Security Spotlight: Blocking or Filtering Spam
Other than a surprisingly popular potted meat product from the Hormel company, spam also refers to unwanted or unsolicited e-mail. Although the origins of this term in the computing world are somewhat mysterious, most authorities agree that the famous Monty Python skit that features ceaseless repetition of the term helped contribute to its use for e-mail as well. All this said, Brightmail (a leading anti-spam technology vendor and sevice provider) has somewhat gloomily predicted that by the end of this year, over half of all e-mail traveling over the Internet will be spam.
Why mention spam in a security newsletter? Besides its unfortunate impact on Internet bandwidth and its tendencies to clog inboxes everywhere, some spam also includes malicious attachments as well. Since the mid-1990s, in fact, e-mail has been the leading source of infection for malicious software of all kinds. By definition, since infections are neither wanted nor welcomed, any infected e-mail message is spam.
A recent spate of products to help filter or block spam have emerged. In this context, the term filter means “to remove potential spam from an inbox” and block means “to prevent potential spam from being forwarded.” Blocking works best at e-mail servers to prevent spam from traveling the Internet; filtering works best at e-mail clients (and servers) to remove spam from requiring a human’s attention as he or she reads e-mail. Because no perfect blocking technology has yet to be devised, some combination of blocking and filtering is usually required to eliminate as much spam as possible.
On the server side, some companies offer e-mail screening services that are often advertised as anti-spam services. Also, other companies offer outright server-side anti-spam software, and still others offer client-side anti-spam software as well. Some combination of items from the first two of these three categories probably touches the majority of e-mail that arrives in users’ inboxes nowadays, and an increasing number of users are employing anti-spam technology at the desktop as well (some of these implementations involve regular updates like those used with anti-virus software, and may be called anti-spam services as well). Table 1 shows a sampling of players in all 3 categories.
Table 1: Anti-spam software and services