Securosis Article: spam Levels and Anti-spam SaaS

[turetzsr]

...S pam Levels and Anti-spam SaaS excepts:

I was reading the Network World coverage last night of the McAfee spam Report stating spam rates were down 20%. While McAfee's numbers are probably accurate, my initial reaction was "Bull$#(&", because I personally am not seeing a drop in spam.

<snip>

Anyway, I think that Postini is just falling behind the curve.

<snip>

It's time to make a change. The beauty of spam filtering as SaaS is that we can change without pain. I am on the lookout for a 10 seat SaaS anti-spam plan. Got recommendations? I would love to hear them.

<snip>

[Miss Betsy]

My take on the levels of spam mostly come from hotmail since that is the one address that was known to spammers plus one that is still scraped by spiders that is forwarded to hotmail, but that latter one has instituted good spam filters and only the ones that slip by hotmail slip by them. All of them are 419 scams or phishes with a scattering of Rolex watches.

I asked once why the 419 and other scams evade the filters. Someone told me because they take the time to send one email at time. Also, particularly with the Rolex watches, they really concentrate on evading the filters, I think.

To eliminate the serious scammers, who can win big money with few takers, is practically impossible without putting a big burden on legitimate emailers. For instance, hotmail asks for confirmation of your account if you send more than a certain number of emails. A 419 scammer can confirm the challenge as well as people with lots of correspondents.

The solution, as always, is that the 'sending' end has to do something. Until 'senders' are blocked from communicating with email services that block at the server level so correspondents know to complain to their provider that their email is not being delivered, there is little that will be accomplished for 'spam control'

The problem, of course, are people who have large email contact lists that are legitimate. However, there are ways that email services could accommodate them without allowing spammers. It might cost some people more money, but email services could provide free service as long as there were certain restrictions, for instance, a free newsletter program that provides confirmed subscription which would require a little more in documentation than free services do now. It would be a one time hassle rather than always wondering whether your email is being delivered.

More documentation would mean that scammers would have to identify themselves to use the service. There might even be a surcharge. It won't stop the ones who will gain a great deal if they make a hit (419 scams still occasionally come via snail mail or fax), but it would make easier to catch them when they do. And consumers of email services have to be aware of their risks of responding to unsolicited email as well as not using disposable addresses for places like Facebook.

As long as there are gullible people, there will be spam of the criminal type or the almost criminal. The trick is to make it cost them more so that there is less and more directed - I have never received a 419 scam as an individual, but I have seen them numerous times at business addresses.

Rejecting at the server is the only way to go. If reports are not sent the way spamcop does, then customer complaints would bring it to the IP owner's attention. If nothing is done, the IP address remains blocked. OTOH, often responsible server admins have the problem fixed within minutes of the first indication something is wrong. It would not be as great an interruption of service as the present system.

Miss Betsy