Companies not happy with current anti-spam technologies

This article from ZDNet claims that most companies are simply not satisfied with current anti-spam technologies.

I managed to find a link to the actual report on the ZDNet UK site, so I took a bit of a look.

The report is actually quite interesting, and basically the conclusion is that challenge-response (which I described as “click here if you’re human” filtering) is the “best” form of anti-spam. To me, that should come as no surprise, and what I don’t understand is why more people don’t actually use it. It is kind of annoying for legitimate senders, and it also blocks legitimate bulk senders, but it is very effective and that is reflected in the report.

What does that have to do with “validated email” though? Basically, validated email provides you with a means by which you can skip the challenge-response in more cases. For example, say you have a new business partner, you can tell your challenge-response scanner to skip all messages from that business’s domain (presumably because you already know they’re all human). You might also skip the big domains like hotmail.com, yahoo.com, etc – assuming, of course, you trust them to legitimately only allow humans to sign up in the first place!

As with anything in security, though, anti-spam works best in teams: you have multiple defences that must all be breached in order for a spam to get through. Validating email provides you with another layer of defence – but it also helps to ease the load on your servers because it allows you to skip other defences in many cases.

As another example, you might leave the challenge-response on for yahoo.com and hotmail.com etc, because maybe you don’t fully trust them. But that means that for every email you get from those domains, you have to send another one out. That might be a big load if you’re expecting lots of such messages! Validating email allows you to skip that process entirely if it detects an inbound email that says it’s from hotmail.com but is really from “bigbagspammer.com” – you can just drop that message without even bothering with issuing a challenge-response.

Anyway, I should stop trying to “sell” validating email now :) Suffice to say that most anti-spam technology in use today does not really work. How much is too much spam? I say even one is too much!

4 comments »Send a trackback »

Trackback address for this post

Trackback URL (right click and copy shortcut/link location)

4 comments

Comment from: Richi Jennings [Visitor] Email · http://richi.co.uk/
A very flawed study: challenge/response is a dreadful idea

Justin Mason and I have debunked this study and we question Peter Brockmann's motives.

More at http://www.richijennings.com
30/07/07 @ 05:55
Comment from: Dean Harding [Member] Email · http://codeka.com/blogs
Yeah, I'll admit I was a bit suspicious that if challenge/response was such a panacea why were there not more people using it? My point was not that people should start using challenge/response, though, it was more to just point out that many people are still not happy with their spam filtering... even if one spam gets through, it's still too much.
30/07/07 @ 10:14
Comment from: Richi Jennings [Visitor] Email · http://richi.co.uk/
Wow. One is one too many? That's a challenging bar to hit (without false positives).

State of the art is around 97% effectiveness or better, with vanishingly-small false positives.
30/07/07 @ 23:20
Comment from: Dean Harding [Member] Email · http://codeka.com/blogs
It's definately a difficult bar to hit, but you gotta aim high to hit high, if you know what I mean :)
31/07/07 @ 09:35

Leave a comment


Your email address will not be revealed on this site.

Your URL will be displayed.
(Line breaks become <br />)
(Name, email & website)
(Allow users to contact you through a message form (your email will not be revealed.)