From eWeek re: spam:
E-mail didn't need a year like this. Even without growing spam and virus problems, it was threatening to buckle under its own weight. E-mail users, particularly within businesses, have developed a fixation with the medium. For many, e-mail has all but replaced the telephone. With more mail, it becomes far easier to miss important messages and details. According to a recent study by Ferris Research, a San Francisco firm that follows the messaging market, users waste an hour each week managing their e-mail. And only 9 minutes of that hour are related to spam and viruses.


By the end of 2003, people were beginning to wonder whether e-mail was worth the hassle. In a recent report from the Pew Internet and American Life Project, 60 percent of those surveyed said that spam has reduced their e-mail use "in a significant way."

Everyday consumers are not the only ones changing their habits. Even businesses as large as General Motors—which employs 340,000 people worldwide—are slowly moving away from e-mail. "We've seen a trend back toward voice mail," says Tony Scott, GM's CTO for information systems and services. "[People] know that urgent e-mail messages can get lost in all the spam."

The kicker comes from a recent study run by InsightExpress, an online market research firm based in Stamford, Connecticut. 42 percent of the 500 American small businesses it surveyed said they would actually consider abandoning e-mail for business correspondence if the spam situation worsens.

In early December, Congress passed the first federal law designed to regulate junk e-mail, the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, better known as CAN-SPAM. CAN-SPAM is certainly an improvement over the hodgepodge of state laws already in place. And it may curb spam sent by companies and individuals here in the States. But in all likelihood it won't put a dent in the spam you actually receive—let alone the plethora of other useless messages flooding your in-box. According to Postini's latest statistics, half the spam sent to American in-boxes originates with foreign servers. CAN-SPAM will have little effect (if any) on spam sent from overseas.


"You can get a conviction in absentia, but that really doesn't help," says Andrew Serwin, an attorney at the national law firm of Foley & Lardner who recently spoke before the House committee that proposed the new law. CAN-SPAM will probably just result in a larger percentage of spam from foreign countries.

Legislation won't solve our problems. If e-mail is to survive, we have to make significant changes to e-mail technology. We need better clients, better antivirus solutions. New apps like Stata Labs' Bloomba and Microsoft Outlook 2003 are steps in the right direction, but they provide little more than marginal improvement. And antivirus developers have become remarkably efficient, though SoBig showed that their software is still very susceptible to mass-mailing techniques. More than anything else, we need a far more effective way of stopping spam.

Not that today's antispam tools are useless. Many can stop a good portion of the junk mail streaming into your in-box, typically using some sort of intelligent filtering. But they can't stop it all. Spammers change their tactics just as quickly as the antispam vendors improve their filters. And there's always the danger that their filters will block important, legitimate messages. Spam looks too much like regular mail to be stopped by filters alone.
Unfortunately, the best defense may be to overhaul e-mail itself. The standards underpinning our e-mail infrastructure are ripe for exploitation (see the sidebar "The Problem with Protocols"). Anyone can mail anyone else with relative ease. Anyone can ask a distant open relay to send massive amounts of mail, hiding where the mail truly originated. And anyone can forge almost every part of a message header. Spammers are notorious for spoofing the information inside an e-mail. It's not just a way of getting around antispam filters. If they can convince you a message originates from a Web site where you have an account—PayPal or eBay, for example—they can dupe you into opening the message. Worse, some of these messages have been so convincing that they've tricked people into giving up their credit card numbers and personal info, a scam popularly known as phishing.


Some e-mail experts advocate a new system where no one can send a message without paying a small fee. Junk paper mail isn't such a large problem, they argue, because it costs so much more to reach each recipient. What if everyone had to pay a penny for each e-mail sent, asks Jeffrey Stanton, a professor at Syracuse University's School of Information Studies? "You and I would still exchange messages, but spammers would stop and think about all the millions and millions of pennies they'd have to spend."

