New technology from IBM Corp. is designed to stop spam by identifying the Internet domain it came from, and can help spot online scams such as phishing attacks and e-mail spoofing.
The company Tuesday announced the release of FairUCE, or “Fair use of Unsolicited Commercial Email” for the company’s alphaWorks advanced technology program, citing a newly released IBM survey that found spam is 76 per cent of all e-mail and may cost U.S. companies US$17 billion to fight this year. We’d like to see whether early adopters consider the technology an innovative approach to handling a massive problem.Mark Goubert>Text
The technology uses identity management features to link inbound e-mail back to its original IP address, establishing a connection between an e-mail message, the Internet domain and the computer from which the e-mail was sent, IBM said.
AlphaWorks is a program that distributes technological innovations to developers around the world who sign on as “early adopters” of technology developed by IBM’s global research labs. FairUCE will allow alphaWorks software developers and third party vendors to build more effective spam filtering technology, IBM said.
IBM researchers acknowledge that FairUCE is not a fully-blown antispam product, only an early version of technology that could one day be used in the marketplace.
“We’d like to see whether early adopters consider the technology an innovative approach to handling a massive problem,” said Mark Goubert, manager of alphaWorks. “We want to find out how innovators and early adopters would use it in their environments and get their feedback.”
FairUCE software runs on e-mail servers. It pulls IP address out of e-mail messages, then compares those against one or more databases of known spammers, said Goubert.
Unlike many spam filtering technologies, which use message content to determine whether an e-mail message is spam, FairUCE links inbound e-mail back to IP addresses. That allows IBM to spot messages from compromised, or “zombie” computers, as well as legitimate e-mail servers, IBM said.
Other logic built into the technology allows FairUCE to weed out good and bad IP addresses from large Internet service providers like Yahoo Inc., so that not all mail from those domains is blocked. The product can also flag e-mail from servers based on “longevity” — how long the sending server has been online, Goubert said.
Recent data from e-mail security company CipherTrust Inc. suggests that e-mail “bad senders” frequently use new IP addresses, which may not be listed in databases of known spammers. Traffic from those machines is often attributed to zombie PCs that go on and offline frequently.
IBM cited results from its February 2005, Global Business Security Index report to support FairUCE. The company’s Security Intelligence Services found that one of every 1.3 e-mail messages was spam, and that one of every 46 e-mail messages carried a virus, Trojan horse program or other malicious content, the company said.
The cost to U.S. organizations of fighting spam has risen sharply in the last two years, from approximately US$10 billion in 2003 to an estimated US$17 billion in 2005, IBM said. Lost productivity from workers who must sort through the reams of spam e-mail, inconveniences caused by legitimate mail that is incorrectly labeled as spam and blocked and calls to corporate help desks are major sources of spam related expenses, IBM said.
FairUCE is available through IBM alphaWorks and can be downloaded from the company’s Web site.
Other companies, including Microsoft Corp. and Yahoo, have proposed technology to weed out spam by checking the source of inbound e-mail, which is sometimes referred to as “sender authentication.”
Microsoft’s Sender ID technology framework, for example, closes loopholes in the current system for sending and receiving e-mail that allow senders — including spammers — to fake, or “spoof,” a message’s origin. With Sender ID, organizations publish a list of their approved e-mail servers in the domain name system. That record, referred to as the sender policy framework record, is then used to verify the sender of e-mail messages sent to other Internet domains using Sender ID.