Stopping Spammers and Scammers By Patrolling Their Shopfront

By | February 24, 2004

America’s new anti-spam CAN-SPAM Act is a great way to stop spam, so long as the spammer is legit. The problem is, most spammers aren’t.

Mass.-based software company Ipswitch Inc. estimate that more than two-thirds of all spam is deceptive, meaning that spammers disguise the links to their website “behind unrelated graphics and pictures, or by camouflaging their site as a commonly used consumer e-tail site”. Some of this, of course, is real business (however sleazy) but a lot of it is scamming. From Ipswitch’s press release it’s not quite clear whether their software is aiming at the former, the latter or both.

“Over two-thirds of all spam messages include deceptive content intended to trick the recipient into believing the sender represents a legitimate business,” said John Korsak, messaging product marketing manager at Ipswitch. “Because of their legitimate look and feel, recipients do not associate these types of messages as spam when they appear in their email in-box. To protect people from unknowingly sharing private financial details, it is critical email providers employ a URL Domain Blacklist to verify the sender’s true identity.” That kind of sounds like most spam is scam, which can’t be right. It’s bad, but it is not yet that bad.

Anyway, the URL Domain Blacklist is one filter in 20 in Ipswitch’s IMail Server — the others are Bayesian Statistical filtering, Reverse DNS Lookups, SMTP filters, and whathaveyou — which “unmasks illegitimate spam messages by looking at the actual underlying link and comparing it to a growing list of more than 18,000 repeat spammers”.

It’s not a bad idea. Links are the one things all spams and scams have in common, and they’re relatively easy to identify, unlike text (which can be disguised by clever use of HTML, the language used to create webpages, or by images). But there are still problems, and the press release (and website) are maddeningly imprecise about what, exactly, is being targetted here: Spam or scam?

If it’s the latter, I don’t think URL blacklists are going to be much help. From what we know of phishing scams, the main email-based scam, the website addresses that scammers want us to go to don’t last very long — sometimes only a few hours — meaning that you need to have a very long and rapidly updating list of known scammers. And while Ipswitch is probably right in arguing that they don’t get many false positives — good email mistaken for spam — I don’t think that’s the problem here. The problem is you’re chasing the one element in your average scam email that’s changing most: The scammer’s Internet shopfront. That can be set up and pulled down in a matter of minutes.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.