Such a system might work: So few people respond to junk e-mail, it's not effective unless it's sent in enormous quantities. But a system of tracking all e-mail and collecting money might be impractical and would be difficult to put in place.

A second, similar option would require payment in CPU cycles. "Let's say you have to compute a very complex algorithm in order to send an e-mail, chewing up a good number of CPU cycles to do so," says Eric Allman, the author of Sendmail, the Internet's first mail server. "If you were sending a hundred messages a day, you wouldn't notice it. But if you were a spammer sending a million messages an hour, you would."

Most likely, the industry will favor a system built around e-mail authentication. This would ensure that every e-mail really comes from where it claims to come from. A variety of authentication schemes have already been proposed, including a new standard known as SMTPi, SMTP over SSL, Reverse MX authentication, and Yahoo!'s software solution called Domain Keys.

Meanwhile, several organizations have introduced other schemes for measuring sender reputation. IronPort's BondSender program, for example, requires senders to put up bonds ensuring they won't send spam. In return, ISPs and others won't block their messages.

The problem is getting the entire e-mail world to agree on a single system and implement it. And in the context of adopting new standards, the computer industry rarely moves quickly. A new e-mail system is years away, not months.
In the meantime, there's a very real danger that the importance of e-mail will fade. People not only have phones and voice mail to fall back on, they also have instant messaging, which in some ways is a more efficient form of e-mail (as discussed in "IM Everywhere," November 11, 2003). According to research firm IDC, more than 170 million people now have IM accounts, and the medium is becoming increasingly popular with business users, who now account for nearly a third of all IM traffic.


It's not inconceivable that people will turn away from their overloaded mail in-boxes. "When spam became such a huge problem in the Usenet newsgroups, people left them and moved to more restrictive interest groups," says Postini founder Scott Petry. "I don't want it to, but e-mail could go the same way."

On the other hand, e-mail is far more important to our everyday lives than Usenet ever was. It may be the most widely used computer application on the planet, and it's now an integral part of all but a small minority of businesses. According to a recent study commissioned by Evergreen Assurance, a Maryland company that helps businesses keep their e-mail systems and other apps up and running, nearly 90 percent of companies conduct business transactions via e-mail, and nearly 70 percent say e-mail is tied to their means of generating revenue.

2003 was a rough year for e-mail, and without the right apps this year could be worse. In the following pages we review more than 40 e-mail products, from clients that help you keep your in-box clutter-free and organized to Web-based services that let you access e-mail from anywhere, spam blockers that help you stop the junk before it reaches your in-box, and mail servers that try to make the whole process more manageable—all the tools you'll need to tackle modern e-mail problems.

Yes, many of the leading e-mail clients and services, including Yahoo! Mail, Hotmail, and Microsoft Outlook 2003, offer built-in antispam tools. And yes, some (notably Hotmail and Oddpost) have native abilities as good as if not better than some add-on applications. But what if you're using a client that lacks effective antispam filters? With spam likely to make up more than 70 percent of e-mail traffic next year, you'll need a tool dedicated to solving this problem.

We review 11 antispam utilities in this roundup. Eight of them rely heavily on complex techniques to separate spam from legitimate mail. Typically, unsolicited bulk e-mail looks very different than everyday correspondence, and such tools seek to exploit those differences. We tested these applications using a PC Magazine e-mail account that receives regular correspondence from our readers—along with plenty of spam. By redistributing the account's mail into eight identical user accounts, we were able to test each app with exactly the same messages.


Some of the apps let you train their filters. We spent a few days on such training, identifying what was and what wasn't spam as several hundred messages streamed in. This done, we waited until nearly 500 new messages had arrived. Each program had a crack at the same messages, which let us test how well they distinguished between valid mail and what we consider spam. Note however, that we tested their ability to identify spam without the aid of whitelists, blacklists, or challenge/ response techniques. (For more on our testing techniques, go to www.pcmag.com/spam.)

