Earthweb
Images Events Jobs Premium Services Media Kit Network Map E-mail Offers Vendor Solutions Webcasts
 SUBJECTS:
 FEATURES:
IT Management Webcasts:
The Role of Security in IT Service Management

Preparing for an IT Audit

More Webcasts


Search EarthWeb Network

internet.commerce
Be a Commerce Partner
Send Text Messages
Memory
Imprinted Gifts
Web Hosting Directory
Shop
Computer Hardware
Laptops
PDA Phones & Cases
Dental Insurance
Corporate Awards
Rackmount LCD Monitor
Online Shopping
Corporate Gifts
Promotional Products

Linked Data Planet Conference & Expo

IT Management : Columns : Executive Tech: Has Julian Haight Gone Straight?

Heroes Happen Here Launch Events
Attend the upcoming launch of three powerful new products, take a test drive, meet the teams, and leave with promotional copies of Windows Server 2008, Microsoft SQL Server 2008, and Microsoft Visual Studio 2008. Register here. »

 
Install What You Need with Windows Server 2008
Windows Server 2008 is Microsoft's most full-featured server operating system yet, so it's ironic that one of its most exciting new features is an install option that cuts out most of the other features. Paul Rubens explores why a Server Core installation makes a great deal of sense in many instances. »

 
Simplify Big Business IT for Small and Midsize Companies
Windows Small Business Server 2008 and Windows Essential Business Server 2008 deliver all-in-one solutions to help fuel growth for customers and partners. »

 
Q&A with Bob Muglia: Senior VP, Server and Tools Division
Bob Muglia, senior vice president, Server and Tools Division, discusses Microsoft's new interoperability principles and the steps the company is taking to increase the openness of its products. »

 
Q&A with Lutz Ziob, GM of Microsoft Learning
Lutz Ziob, the general manager of Microsoft Learning, talks about how IT professionals can become certified heroes within their enterprises by getting trained and certified in Windows Server 2008. »

Related Articles
Think Spam Is Tough? Try Fighting Spim
Nine out of 10 U.S. Emails Now Spam
Whitelists Battle for Market Share
Proposals Offer Small Steps to Stop Spam
Case Study: Taking Spam Off the Radar
Is One-Fourth of Your E-Mail Getting Lost?
- ITSMWatch Newsletter -
Tech Focus: Security

Cybersecurity: Laws Only Go So Far

Mozilla Firefox vs. Internet Explorer: Which is Safer?

Is Your Blog Leaking Trade Secrets?

The Las Vegas Counterfeiting Story: Is Your Privacy Worth More Than a Poker Chip?

Stopping Spammers at The Point of Sale

Product Watch
IOGEAR KVM - Includes Audio/Peripheral Sharing
Coverity Prevent / Coverity Thread Analyzer - Analyze Source Code For Defects, Security Vulnerabilities
USSD Series - SDRAM-Based Solid State Drives to 256 GB
UltraSMS - Send SMS From Your PC
Sentinel Sensors - Wi-Fi Based Temperature Monitoring Especially For Cold Storage

more products >>

Datamation Definitions
data mining
ERP
extranet
grid computing
intranet
network appliance
outsourcing
storage
VPN
virus
FREE Tech Newsletters

Whitepaper: Oracle Application Express Overview 3.0. Consolidate the management and security of data currently scattered throughout the organization in spreadsheets and personal databases.

Has Julian Haight Gone Straight?
June 14, 2004
By Brian Livingston

Brian Livingston One of the most famous, or infamous, groups that try to "block" spam-sending servers is SpamCop.net, directed by Julian Haight. Because SpamCop was purchased last year by IronPort Systems, a maker of e-mail server appliances and antispam solutions, I thought it would be interesting to see whether any of the controversies that swirled around Haight in the past have been worked out.

Haight agreed to an interview at a coffeeshop in Lake Forest Park, Wash., a suburb of Seattle near his home. His comments shed light on the potential of — as well as the problems with — the "blocklist" approach to stopping spam.

The SpamCop Argument In a Nutshell

SpamCop relies on a network of end users and automated programs that send in complaints. These reports indicate that e-mail considered to be spam is coming from certain Internet Protocol addresses. SpamCop computes a score for each complaint and uses the scores to post an "IP address blocklist." This list is checked in real time by some corporate mail administrators to determine whether or not to accept e-mail from certain senders.

Legitimate or Not Legitimate? SpamCop gained notoriety in late 2002 from a well-publicized run-in with Declan McCullagh, a News.com contributor and editor of Politech, a political discussion list. McCullagh reported at the time that SpamCop had erroneously put Politech's e-mail server on the blocklist three times within the space of a few months. McCullagh also accused Haight of deliberately putting competing antispam services on his blocklist.

A Wave of Accusations. These articles led many other Internet users to suggest that certain things about SpamCop smelled bad. In February 2003, an analysis of the alleged failings of SpamCop was posted by Jeremy Howard, founding director of FastMail.fm, a company described by the Sunday Times of London as "one of the slickest, most powerful e-mail systems on the planet." Howard charged that not only did SpamCop's blocking list contain inaccuracies, but that a single complaint could cause a small e-mail service to be labeled a spammer.

Good For Something or Good For Nothing? The rhetoric around the blocklist grew so heated that Ray Everett-Church, a respected antispam authority and board member of CAUCE (Coalition Against Unsolicited Commercial Email) wrote that SpamCop was "a continuing embarrassment to those engaged in responsible anti-spam efforts."

At the time, Haight wrote responses to Politech's and Howard's criticisms. These responses engendered more responses, which finally petered out. No one seemed satisfied.

IronPort Picks Up SpamCop As An Asset

Because the one-year anniversary of IronPort's purchase of SpamCop on June 24, 2003, is coming up, I thought some improvement might now be detectable in the blocklist due to its fortuitous infusion of cash. In my recent interview, Haight confirmed that he now is able to pay three assistants who had tried to manage the flow of spam reports on a mostly unpaid basis in SpamCop's earlier days.

SpamCop is currently getting spam reports from a network of between 30,000 and 40,000 end users of its system, Haight says.

Unfortunately, end users are notoriously poor at restricting their spam complaints to truly unsolicited bulk e-mail (UBE). All too many complaints involve legitimate, requested mailings that the recipient simply didn't like or no longer wishes to receive.

One study of this phenomenon was released in March by AWeber Communications, an e-mail publishing service. It studied 22,000 AOL users who'd subscribed to legitimate e-mail newsletters through AWeber. After 60 days, 2.1% of the subscribers had clicked AOL's "Report Spam" button to unsubscribe. Even subscribers who'd been required to re-confirm their initial signups (using the so-called double opt-in method) clicked the "Report Spam" button in 1.4% of the cases. Regardless of the fact that the newsletters studied were entirely permission-based, approximately 400 spam complaints to AOL were wrongly generated by the recipients in just two months.

Haight has adjusted to this trigger-happiness by gradually giving much less weight to his end-users' complaints. Out of the 1.5 million reports each day that SpamCop currently receives, Haight says, "80 to 90 percent are [now] generated by spam traps."

Spam traps are e-mail addresses that SpamCop has posted on Web pages but have never been used to send ordinary e-mail. When such an address receives e-mail, therefore, it's presumed that the message had to have come from a spammer. (Senders of UBE often use "harvesting" software that robotically captures addresses by scanning Web sites.)

According to SpamCop's current FAQ page, reports from spam-trap addresses are given at least five times the points in the blocklist's scoring process as reports from individuals. It's much easier for him to automate the handling of reports from spam traps, too, Haight says.

How Accurate Should a Blocklist Be?

IronPort uses SpamCop's historical database of the last 30 days of spam complaints, Haight says, mostly to evaluate applicants who pay to be listed in IronPort's own "whitelist." That list, known as Bonded Sender, was recently selected for use by Hotmail.

"As far as the SpamCop blacklist, I'm still pretty much the owner of that," Haight explains. "There's some pressure from IronPort to improve that process, but what we're doing now is the best that we can expect."

News.com's McCullagh didn't respond to a request for comment for this article. But SpamCop critic Howard was happy to speak on the record about the controversial blocklist.

Surprisingly, Howard isn't universally negative about SpamCop. He's actually quite effusive about the list of Web sites advertised in UBE that SpamCop compiles. This list, in turn, is organized into an online database by SURBL.org, a service that's otherwise unconnected with SpamCop. E-mails containing links to sites that have previously been advertised in UBE, Howard says, have a high probability of being spam.

What Howard objects to is the use of SpamCop's blocklist, which he considers inaccurate, as a kind of yes/no Magic 8-Ball. "My criticism of the SpamCop blocklist is using it as a blocking list," he says. "That's a bad idea, because it has a large number of false positives." SpamCop only works well, Howard explains, when it's just one among many factors that computes a probability score for suspicious e-mails. That approach is used by SpamAssassin, a popular open-source spam filter, and others.

Should You Use SpamCop And, If So, How Much?

SpamCop's own FAQ text seems to agree that its blocklist should be taken in limited doses. "The SpamCop Blocking List history should be used as a small item of interest in a larger investigation," it reads. The text goes on to name several other antispam services whose databases can be employed together with SpamCop in various combinations.

Unfortunately, the main how-to page at SpamCop provides mail administrators only with instructions to configure the blocklist as an absolute yes/no system. "Probably 99 percent" of mail admins who use SpamCop, Haight says, configure it in this way — as a pure pass/fail test.

When asked why his site doesn't recommend using SpamAssassin or some other tool that can weigh SpamCop's blocklist as one among many factors in scoring mail as possible spam, Haight replies, "I've never had anyone ask me."

Conclusion

SpamCop's site clearly states that its blocklist "should not be used in a production environment where legitimate email must be delivered." I'm forced to agree with this advice. Because of its many problems, I don't recommend that any company rely upon the SpamCop blocklist.

Better spam-blocking tools are clearly available. An exhaustive review of 27 enterprise-level antispam solutions was published on May 10 by Ron Anderson of Network Computing. Of the top 10 products — evaluated on their accuracy, managability, price and other factors — the Editor's Choice went to Barracuda Networks' Spam Firewall, a network appliance. The testers found that the product had very good spam detection and the lowest overall cost of any contender: only $0.27 per user per year for 10,000 users.

Interestingly, IronPort's own C60 antispam appliance also made it into the top 10. But it was scored only as high as ninth place and had the second-highest cost in the group: $11.14/user/year for 10,000 users.

For the complete results of the tests, see Anderson's review.

Brian Livingston is the editor of WindowsSecrets.com and the co-author of Windows Vista Secrets and 10 other books. Send story ideas to him via his contact page. To subscribe free and receive Executive Tech via e-mail, visit our signup page.

Tools:
Add itmanagement.earthweb.com to your favorites
Add itmanagement.earthweb.com to your browser search box
IE 7 | Firefox 2.0 | Firefox 1.5.x
Receive news via our XML/RSS feed

Executive Tech Archives



JupiterOnlineMedia

internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info


Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Solutions
Whitepapers and eBooks
Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape?
Microsoft Article: 7.0, Microsoft's Lucky Version?
Microsoft Article: Hyper-V--The Killer Feature in Windows Server 2008
Avaya Article: How to Feed Data into the Avaya Event Processor
Microsoft Article: Install What You Need with Windows Server 2008
HP eBook: Putting the Green into IT
Whitepaper: HP Integrated Citrix XenServer for HP ProLiant Servers
Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 1
Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 2--The Future of Concurrency
Avaya Article: Setting Up a SIP A/S Development Environment
IBM Article: How Cool Is Your Data Center?
Microsoft Article: Managing Virtual Machines with Microsoft System Center
HP eBook: Storage Networking , Part 1
Microsoft Article: Solving Data Center Complexity with Microsoft System Center Configuration Manager 2007
MORE WHITEPAPERS, EBOOKS, AND ARTICLES
Webcasts
Intel Video: Are Multi-core Processors Here to Stay?
On-Demand Webcast: Five Virtualization Trends to Watch
HP Video: Page Cost Calculator
Intel Video: APIs for Parallel Programming
HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind
Microsoft Silverlight Video: Creating Fading Controls with Expression Design and Expression Blend 2
MORE WEBCASTS, PODCASTS, AND VIDEOS
Downloads and eKits
Sun Download: Solaris 8 Migration Assistant
Sybase Download: SQL Anywhere Developer Edition
Red Gate Download: SQL Backup Pro and free DBA Best Practices eBook
Red Gate Download: SQL Compare Pro 6
Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS
Tutorials and Demos
How-to-Article: Preparing for Hyper-Threading Technology and Dual Core Technology
eTouch PDF: Conquering the Tyranny of E-Mail and Word Processors
IBM Article: Collaborating in the High-Performance Workplace
HP Demo: StorageWorks EVA4400
Intel Featured Algorhythm: Intel Threading Building Blocks--The Pipeline Class
Microsoft How-to Article: Get Going with Silverlight and Windows Live
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES