Anti-spam company Postini is now rejecting more than half of all attempts to send e-mail to its customers as spam. And, according to the company, this is due in part to compromised home computers being turned into "zombies" for sending spam.
The company is dropping 53 percent of all e-mail connections that use the SMTP without reading the content of the e-mails. That's a 20 percent increase since the company began aggregating information about troublesome Internet addresses from across its customer base, said Andrew Lochart, director of product marketing.
The company manages e-mail for around 3,300 companies and five million e-mail users. It uses its own algorithms to spot spam, as well as denial-of-service attacks and other threats, by analysing the behaviour of Internet-connected machines attempting to send e-mail and, after that, the message content.
Since October, the company began building information on IP addresses of machines attempting to e-mail its customers, and dropped connection attempts from IP addresses behaving suspiciously. Since that time, the percentage of dropped connections has swelled from around 35 percent of all connections to the current 53 percent, he said.
"We're cross-correlating spam and virus attacks for all our customers, and that allows us to block an even greater percentage of messages without even looking at the content," he said.
Home computers connected to the Internet through large Internet service providers are responsible for around 36 percent of all the dropped connections. Loosely configured machines, called open relays, and other compromised computers account for the rest of the dropped connections, he said.
Of the 47 percent of e-mail connections that are accepted, around 76 percent of the mail accepted are spam and one percent or two percent are viruses. Only 11 percent of the 10.75 billion SMTP connections the company receives each month are legitimate e-mail messages, Postini said.
Spam, and the problem posed by compromised home computers, have been attracting more attention in recent months. Leading Internet service providers, including Comcast, have begun kicking zombie machines off their network. At the same time, a number of companies and international standards organisations are evaluating new standards that, if widely adopted, would allow companies to verify the source of e-mail messages and stop address spoofing.
In June, the Anti-Spam Technical Alliance (ASTA), representing Yahoo, Microsoft, AOL and EarthLink, released recommendations for ending spam, including a list of suggestions and "best practice" recommendations for ISPs, e-mail service providers, governments, corporations and bulk e-mail senders.
Microsoft is also backing a proposed standard called Sender ID that requires companies that send e-mail to publish the addresses of their outgoing e-mail servers in the Domain Name System (DNS). The Sender ID standard, which has been submitted for approval to the IETF will allow companies to check for spoofing by analysing information stored in the e-mail envelope and in the message body, Microsoft said.
Postini believes its solution is superior to sender authentication schemes because it is "dynamic", and allows the company to freeze communications from IP addresses that are behaving badly for short periods of time, then restore communications with them when they begin behaving normally again, as opposed to placing them on a block list for prolonged periods, Lochart said.
Such a system is better suited to the current spam distribution system, in which spammers shift e-mail traffic rapidly between thousands of compromised machines to send messages, Lochart said. However, he also acknowledged that the system was only feasible for e-mail service providers like Postini that benefit from intelligence gathered from thousands of e-mail domains.
The spam problem calls for e-mail providers and anti-spam companies to combine their knowledge and activities, said James Kobielus, an industry columnist at The Burton Group. Kobielus recommends a federated anti-spam network in which companies like Postini, Brightmail and others share spam signatures, whitelists and IP addresses, so that every legitimate e-mail sender can benefit from up-to-date information on spamming activity.