The test results are shown in our our table. Spam allowed indicates the percentage of junk mail that slipped by a program's filters to land in our in-box. Legitimate mail blocked indicates the percentage of false positives—real mail mistakenly treated as spam—an even worse problem than spam in the in-box.

The three other tools we review use whitelist schemes. These tools compile lists of people you want mail from, and this list is the primary means of filtering your incoming mail. If someone on your list sends you a message, it goes into your in-box. If a sender isn't on the list, the message is challenged or blocked.

Whitelist products don't need the sort of filter testing described above. You already know what they will and won't block. The differences lie in how skillfully an app builds its list of approved senders and how easily you can check for important mail arriving from unexpected sources

Sunbelt Software, maker of iHateSpam, still hasn't solved the app's false-positive problem. When we reviewed iHateSpam last spring ("More Ways to Slam the Spam," May 27), it had one of the worst false-positive rates. This time the program didn't fare any better: Nearly 20 percent of our legitimate mail was classified as spam.

To be fair, the app also blocked an impressive amount of spam. Of the more than 400 spam messages we fed it, 91 percent were correctly identified. You can easily set up traditional whitelists and blacklists, customize filters to block messages containing certain words or phrases, and even make filters to allow messages containing certain words or phrases.

Sunbelt offers two separate versions of the app: one for Outlook Express, and one for Outlook, which can handle IMAP and Exchange accounts. Each version is fairly easy to use. Another notable feature is iHateSpam's Hotmail integration, which is among the best we've seen in that you can use the program from within Hotmail's Web interface. All of the other products in this roundup except SpamKiller only do this in Outlook or Outlook Express. We particularly like that, upon installation, a wizard lets you preset the aggressiveness of the filters. Five different settings are available; we tested using the default middle setting. Judging from the app's high false-positive rate, you'll probably want to start at one of the two lower settings

If you follow the war on spam, chances are you've heard about MailFrontier Matador and its challenge messages. You can configure the app to send mail automatically to unknown senders, asking them to identify the number of kittens in a digital photograph. If they reply correctly—automated mailing programs theoretically can't—they're whitelisted.

Challenge messages are only a small part of Matador, however, and if you're worried about annoying friends or colleagues—or losing legitimate business mail you've opted to receive—you can turn them off. Matador blocks spam via message analysis as well.

Much like Cloudmark's SpamNet, Matador adjusts its filters using data collected from its user community. The app adds two buttons to each user's e-mail client, so they can identify what they consider spam. But if you'd rather not depend too heavily on the opinions of others, you don't have to: You can scale back the collaborative filter and carefully customize your own set of message filters. Six controls help you govern what gets through.

Firetrust's MailWasher Pro suffers from the same problem as ChoiceMail, DigiPortal's popular whitelisting product: It doesn't integrate with your mail client. Instead, it resides in a completely separate window that is, in effect, a second in-box. More important, the product performed poorly on our tests: It caught less spam than any other utility in our review, and its false-positive rate was a regrettable 16 percent.

With apps like Norton AntiSpam and Qurb, which so tightly integrate with Outlook, your quarantined mail is sitting right there in your e-mail client. Taking a peek is easy. With MailWasher, you can't check your quarantined messages—or deal with them—without toggling to another window. The app's lone advantage is that it works with almost any POP3, IMAP, AOL, or Hotmail account. It does not, however, handle Exchange accounts.

We also wish that the software was a bit easier to install; you must manually input your e-mail server and user name during setup. That said, MailWasher does have strengths: You can create your own message filters. You can blacklist and whitelist entire domains. And if you feel like blowing off a little steam (though it won't actually help), you can bounce messages back to whence they came.

