Filter foibles

Communications News, May, 2004 by Ken Anderberg

"The file attached to this email is in violation of our email policy."

I'm beginning to get frustrated with spam filters. Responses like the one above are becoming more common, and a real impediment to communicating with the thousands of companies that Communications News deals with daily.

Surprisingly, the most difficult companies to push e-mail through to are those providing content filtering, spam and other Internet security solutions. I say surprisingly because one would expect that the designers of the solutions would not be preventing legitimate e-mail messages from getting through. But they do.

At the InfoSec show in Orlando in March, I asked several vendors about the state of today's spam filtering technology. No one saw a problem. Many solutions "work just fine" was the response from one vendor. No they don't.

"450 Client host rejected: cannot find your hostname."

There's another response one of my e-mails received. That was to a message sent to a vendor outlining future editorial opportunities in this magazine. That is hardly spam. Unfortunately, that company's e-mail address has now been purged from my Outlook contact list and it will not receive important information from us in the future that could help its product marketing efforts.

In another instance, my e-mails to a public relations firm representing several technology vendors bounced back, with a message that the firm's spam filter had blocked my message. About a dozen people at the company no longer receive messages from the editor of Communications News, as a result.

"521 xchange.peppercom.com access denied."

Then there are those "challenge-and-respond" solutions. You send a legitimate e-mail message, their software sends a response back (challenge) asking you to resend your message (respond). Variations on this ask you to go to a Web site to verify your legitimacy, or identify a word in the message and respond. Not very user friendly.

For example, we mail tens of thousands of opt-in e-mail newsletters every month. Devoting staff-time to responding to these challenge requests is not feasible. So, the message does not go through. The emphasis here is that all these bounced-back messages were sent to opt-in addresses.

Microsoft's latest proposed solution, nicknamed Penny Black (aka the puzzle solution), does not appear to be the answer, either. This project would ostensibly stop spam by limiting the number of e-mails that could be sent from a client to a server to 360 per hour. Thus, sending out 100,000 e-mails would take 11 days, effectively frustrating spammers, who typically generate millions of e-mails in short order. Of course, vendors are already coming out with solutions that will speed this process so that legitimate e-mailers can send out far more messages. Can the spammers be far behind?

"553 mail rejected due to excessive spam."

Obviously, Houston, we have a problem here.

Ken Anderberg

kanderberg@comnews.com