Spam shows no decline: How are you defending your network?

Spam remains a major problem, as evidenced by the July 2009 edition of the MessageLabs Intelligence Report. Blogger Paul Mah explores a couple of network methods that can be used to mitigate the effect of spam.

Spam remains a major problem, according to the July 2009 edition of the MessageLabs Intelligence Report (pdf). In fact, it surged to a two-year high of approximately 90 percent, with some European countries seeing levels as high as 95 percent.

There are a few trends that are apparent:

  • International problem: Certainly, the torrent of spam is not a problem limited to just the .cn domains (China) or even from outside the United States. In the month of July at least, 86% of all e-mails sent in the U.S. are spam.
  • The use of automated tools: The use of automated tools continues, but with a twist. Spammers are increasingly using underlying tools that insert the right language based on the targeted domain, resulting in multiple spam runs in various languages. This has directly resulted in a double-digit increase in spam levels in countries that such spam is directed toward.
  • URL-shortening spam: The use of URL-shortening services is not only proving popular with users obsessed with social networking applications like Twitter or Facebook, but it is also proving to be a dangerous breeding ground for malicious activities, with 6.2 percent of all spam containing shortened URLs masking unsafe destinations.

Considering the indispensible nature of e-mail and the precious network resources consumed by automated spamming tools, should it really be considered an issue relegated to just the security administrator anymore?

Well, there are a couple of specific network methods that can be used to mitigate the effect of spam.

Traffic management

Traffic management entails reducing overall message volume by relying on techniques that are implemented at the protocol level. Essentially, unwanted senders are identified and their connections dramatically throttled using features that are inherent to the TCP protocol. This allows incoming volumes of spam to be slowed, allowing legitimate mail an opportunity to be processed and expedited by the mail server.

This technique is obviously much more effective for a service provider like MessageLabs, but it is nevertheless useful to reduce the effect of a DOS-style of e-mail flooding.

Connection management

Another method would be the use of connection management techniques. An example would be for incoming SMTP connections from sources known for sending spam and malware to be immediately rejected. The use of such blacklists can be done at the firewall level and could also include open proxies or known botnets.

The obvious benefit of connection management is that mail servers do not even have to waste processor cycles to deal with the incoming spam.

What else?

Now, traffic management and connection management techniques are just a couple of possible solutions at the network level. Do you have additional suggestions on dealing with the perpetual malice that is spam?