If you're already a McAfee customer, using such apps as McAfee VirusScan or Personal Firewall+, McAfee SpamKiller is worth looking into. Like other McAfee apps, it fits neatly into SecurityCenter, the company's unified user interface. But in the end, we can't recommend using it. To begin with, SpamKiller does not integrate with your e-mail client as tightly as it should: You have to open a separate window to check your quarantine folder. It's also painfully slow. Once you get to the quarantine folder, the program takes another few seconds to open a message. Third and most important, SpamKiller was one of the poorest performers during testing at pc Magazine Labs. It blocked only 64 percent of spam, and it quarantined half of our legitimate messages. The app is sure to improve with customization, but a 50 percent false-positive rate—even on a first run—is unacceptable.

On the upside, SpamKiller supports Hotmail and Exchange accounts, not just POP3. And it offers an unusually wide range of tools for customizing its antispam engine. You can easily add addresses to your whitelists and blacklists, view and edit individual filters, and even use different settings with different e-mail addresses on the same machine

Three cheers for the new kid on the block, Symantec's Norton AntiSpam 2004, which is also available as part of Norton Internet Security 2004. Symantec's first standalone venture into the antispam market caught a greater percentage of junk mail than any other standalone utility we tested. It gives you a fair number of tools for customizing its filters, and much like the other Norton security products, it's wonderfully easy to set up and use. The worst you can say about this product is that it works only with POP3 clients; IMAP, Exchange, and Hotmail users are out of luck.

You can easily build whitelists and blacklists. You can create your own filters, telling the app to block messages containing certain words or phases. And, using a pair of buttons added to your e-mail client, you can train its Bayesian engine to recognize what you consider spam. Once up and running at pc Magazine Labs, Norton AntiSpam 2004 blocked 93 percent of the spam streaming into our in-box, and it incorrectly identified only 3 percent of the legitimate mail we received.

You can adjust the overall aggressiveness of the app's engine, but you have only three levels to choose from: low, medium, and high. During testing, we used the default medium level. As a bonus, Symantec includes a tool for blocking Web pop-ups

The last time we reviewed Mailshell's SpamCatcher ("More Ways to Slam the Spam," May 27), we praised its ability to avoid false positives but criticized its spam-catching abilities. Since then SpamCatcher has achieved a much more appropriate balance. It caught 91 percent of our spam, and its false-positive rate rose no higher than 3.2 percent.

SpamCatcher comes in two flavors: one for use with Outlook, and one universal version for use with other POP3 clients. The Outlook version is the more impressive of the two. It integrates tightly with the client, with buttons for quickly adding senders to whitelists or blacklists and a long pull-down menu for quick access to other tools. One complaint: The app can significantly impair Outlook's speed. Using the program with a mailbox filled with thousands of messages, we had difficulty just scrolling through our folders, even when the program wasn't analyzing incoming messages.

SpamCatcher's antispam engine operates much like that of MailFrontier Matador. Its filters rely partly on the opinions of its users. You can contribute to the community consensus via commands accessible from the software's pull-down menu. Unlike many products, SpamCatcher also lets you easily whitelist or blacklist entire domains, and it conveniently lets you choose which Outlook folder you wish to use for quarantined mail


Cloudmark's SpamNet is famous for blocking spam using the opinions of its user community. As SpamNet filters mail, users identify mistakes, pointing out spam that was allowed through or blocked legitimate mail, and the filters are updated accordingly. But you needn't defer to your peers entirely. You can also set up your own whitelist.

Cloudmark offers two versions of SpamNet: one for Outlook and one for Outlook Express. The OE version is still in beta, and when it's finished, the two versions will be rolled out together. Unfortunately, SpamNet doesn't support other clients, but it does handle Exchange as well as POP3 connections. Both versions are exceedingly simple. Each adds no more than three new buttons and a quarantine folder to your mail client. Block and Unblock buttons let you contribute to the community consensus, while a third button opens a short list of tools, letting you configure a whitelist, check your spam statistics, and more. But you can't automatically import your address book into your whitelist.

