Spamming is the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages, and the most widely recognized form of spam is e-mail spam, also known as junk e-mail, junk messages, etc. Spamming is economically viable because advertisers have no operating costs beyond the management of their mailing lists, and it is difficult to hold senders accountable for their mass mailings. Because the barrier to entry is so low, spammers are numerous, and the volume of unsolicited mail has become very high. The costs, such as lost productivity and fraud, are borne by the public and by Internet service providers, which have been forced to add extra capacity to cope with the deluge. Persons who create electronic spam are called spammers.
In particular, e-mail spam—also known as unsolicited bulk e-mail (UBE) or unsolicited commercial e-mail (UCE)—is the practice of sending unwanted e-mail messages, frequently with commercial content, in large quantities to an indiscriminate set of recipients. Spam in e-mail started to become a problem when the Internet was opened up to the general public in the mid-1990s. It grew exponentially over the following years, and today comprises some 80 to 85% of all the e-mail in the world. Pressure to make e-mail spam illegal has been successful in some jurisdictions, but less so in others. Spammers take advantage of this fact, and frequently outsource parts of their operations to countries where spamming will not get them into legal trouble.
Increasingly, e-mail spam today is sent via “zombie networks,” networks of virus- or worm-infected personal computers in homes and offices around the globe; many modern worms install a backdoor which allows the spammer access to the computer to use it for malicious purposes. This technique complicates attempts to control the spread of spam, as in many cases the spam does not originate from the spammer. E-mail is an extremely cheap mass medium, and professional spammers have automated their processes to the extent that millions of messages can be sent daily with little or no labor costs. Thus, spamming can be very profitable even at what would otherwise be considered extremely low response rates.
Currently, anti-spam products are mostly based on blacklist technology. An ISP or domain reputation service will build up a blacklist of spam senders. For example, a DNS blacklist is a means by which an Internet site publishes a list of IP addresses of known spammers (that legitimate users may want to avoid) in a format which can be easily queried by computer programs on the Internet. The technology is built on top of the Internet Domain Name System, or DNS. These blacklists are used to publish lists of addresses linked to spamming. Most mail transport agent (mail server) software can be configured to reject or flag messages which have been sent from a site listed on one or more such lists. In addition, a right-hand side blacklist is similar to a DNS blacklist but it lists domain names rather than IP addresses.
A signature technology may also be used by an anti-spam product and it uses a spam e-mail sample to extract a signature. Incoming messages are compared to the signature. The technique is not perfect; false positives may delete legitimate e-mail, and false negatives may flood an in box with spam.
For these current anti-spam products, it can be difficult to handle a new threat. A blacklist will not list new addresses or domain names used by a spammer. New e-mail formats and content can evade signature algorithms. Further, a domain reputation service cannot blacklist the reputation of an entire ISP, such as Yahoo or Gmail. If a spammer uses such an ISP mail account to send spam, the reputation technology will not block this spam. Another challenge is that everyone has a different idea about what is and is not spam; a given e-mail message will be spam for one person, yet will be legitimate e-mail for another.
Some anti-spam products use an IP-based reputation technique to check the e-mail sender's mail transfer agent (MTA). Some venders, such as IronPort and Gmail use a domain-based reputation technique to check if the e-mail sender's MTA is valid. These reputation techniques only check the e-mail sender's MTA, but, even if a domain name or IP address is valid, spam e-mail may still originate from that location. In other words, a spammer may use an ISP to send spam.
It is thus difficult to validate a legitimate e-mail sender with the current anti-spam products. And, it is also difficult to build up a comprehensive and accurate sender white list using currently available techniques. A technique and system are thus desired to reduce e-mail spam.