Trying to Stop Runaway Spam

Casino gambling. Weight loss products. Bank of Nigeria has money for you. Sex, sex, sex.

Anyone with an email account recognizes these marketing come-ons from the spam or junk email they've received. Experts say it is not your imagination; the number of spam emails is increasing. One estimate predicts that fifty percent of all e-mail traffic this year will be spam - unwanted emails selling products, according to Brightmail Inc, an anti-spam firm. For March 2003, Brightmail says 45 percent of all email traffic was spam, up from 8 percent in September 2001.

The problem has grown to the point where the Federal Trade Commission recently held a three- day conference in early May to focus on the issue. Legislation is pending in several states to try to outlaw spam or at least curb e-marketers using questionable tactics like false sender names and misleading subject lines to entice users to open the e-mail. The problem has grown to such an extent that the three largest e-mail providers - AOL, Microsoft, and Yahoo - recently announced an alliance to work together to reduce spam.

"That alliance points out that spam has become a major problem, even for the Internet Service Providers (ISPs)," says Richard Lipton, professor and Frederick G. Storey chair in Computing in the Georgia Tech Information Security Center (GTISC) housed in Georgia Tech's College of Computing. "All of the ISPs tout their anti-spam filters as the best to reduce unwanted email, but obviously they feel they need to pool their efforts to tackle this growing problem."

Spam is a serious problem that is getting worse for ISPs for two main reasons -- uses up valuable computing resources and their customers dislike spam.

ISPs have to store these emails until their customers delete them clogging their storage capabilities, and they have to grow their bandwidth or network pipeline to handle the additional volume of e-mail traffic. Ferris Research, a market research firm, estimates that U.S. corporations spend $9 billion per year fighting spam and that $4 billion is the amount of productivity lost at Y.S. businesses due to spam. AOL reports that the company blocks 2.3 billion spam e-mails every day, as of April 30 of this year. These are real costs.

Also, ISP customers are angered at receiving spam, and many want or expect their ISP to prevent junk e-mail from arriving in their in boxes.

Lipton says that currently most approaches to reduce spam can be sorted into three categories. First, the most common method filters the "from" field for unwanted or unknown senders, a tactic which spammers easily defeat. The second most common scheme is content based, and spammers have shown that they change their wording or avoid using suspect words like "free" to circumvent the content-based filters. Third, ISPs create a number of dummy email accounts in order to monitor e-mails received by their system, and when the human monitor or filter find large-scale spam, they set up a system-wide filter to prevent that new spam from reaching their customers.

Dr. Wenke Lee, assistant professor in GTISC and the College of Computing, explains their novel approach to develop their new anti-spam application that seems to work.

"We thought about what does the spammer want the email user to do?" says Lee. "Usually, the spammer wants the recipient to click on a link to a web address to find out more about the product or service and buy it online."

In thinking about the problem from the spammer's point of view, Lee and Lipton realized this means that most spam e-mail contains a URL or web address for a website for potential customers to visit. So, they have created a filter application based on looking for unwanted URL addresses in emails.

"This approach and application is elegant and incredibly computer cheap and fast," says Lipton. "It seems to work better than the existing commercial products, and the end user can customize it easily."

Lee developed the working prototype over the past year, and the two have been running the prototype on several computers since December. So far, the developers are very pleased with the results.

The end user can create "white lists" (the opposite of black lists) of URLs that are acceptable such as favorite news sites or online retailers such as CNN.com or Amazon.com. Their application also has a "wild card" category so the user can specify for the system to allow all emails with university URLs that contain ".edu." Conveniently, all emails that do not contain a web address are allowed into the users in box.

The application also includes a "black list" feature where the user can easily add URLs from unwanted e-marketers and others. These unwanted emails are delivered to a "Spam Can," so the user can periodically check the spam to make sure no wanted emails accidentally were trashed.

"We've had very few false positives," says Lipton. "It's important that the system not accidentally remove legitimate email."

Lipton and Lee have a provisional patent on their new spam tool. This summer they plan to refine the application by adding several more customizable filtering features, finalize the patent, write a paper about their project, and hope to eventually license the application for broad use.