• United States

Whitelisting could be spam remedy

Dec 09, 20024 mins
Enterprise ApplicationsMalwareMessaging Apps

The only antispam approach that can provide spam-free inboxes is whitelisting, a technique that some vendors have begun to explore in earnest.

Spam is nearing a crisis point for e-mail users and administrators. But we don’t have to accept it as an inevitable force of nature. The first step in the fight against spam is to dispel the notion that users are powerless against the onslaught. There is an expanding array of antispam tools we can deploy throughout our messaging infrastructures.

However, many antispam tools suffer from a serious deficiency: reliance on content filtering to detect spam messages. The fundamental problem with content filtering is that it’s a reactive approach for dealing with a dynamic threat. Traditional antispam filters compare inbound e-mails with spam content patterns or indicators that were derived from past spam attacks. Consequently, even the best antispam filters can catch only the most obvious and unoriginal spam but often miss creative new spams that don’t fit any pre-existing pattern.

What users want are continuously spam-free in-boxes, but content filtering can’t guarantee that. The only antispam approach that can do the job for sure is whitelisting, a technique that some vendors have begun to explore in earnest. Whitelisting doesn’t depend on us knowing or caring who the spammers are or how they’ve constructed messages. Whitelisting starts from a simple premise: that the only messages that should be delivered directly to a recipient’s in-box are from senders the recipient already trusts. Typically, a whitelist would consist of every e-mail address in a user’s address book, contact list and corporate directory. Most users also would want to include the sender addresses of every e-mail they’ve moved to a folder and thereby accepted.

Essentially, whitelisting is the approach on which instant-messaging services provide a largely spam-free experience – although instant-messaging services refer to it as buddy lists or contact lists. As e-mail, instant messaging and other collaboration services evolve over the next several years, it wouldn’t be surprising to see them converge on a common whitelisting approach to deal with a common foe: spammers who are determined to flood their messages through any available medium.

Of course, Internet e-mail is more than a service for message exchange among acquaintances. It’s also a medium for people we’ve never met to contact us. Depending on the sender, message and circumstances, we might welcome messages from out of the blue. What happens to messages from senders who aren’t on our whitelists? This is just as important a concern as ensuring a spam-free in-box. Whitelisting can work only if recipients have at least one mail dropbox, separate from their in-box, where their other incoming mail can go.

Most antispam products already provide dropboxes in the form of quarantine folders. Rather than deposit each user’s mail into a single in-box, antispam tools generally forward suspected spam to separate quarantine folders. These folders might be available to mail recipients in their e-mail client or might be available only to mail administrators and be stored in a database separate from the corporate mail store.

Clearly, quarantine folders place a mail-management burden on recipients. With whitelisting, many critical business messages could languish in quarantine limbo unless users make a point of checking those other folders as often as they visit their in-boxes. Fortunately, many antispam tools filter, rank and categorize suspect mail by spamminess, according to various criteria. To ease the inevitable burden on recipients, antispam vendors will need to continue improving how quarantine folders sort suspect mail for manual inspection. And to address the complex, dynamic nature of spam threats, filtering tools will need to base their suspect-mail rankings on a weighted synthesis of criteria obtained in real time from various sources, including antispam probe networks, blacklists and peer-to-peer communities.

Whitelisting – coupled with intelligent ranking of suspect mail in quarantine folders – is the most appropriate and effective method for dealing with mail-content threats such as spam. In the coming years, this approach will become commonplace in commercial antispam products and services.