Can Spam

Techniques to filter out unwanted e-mail.

or some, spam is like ants at a picnic: uninvited, ubiquitous and annoying. For many others, whose uninvited e-mails flood their computer mailbox, it’s an expensive headache. Try as you might, technology can’t entirely eliminate spam. But stay with us and we’ll share with you the best and easiest ways to filter most of it out of your mail.

How serious is spam? The Postini Resource Center says 10 out of 12 e-mails are spam and The Wall Street Journal estimates it costs business $8.9 billion a year for the software and labor to separate it from regular mail. But the Direct Marketing Association says there’s a positive side to unsolicited e-mail. In a recent 12-month period, 45.8 million Americans (9% of all mail users) made a purchase in response to an e-mail ad, yielding $7.1 billion in sales.

Glossary of Spam Terminology
Black list: A list of domain names or IP addresses that are known to be spam senders.

Challenge/Response: A method used to validate that the sender of an e-mail is a legitimate source. For e-mails with unknown sender addresses, reply messages that contain some type of simple test to validate the sender are generated. Original senders then must respond in a positive manner to the challenge.

False negative: Messages that were delivered to the user, but should have been stopped by the filtering software.

False positive: Messages that are intercepted, but should have been allowed to pass into the mailbox.

HTML filtering: A filtering technique that reviews codes embedded in your e-mail to identify potential spam.

Spambot: Software that scans the Internet for e-mail addresses by looking for the standard @ symbol and format of e-mail addresses.

Spidering: The process of harvesting e-mail addresses from Web sites, chat rooms and other Web-based areas.

White list: A set of domain names or IP addresses that are known to be legitimate and trusted e-mail senders.

Efforts to outlaw spam have failed mostly because it’s hard to define. Microsoft says spam is “unsolicited commercial e-mail sent to advertise a product or a service,” but merchants contend that most advertising—through the mail, magazines, radio or television—is unsolicited. Federal Trade Commissioner Orson Swindle has adapted the oft-used definition of pornography: “It’s anything I don’t like.”

The technical name for spam is unwanted commercial e-mail. Using the name spam for junk e-mail comes from a Monty Python skit in which a song containing the word was repeated many times.

Products That Fight Spam
Brightmail Antispam 6.0 ( ). Price based on the number of licenses; designed for businesses, governments and other organizations. Updates and maintenance are automatic, but do require a link with Brightmail.

Commtouch Anti-Spam Enterprise Solution 4.1 ( ). Price starts at $2,000/year, depending on number of users; designed for businesses of all sizes. The software is connected with a real-time Commtouch database over the Web. Maintenance is minimal because the software is fully automated.

MailWasher Pro ( ). Costs $37, free trial version available; primarily for personal use. It can block unwanted messages before they are downloaded. It separates e-mails into three categories: probably spam, possibly spam and probably legitimate, and can be set to download, delete or report spam. It does not come “pre-trained,” so there is an adjustment period.

McAfee’s SpamKiller ( ). $39.95, for business or personal use. It works by filtering incoming mails using predefined rules and datasets. It runs behind the scenes of any e-mail software using POP3, MSN/Hotmail or MAPI protocols, but does not currently support Yahoo, AOL or any other Web-based e-mail. The software has pre-set filters and custom filters; users can set up “friend’s lists” so e-mails from those they know are not filtered. It can filter e-mails according to sender, subject line, heading, origin and/or body text. It is supported and updated by releases for new known spammers. Upon boot-up, it automatically searches for updates.

Norton AntiSpam 2005 ( ). $39.95, for business or personal use. It must be installed on each PC. It can be easily customized, automatically synchronizes with Outlook, and features live updates. Its custom filters are tricky to use but effective. It does slow down Outlook, however.

OnlyMyEmail Personal ( ). $3/month, 30-day trial, available in both personal and corporate versions. Installation from the Web site takes about a minute and there’s no maintenance. The software redirects e-mail through the OnlyMyEmail’s server, where it is filtered and viruses are blocked.

SpamAssassin ( ). Free. This product works on many different e-mail systems and on both PCs and servers. It requires frequent update installations and must be trained by the user.

Although you can’t totally beat the spammers, here are some defensive steps you can take to reduce the clutter:

Step 1: Never reply to spam. This includes clicking any link from sources you don’t recognize inviting you to unsubscribe.

Step 2: Use “plus-addressing.” You can obtain several addresses, each with a slight change, from any of several free e-mail services, including , and . So in addition to, you can use or When registering online for content or services, use one of the plus-addresses—and keep your regular address private.

Step 3: Use the spam filters provided by your e-mail software—Outlook, Eudora and Thunderbird, as well as antivirus software and firewalls. Or check whether your e-mail Internet service provider (ISP) is using spam-filtering techniques. If not, consider switching.

Step 4: Consider not using the preview pane in your e-mail package. When you open a message in which that feature, showing the first few lines of each e-mail, is activated, it reports back to the spammer that your account is active and valid.

Step 5: Do not include links to your e-mail address on your Web site.

Step 6: Use antivirus protection and firewalls to protect your computer from being used by spammers.

Step 7: When registering for information or content on the Web, uncheck boxes that invite mailings.

Step 8: Don’t forward chain letters, petitions or virus warnings from sources you don’t trust. They’re used by spammers to collect addresses.

The second line of defense is to attack spam at the organizational level by educating employees, establishing an e-mail address on which they can report spam to the IT department and installing software to minimize it. It’s possible to block about 90% of spam at an acceptable level of errors.

One of the headaches caused by spam-fighting programs is false negatives that fail to block spam and false positives, where the software labels a legitimate e-mail as advertising. Manage false positives by using software that blocks suspect messages in a quarantined area while letting users set up lists of trusted sources.

Remember to test your antispam strategy and software prior to full implementation. You can create shadow e-mail accounts and try out your antispam program on them.

Some day spam may be a thing of the past. In the meantime, the only defense is constant vigilance, and the best it can achieve is keeping the annoyance under control.

DOUGLAS HAVELKA is an assistant professor of management information systems at Miami University in Oxford, Ohio. His e-mail address is . CATHERINE S. NEAL is an assistant professor of business ethics and business law at Northern Kentucky University in Highland Heights. Her e-mail address is .

Information Technology Center,

Spam Control (# BYT-XXJA). For more information, go to or call the Institute at 888-777-7077.


Year-end tax planning and what’s new for 2016

Practitioners need to consider several tax planning opportunities to review with their clients before the end of the year. This report offers strategies for individuals and businesses, as well as recent federal tax law changes affecting this year’s tax returns.


News quiz: Retirement planning, tax practice, and fraud risk

Recent reports focused on a survey that gauges the worries about retirement among CPA financial planners’ clients, a suit that affects tax practitioners, and a guide that offers advice on fraud risk. See how much you know with this short quiz.


Bolster your data defenses

As you weather the dog days of summer, it’s a good time to make sure your cybersecurity structure can stand up to the heat of external and internal threats. Here are six steps to help shore up your systems.