Skirmishing With Spam

When I cranked up my spam filter settings to "aggressive" not long ago, I saw a gratifying drop in the number of junk e-mails sneaking through Computerworld's filtering service. But I quickly discovered the downside of my e-mail tinkering: one irritated husband and one bewildered daughter, both of whom had sent e-mails that were caught as "false positives" and plopped into the spam bucket by mistake.

"You blocked me, Mom?" said the daughter. "Expletive deleted," said the husband.

So I wasn't surprised last week to see false positives referred to as "the biggest challenge in the spam wars," in our cover story on "Spam Battle Plans" . False positives can lead to lost business, angry customers and mutual frustrations galore. Spam just keeps getting better at getting worse, doesn't it? With an estimated 50% of all incoming business e-mail now likely to be spam, legitimate messages are swimming upstream like exhausted salmon in the wrong river.

"When you're receiving 60% less e-mail due to spam blocking, you wonder what you're missing," says Rob Buchwald, security manager at Ohio-based Moen Inc. . Moen, which sells residential and commercial plumbing supplies, grew weary of the system-tinkering required every hour to keep e-mail lists and rules updated to block spam. The company turned the whole mess over to a service provider -- and now only one message in 5,000 is blocked as a false positive.

Legitimate e-mail getting sidelined because of spam is a particular pain for certain industries, such as health care and financial services. One medical center we wrote about takes such a hard-line stance on spam that even personal e-mails are considered junk. ("You blocked me, Mom?" "No, honey, my IT department did.") Of course, financial necessity plays a big role in all industries, since piling on e-mail servers and storage to cope with spam is an unwelcome strain on budgets these days.

So are there any happy endings to spam stories?

Perhaps. Our article on spam drew the attention of one CIO who believes he's found a way to defeat it. Larry Fresinski of Cornell's S.C. Johnson Graduate School of Management e-mailed me about his discovery, and thankfully his message made it through my filter gantlet. He's testing an open-source spam filter called SpamBayes that seems to work well with Microsoft's Outlook 2003.

"I've turned the Outlook filtering off and rely on this now," says Fresinski, who is part of Microsoft's beta-testing group for Outlook 2003. The code for the SpamBayes Outlook plug-in (http://starship.python.net/crew/mhammond/spambayes/) can be installed quickly, and it's regularly updated, he says. It also works with Outlook 2000 and Outlook XP (but not with Outlook Express).

"SpamBayes is a little-known effort that's making tremendous progress. It's a very effective tool -- 99% of my spam is being captured," Fresinski says. "The beauty of it is that it continually learns what is spam to you and not to some external database." That speaks to one of the big issues in the spam battles -- and the reason it can't be blocked or attacked as comprehensively as viruses can. "Spam is not generic," Fresinski notes. "Plenty of it is similar, but a large amount of it is specific to each person and what they consider to be spam."

As the spam wars keep escalating, it's nice to hear from one of the victors. If your defenses are holding up, let us know so we can share your battle plans with your colleagues.

Maryfran Johnson is editor in chief of Computerworld. You can contact her at maryfran_johnson@computerworld.com.

Copyright © 2003 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon