Tackling Outbound Spam
Far too many Internet service providers are relying on anti-spam software that was primarily designed to fight inbound, rather than outbound, spam.
Everyone hates spam, but no one is quite sure what to do about it. We can obviously deploy anti-spam software to stem the tide. But invariably, it seems like the spammers find a way around the spam filters we spend so much time and energy managing.
The question that a lot of IT organizations then logically ask is why Internet service providers (ISPs) can't do more to eliminate spam before it gets anywhere near the e-mail systems of their customers.
It's not like ISPs haven't been trying. But a new survey from Osterman Research that was conducted on behalf of Commtouch, a provider of anti-spam software, finds that one of the primary mistakes many ISPs make is that they are applying anti-spam software that was meant to combat inbound spam to fight outbound spam.
Lev argues that ISPs need to invest in anti-spam software that is specifically designed to deal with outbound spam, thereby reducing the ability of spammers to see what filtering techniques are in place to thwart their efforts. In addition, outbound anti-spam software makes it easier to identify which customer accounts are sending spam in the first place, which in turn allows the ISP to shut down those accounts.
According to the survey, of the two out of every five people working at an ISP that identifed spam as a problem, 31 percent are using an inbound spam solution. Another 30 percent said they manually try to address the problem. In addition, 46 percent said they have an open source/custom solution in place, while 49 percent said they have a commercial solution.
Obviously, some ISPs are appying multiple approaches to the problem. But based on the amount of spam on the Internet, it would also appear that three out of five ISP people might be deluding themselves more than a little about the role their organizations play in facilitating spam. As a group, ISPs are not very effective in combating spam. Obviously, incorrectly applying inbound spam tools to fight outbound spam is only a piece of the spam puzzle. ISPs need to put a lot more focus on the problem, and their customers need to hold them accountable for the spam being generated on their networks.
In fact, a separate survey of 266 end users conducted by Osterman Research found that 80 percent said that not sending spam to their networks was an important consideration when selecting an ISP. Unfortunately, no one seems to have a handle on how much spam is being generated on any given ISP network.
A lot of this sounds like common anti-spam sense. But the Osterman Research study shows that many ISPs don't have a dedicated approach to limit outbound spam, which obviously becomes inbound spam that all too often is carrying a malware payload that IT organizations have to deal with. ISPs, for any combination of reasons, don't seem to have a core competency when it comes to eliminating spam.
Of course, many ISPs don't want to know what kind of traffic is moving across their networks as long as they get paid. But now a lot of spammers are becoming adept at using zombies to take over an ISP account to send spam without having to pay for the service. So suddenly, a lot of ISPs are finally getting anti-spam religion.
That may ultimately lead to a sharp reduction in spam as ISPs get better at fighting it. But it's difficult to combat something when you don't understand the nature of the threat in the first place.