all those users had used antispam software that relies on challenge-response [blocking] techniques rather than the usual filtering technology, billions of dollars would have been saved, because blocking results in zero spam,” Stewart said.

“Challenge-response works by blocking all machine-generated e-mail [by] building a list of acceptable incoming e-mail senders, using an address book as well as automatically replying to senders who are not on the allowed list [with] a simple action that requires human intervention to add the sender to the list.”

However, research firm Hydrasight Managing Director Michael Warrilow said this exclusion reduces blocking’s relevance.

“Blocking is only suited to a trusted environment where there is an existing relationship between sender and receiver, [while] the benefits of e-mail is anyone can e-mail anyone; this is the beauty and the weakness of the system,” Warrilow said.

“We really haven’t seen that much success with that type of blocking approach. The only exception is where the mailing relays and ISPs use it as the back door.”

He said the most popular approach is blended filtering solutions, as they do not restrict legitimate e-mails.

“An heuristic approach using different filters and algorithms is needed to fill the cocktail base. That’s the approach most people have taken because they need to ensure people without a pre-existing relationship can e-mail them.”

Sophos head of technology for Asia Pacific Paul Ducklin agreed, saying a mixed approach is needed, because a complete, single antispam method does not exist.

“You are aiming for accuracy and speed; there is no one technique that works for everything, so a good product must include a number of techniques,” Ducklin said.

“Spam filtering systems must use a variety of different mechanisms for analyzing and categorizing e-mails, [which] may include older filtering techniques, that deploys them in a way that gives accurate results quickly.”

He said challenge-response filters, such as blocking, slow the process down by adding an unnecessary layer.

“Challenge and response filters work similar to graylisting in that they attempt to determine the legitimacy of a source by [issuing a challenge] to incoming mail; however, this has the same shortcomings where it fails to recognize legitimate mail sent through different servers.”

Warrilow and Ducklin said similarities between virus and spam techniques have led to a merging of antivirus and antispam solutions.

“You are seeing people move towards blended antivirus and antispam solutions; there are overlaps in spam and viruses in terms of looking for anomalies and certain behaviors, which has led to a surge in outsourcing for the two,” Warrilow said.

“Spammers use botnets to infect users with spam tools, and virus creators use spam to distribute their malware. They often use similar coding, so it’s obvious they’re in each other’s pockets,” Ducklin said.

Spamming techniques include challenge-response, sender policy framework or Microsoft’s Sender ID, tagged message delivery agents and Bayesian filters.

-Darren Pauli, Computerworld Australia

Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.