The best technology that is currently available to stop spam is spam filtering software. The simplest filters use keywords such as "sex,", "xxx," "viagra," etc., in the subject line to attempt to identify and delete spam. These simple filters are easy to sidestep by spelling "sex" as "s-e-x." There are, of course, thousands of ways to spell "sex" if you are willing to add extra characters like that, and it is difficult for the simple filters to keep up. Also, simple filters are most likely to block "real" e-mail that you do want to receive. For example, if your friend sends you her favorite recipe for baked chicken breasts, the filter blocks the e-mail because of the word "breasts."
More advanced filters, known as heuristic filters and Bayesian filters, try to take this simple approach quite a bit further to statistically identify spam based on word patterns or word frequency. But there are still ways to get around them (mainly by using short messages).
Large ISPs tried blocking multiple e-mails with the same subject line or message body. This had the unwanted side-effect of blocking e-mail newsletters, so ISPs made "white lists" to identify legitimate newsletter senders. Then spammers sidestepped the issue by inserting different random characters into each subject line and message body. That's why you get e-mail messages with subject lines like:
The word "puklq" is random, and it is different on every e-mail the spammer sends.
There are several organizations that publish lists of IP addresses that are used by spammers. Any large spammer will have an array of server machines blasting out spam messages, and each server machine has its own IP address. Once spam is detected from an IP address, that IP address is put in a list (Spamhaus.org is one of many organizations that maintain such lists). Companies that host e-mail accounts can look at the sending IP address of every e-mail and filter out those that appear in the Spamhaus.org list.
Spammers get around this approach in two different ways. First, they change their IP addresses frequently. The unfortunate problem with this approach is that the old IP addresses that spammers discard get recycled, and the people who get these discarded IP addresses find them to be useless -- they are tainted by their former association with spam, and cannot be used for sending legitimate e-mail.
Lately, spammers have started to get more aggressive. For example, it is thought that recent viruses like SoBig.F were sent out specifically to recruit "zombie machines" for spammers. The zombie machines are generally personal computers owned by unsuspecting private citizens who happened to contract the SoBig virus. The virus opens their machine up to spammers, who can then route spam e-mails through their machines. Since the IP addresses of these machines are new, they do not appear in the IP address blacklists and millions of spam e-mails can route through them before they get blacklisted. The zombie machines have also been uses for denial of service attacks on places like Spamhaus.org.
Another front in the war against spam is legislation. For example, it has been suggested that the U.S. federal government set up a national "do not spam" list identical to the national Do Not Call list designed to block telemarketers. However, it is believed by most people that spammers are so obnoxious that they would set up spam servers in foreign countries and actually use the "do not spam" list as a source of fresh e-mail addresses.
Another solution would be an "opt-in" list. Under this proposal, only those people who specifically request spam e-mail would get it. However, the United States congress seems to be heading in the opposite direction. As noted on Spamhaus.org:
With all of Europe set to implement Opt-in legislation by October, Europe has taken the lead in banning spam. But the United States is going in the opposite direction, legislating Opt-out instead of Opt-in and looks set to explode the spam problem many times worse than it is today, incredibly by actually legalizing spam instead of banning it. US Congress is just months away from giving Unsolicited Bulk e-mail the green light and unleashing the spamming power of 23 Million American businesses onto an Internet which already can not cope with the billions of unsolicited bulk mailings sent by just 200 businesses. As spammers applaud the introduction of pro-spam Bills, we look at why spammers now cheer so loudly for Congressman Billy Tauzin.
The final front in the war on spam is the elimination of e-mail in the traditional sense. Many businesses are being forced to take this approach. Even the White House has been forced to follow this path. Today, if you want to send e-mail to the president of the United States, you do it by filling out an online form. Even HowStuffWorks has been forced to use forms. It used to be that you could send e-mail directly to individual HowStuffWorks staff and departments, but those e-mail addresses started to receive so much spam that we now use a set of online forms, instead.
That may be what happens to all e-mail in the long run. The amount of spam, and the inability to control that spam, may become so unmanageable that the traditional e-mail system we know today collapses and gets replaced either with forms or with a set of advanced, secure servers that put spammers out of business.
For more information on spam and related topics, check out the links on the next page.