Authors

  1. Johnson, Eileen RN, BC, MSN, CPHQ

Article Content

SPAM delivered in e-mail has become a big problem for big business-and for small businesses! It has been estimated that SPAM now comprises 30% to 40% of all e-mail received by corporate users. The argument to "simply use the Delete key" to get rid of SPAM just doesn't work anymore as healthcare organizations begin to look at the very real costs of this amount of unwanted e-mail. Think of it this way: if every user in an organization spends just 10 minutes a day processing unwanted e-mail, this equates to over 40 hours per year or 1 week of lost productivity per user! 1 And those are just the "soft" costs of SPAM to a business. The "hard" costs, including Internet access time and e-mail storage costs begin to really add up. For an Internet service provider (ISP), these costs also include the costs in network bandwidth, processing time, storage costs, and delays in delivery of legitimate e-mail. The corporate world, and many ISPs, are beginning to respond to these increased costs in the only way they see as an alternative-putting "blocks" or "filters" on unwanted e-mail at the gateway before the user ever has access to the mail.

 

The most commonly used blocks have a few characteristics in common: (1) they block all e-mail from addresses known to deliver SPAM through the use of published blackholes and blacklists; (2) they block relayed e-mail; that is, e-mail that has been passed from one ISP to another as a way of getting past the first "block"; and (3) they are, for the most part, ineffective in eliminating much of the SPAM. For a filter to be labeled "effective," it must eliminate most or all junk e-mail without eliminating any legitimate mail. The cost to business of missed legitimate mail is potentially much higher than the cost of processing SPAM. Some of the most commonly used blacklists/blackholes are MAPS (Mail Abuse Prevention Systems) the best known subscription service, Relay Stop List (RSL), Open Relay Database (ORDB), Spam Prevention Early Warning System (SPEWS), RealTime Blackhole List (RBL), Relay Spam Stopper (RSS), and Dialup User List (DUL).

 

At the gateway level, there does not seem to be much argument about whether SPAM should be stopped; however, there is much debate over how this should be accomplished. Those businesses and ISPs that advocate gateway level SPAM filtering have several very good arguments for using what they admit is an imperfect technology. A large amount of unwanted e-mail (24%) is stopped before it ever gets to the user's mailbox. 2 This results in a potential savings for the business and the service provider. The argument is that ISP users do not pay to be annoyed by unwanted e-mail; therefore, blocking even a portion is a savings in time, money, and aggravation. As spammers have gotten smarter about getting around the filters, it has become obvious to many providers that simple rules based on IP addresses are no longer adequate to provide protection. Proponents of gateway filtering argue that, with the application of Bayesian mathematical analysis, filtering agents are becoming "smarter" and are beginning to evaluate the entire e-mail rather than just the mailing address or certain keywords that have traditionally been used in unwanted e-mails. These new, smarter statistical filters share some common benefits as outlined by Graham: (1) they are effective; (2) they generate few "false-positives" by deleting wanted e-mail; (3) they learn; (4) they are hard to trick; and (5) they let each user define what is SPAM. 3 This last benefit is what will make this kind of filter less effective to use at the gateway level-a setting that is correct for one person might be totally wrong for another.

 

The opponents of gateway filtering use a variety of arguments against the practice. One of the most compelling is that filtering at a gateway is usually "stealth blocking," that is, blocking that occurs without the consent, or in many cases, even the knowledge of the user whose e-mail is being blocked. In fact, there is a group that is so opposed to stealth blocking that they have formed a coalition and have issued a statement against blocking of e-mails without informing users. 4 For healthcare organizations and other businesses, the argument is also made that blocking legitimate e-mails ("false-positives") can be catastrophic. If an essential e-mail is blocked at the gateway level, the user is not aware that it was received-until the repercussions start! It is estimated that, with the use of the current blacklists, for every SPAM e-mail that is blocked, 1.4 valid e-mails are also blocked. 1 Would a false-positive error rate of 140% be acceptable in your position? Probably not. Finally, opponents of blackholes/blacklists, argue that these lists can be misused through malice, ignorance, or misapplication because of the arbitrary way that ISP addresses can be added to lists. 5,6 In many instances, an address can be added to a blacklist simply on the basis of a complaint from one e-mail recipient-and in some systems this can be accomplished by a simple click of a button! The process to get removed from one of these lists is generally much more difficult and has caused difficulties for many businesses that legitimately send bulk e-mail to readers who have "opted in" to their e-mail list. 7

 

E-mail filters utilizing blacklists have been used at the gateway level for years. In that time, the amount of SPAM has increased from a manageable 8% to an overwhelming 40% of all corporate e-mail. As businesses have looked to their ISPs to help manage the problem, the ISPs have responded in the only way they have available to them-buying blacklists and prevention systems. Currently, several of the largest ISPs (AOL, Apple, and MSN) are beginning to develop and utilize the concept of smart, statistical filtering. These Bayesian filters should solve the problem of the "false-positives" and missed SPAM. Opponents of stealth blocking will continue to argue against any provider or gateway that does not at least inform their users that filtering at the gateway is happening.

 

Gateway filtering and blacklisting are designed to stop unwanted e-mail before it gets to the corporation or end-user of the system. It is easy to understand why an ISP or business wants to control SPAM given the costs in terms of lost productivity and time, an increased use in network bandwidth, and a need for increased storage. However, until the technology is widely available that allows more SPAM to be filtered without the loss of legitimate e-mail, the efficacy of trying to control the problem at the gateway level is questionable. At the very least, when filters or blacklists are employed at the gateway level, the user of the service should be made aware that the e-mail is being filtered. Informed consent isn't just for healthcare anymore!

 

REFERENCES

 

1. Langa F. Langa letter: real life SPAM solutions. November 18, 2002. Available at: http://www.informationweek.com/shared/printableArticle?doc_id=IWK20021115S0018. Accessed January 3, 2003. [Context Link]

 

2. Graham P. Filters vs. blacklists. September 2002. Available at: http://www.paulgraham.com/falsepositives.html. Accessed January 3, 2003. [Context Link]

 

3. Graham P. Will filters kill SPAM? December 2002. Available at: http://www.paulgraham.com/wfks.html. Accessed January 14, 2003. [Context Link]

 

4. Global Internet Liberty Campaign and Internet Free Expression Alliance. Coalition statement against "stealth blocking." Available at: http://www.peacefire.org/stealth/group-statement.5-17-2001.html. Accessed January 3, 2003. [Context Link]

 

5. Wagner J. When SPAM policing gets out of control. May 23, 2002. Available at: http://www.internetnews.com/xSP/print.php/ 8_1143551. Accessed January 3, 2003. [Context Link]

 

6. Delio M. When everything was SPAM to ISP. November 7, 2002. Available at: http://www.wired.com/news/technology/0,1282,56235,00.html. Accessed January 3, 2003. [Context Link]

 

7. Festa P. Hotmail criticized over SPAM filter woes. November 18, 1999. Available at: http://news.com.com/2100-1023-233280. html. Accessed January 3, 2003. [Context Link]