• United States
by Cheryl Currid

Spam stoppers

May 12, 20035 mins
Enterprise ApplicationsMalware

* Technologies and governments work to fight spam

Sick of spam? Some organizations say that spam represents between 45% and 75% of all inbound mail. In my case, spam accounts for half of the e-mail messages I receive. And for the last two years, it’s been a growing and nagging part of e-mail.

No matter what the number, spam has reached epidemic proportions. It is a storage drain, saps up bandwidth, and is far more annoying than its paper counterpart. Organizations find it exhausts productivity and sometimes causes people to miss important mail as they deal with spam.

How to get rid of it? There are two choices: make it against the law or use technology to fight it.

If you find yourself saying, “It ought to be against the law!” you would be right.  It is against the law.

 About 29 states have put forth laws against spam, although none yet has slowed down its spread. Nevada was the first state in 1997 to put a law on the books. California and Washington followed in 1998 with rules of their own.  Unfortunately most laws turn out to be unenforceable or punishable by hardly more than a slap on the wrist.

For example, in 1999 the Oklahoma Statutes were amended to make bogus or misleading mail require only a civil penalty of $500. Utah, Minnesota and New Mexico require that certain types of spam include a subject line label such as “ADV:” or “ADV-ADULT” on each message.

Recently, Virginia enacted the nation’s harshest antispam law that gives authorities the power to seize assets earned from sending bulk unsolicited e-mail pitches while imposing up to five years in prison. But finding perpetrators is difficult, and imposing the law will surely be tested.

Within the federal government, congress has unsuccessfully tried three times to create legislation. The Federal Trade Commission sponsors a site ( that advises people on how to handle spam. Users can also forward examples of spam directly to the FTC ( This may make people feel better, but it’s not much more than forwarding to a dead letter box.

And, when it comes to litigation, so far spammers seem to squirm out of most cases by demanding their first amendment rights. So if a spammer breaks the law, and they do it often, filing a lawsuit is unlikely to help.

All right, what about plan B? Let’s figure if we can use technology to fight a technology induced problem.

There’s promise. Spam-fighting software is starting to spring up, and while no one is promising 100% perfection, it works a lot faster than government can put laws on the books.

Spam filtering software can be loaded on the desktop or server. Most organizations will opt for the easier-to-maintain server solutions. The software usually comes with preset lists for messages that can and cannot make it through.

Spam software checks the content of the mail, the header, and lists of domains and sites that can be considered bad. Mail that is determined spam is sent to a special user or mailbox where it can be more thoroughly checked by a human.

Server-based software reminds me of virus protection; it works on the server and blocks the offending products from getting into the system. In the case of spam, it also helps by keeping unnecessary messages from proliferating in end users’ inboxes. 

Most spam software work from lists called whitelists and blacklists. The whitelist (good mail) is set up as e-mail from people already in the address book, e-mail that contains no sexual terminology or e-mail that doesn’t try to sell a credit card, mortgage loan, or insurance.

By contrast, the blacklist (suspected bad e-mail) gets shuffled off to a special place. Some spam filters use a third-party location to find the black list. These sites, such as ORDB and Spamhaus*, keep records of domains that leave servers open so that spammers can use them to relay messages or domains that have sent spam mail.  Since these locations are updated constantly, the spam prevention software works from real-time lists.

Recently, my firm tried out GFI MailEssentials for Exchange, which has many tools for handling an e-mail server, including a spam filter. On the first day, new mail to our e-mail in-boxes was cut in half. (That’s right, half.)

And, for me, it changed my whole outlook on e-mail. For the first time, I could get through the messages. While the software hasn’t prevented all spam, it’s done a great job and keeping it out of sight and out of mind.

So when it comes to finding the antidote for spam, I’ll put my trust into technology.

*Spamhaus Block List (SBL) is a free real-time DNS-based database of IP addresses of verified spammers, spam gangs and spam services. Used by ISPs and corporate networks worldwide, it helps to protect approximately 110 million mailboxes from known spam sources.

Cheryl Currid is president of Currid & Company.  You can write to her at