In our testing, SpamNet correctly blocked 91 percent of incoming spam, and it mistakenly filtered only one legitimate message. And once your whitelist is in place, performance may improve.


DigiPortal's ChoiceMail was the first app to filter spam solely through whitelisting, and pundits hailed it as the ultimate antispam tool. ChoiceMail 2.0 can be effective, but it relies too heavily on challenge messages, which may annoy friends and colleagues and can be ineffective for dealing with legitimate commercial e-mail. In fact, DigiPortal is beginning to add filters to block spam via message analysis.

On installation, the app builds a whitelist of approved senders from your address book. You can then edit the list or create a blacklist. Messages from approved senders automatically go to your in-box; blacklisted senders' mail goes into ChoiceMail's trash folder. Mail from unknown senders is quarantined and the senders get challenge messages.

Unfortunately, ChoiceMail doesn't integrate with your e-mail client. This means that checking your quarantine folder requires toggling between two windows. In addition, ChoiceMail's initial whitelist isn't as comprehensive as Qurb's, which can draw addresses from any message you've sent or saved.

On the positive side, DigiPortal now offers a separate, downloadable tool that attempts to mimic the way Qurb builds its initial whitelist. And unlike Qurb, which only works with Outlook and Outlook Express, ChoiceMail works with any POP3 e-mail client as well as several Web-based services.

Don't think a whitelist product can crack your spam problem? A few minutes with Qurb 2.0 will put your doubts to rest. Qurb uses nothing but a whitelist to filter incoming messages, but it sidesteps the inconvenience typically associated with whitelisting. It's so adept at building the list that few legitimate messages wind up in quarantine, and unlike ChoiceMail, it integrates with your Outlook or Outlook Express client, so checking your quarantine folder isn't a hassle. The only drawback: It doesn't work with other mail clients.

On installation, Qurb adds three buttons and a quarantine folder to your client. Then it builds a whitelist from Outlook's contact database and calendar, as well as from any messages you've sent, received, opened, or saved. Even if you rarely update your contacts, this list is remarkably accurate.

Of course, you have to check your quarantine folder regularly, but Qurb makes it easy. Simply move to the folder with one click and move back to your in-box with another. If any important mail is quarantined—or if any spam winds up in your in-box—you can instantly edit your whitelist using Qurb's Approve and Block buttons on the mail client's toolbar. You can also instruct the software to send challenge messages, asking it to add respondents to your whitelist automatically, but this feature is turned off by default.

Vanquish Pro 1.135 adds a new twist to the whitelisting paradigm. While it offers reasonable whitelisting capabilities (though not as good as Qurb's), it doesn't require senders to be on your list to mail you, nor do they have to answer challenges. Instead, they can reach you by putting up a bond with Vanquish's developers, a small guarantee that they won't spam you.

If bonded senders spam you, you can penalize them by deducting money from their bonds. Only five cents is deducted per message (which goes not to you but to your ISP, providing insurance against reporting legitimate mail as spam to collect the bond), but for high-volume spammers this could add up quickly. Vanquish is so new, however, that only a handful of users are bonded (Vanquish puts up a bond for all new users), and it's unknown whether nonusers will freely post their own bonds.

Most whitelists can accidentally block responses when, for example, a message sent to a help desk gets a response from an individual who isn't on the sender's whitelist. Vanquish's SmartSubject can watch for mail with subjects matching recently sent items and let them through. Whitelists also tend to block confirmation e-mails from shopping sites. Vanquish's SurfWatch logs visits to such sites and temporarily allows their e-mails through.

On the other hand, the app doesn't have a true quarantine folder: You can view a list of messages from unknown senders who have yet to respond to challenges, but you can't open the messages on the list. You can see only sender addresses and subject lines. And the list is inconveniently located. But Vanquish is easy to set up and reasonably adept at building accurate whitelists. Ultimately, Vanquish's usefulness depends on broad adoption.

Comments

Popular Posts