Last month I took a generic look at the
problem of spam. As a general rule, I still recommend that you deal with
spam simply by deleting it and getting on with your life.
But, if you are really frustrated with
the volume of spam you receive and you really want to do something to eliminate
it, there are some products on the market that may be able to help you.
This month I take a look at SpamNet from Cloudmark.
Most anti-spam software tries, with varying
degrees of success, to identify spam by its own rules. It may look at information
in the header, words or phrases in the subject or body of the message,
etc. As you might imagine, this can be a really difficult way to identify
spam. And it can be problematic. Every e-mail I have ever received that
contained the word “Viagra” was in fact a spam trying to sell the drug
to me. However, the same is not likely true for a doctor, hospital or drug
Cloudmark avoids the problem by not doing
a single thing to identify spam. Instead, they let their customers identify
spam. An ingenious turn-about. Once you install SpamNet, currently at beta
6d as I write this review, it begins filtering out spam automagically.
As well, if you want, you can immediately begin to contribute to the body
of knowledge of known spam. Here’s how it works.
While it is difficult to describe a spam
e-mail, everyone knows one when they see one. When you receive an e-mail
and you identify it as being spam, you can click a button on your toolbar
labelled Block. SpamNet takes a copy of the spam and sends it to a Cloudmark
server. The Cloudmark server creates a statistical signature, or fingerprint
of the message and stores this fingerprint in a database. Now, say someone
else receives the same spam e-mail. When the e-mail arrives, a fingerprint
for that message is created and then checked against the database of known
spam to see if a similar fingerprint already exists. When it finds the
match, SpamNet knows that the e-mail is, in fact, spam and the software
then moves the e-mail to a spam folder.
There is strength in numbers. As more and
more people use SpamNet, more and more people are identifying spam and
reporting it to Cloudmark. The more people are involved, the more likely
it is that, by the time spam makes it to your mailbox, someone else has
already identified the spam, and your copy of SpamNet can whisk it away
to your Spam folder before you have to deal with it.
But things are seldom perfect. What if
someone accidentally reports an innocent e-mail as spam? Perhaps they forgot
that they actually did sign up at some web site to be kept informed about
product information or whatever.
Besides the Block button on the toolbar,
there is an Unblock button. If you notice that something was caught as
spam that should not have been treated that way, you can click the Unblock
button. When you do so, the statistical representation of the message is
sent to Cloudmark to let them know that this e-mail was not spam. At the
same time, the message is moved from the spam folder back to your Inbox.
But what if the spammers got a copy of
SpamNet and simply sent an Unblock for every spam they send out? Or what
if you get some dolt who can’t figure out what they are doing and are constantly
pressing the wrong button?
Cloudmark has thought of that. Each user
gets assigned a ranking in a “Truth Evaluation System”. The more spams
you accurately report, the higher your ranking and the more weight your
blocks and unblocks carry. Anyone who consistently reports incorrectly
will end up with a ranking that carries no weight.
Finally, if you have mail from a particular
source that is always being accidentally treated as spam, or you don’t
want to take a chance of e-mails from a particular source being treated
as spam, you can use the Whitelist option. This is a simple string match.
For example, entering “Minisoft” would allow Minisoftemail@example.com
or Connie-Coder@- Minisoft.com through. Entering “@Minisoft.com” would
allow the second example to pass through with no spam checking.
I would estimate that over 90% of the spam I received during my
testing period was caught by SpamNet and moved to my spam folder.
Given the simple way that SpamNet works,
the user controls are pretty limited. You can enable and disable SpamNet,
specify the folder that spam should be moved to, create entries on the
Whitelist and configure SpamNet to use a SOCKS 4 or 5 proxy (if required).
There is a configuration option called Custom Confidence Level Settings
which is currently disabled. I am intrigued, because I expect this will
give a bit more control to the individual users over what is considered
spam or not. We will have to wait and see!
About the only other thing you can do with
SpamNet is run it against existing e-mail already in your mailbox. You
can specify any folder and SpamNet will chug away checking every e-mail
in the folder. If you have thousands of messages, expect it to take some
So how effective is SpamNet? Well, Cloudmark’s
web site says you can expect SpamNet to catch about 75% of all spam. Their
home page lists numbers for the day, and on September 14th, it was reporting
that they had 72,456 users, they had processed 5,024,097 e-mails and had
caught 1,721,925 spams. Not too shabby for a single day!
My experience with SpamNet’s ability to
catch spam has been very good. I would estimate that over 90% of the spam
I received during my testing period was caught by SpamNet and moved to
my spam folder.
But what about dreaded false positives?
Everyone wants spams removed, but nobody wants legitimate, non-spam e-mails
to be accidentally caught.
On this front, I found that SpamNet tended
to catch one or two non-spam e-mails a day. For most of them, I could see
why they might have been treated that way. I am signed up for a lot of
electronic newsletters, most of them related to information technology.
They are all legitimate and have clear instructions on how to unsubscribe.
But perhaps some people had a hard time unsubscribing and decided to treat
them as spam and use the Block button. I used the unblock button and it
seems to have helped, but not eliminated, the problem of non-spam e-mails
Quite a bit more puzzling was the result
of running SpamNet against a couple of thousand e-mails in one of my existing
folders. It identified an e-mail from my boss as spam! Ouch! Now, I am
not sure how this could happen, except that the fingerprint calculated
from this message happened to match the fingerprint of a completely unrelated
spam that someone reported? I am told this can’t happen and the e-mail
was identified as spam “…because there was a common background, part, or
signature within the messages.” The proper thing to do is unblock the message
so that it is not treated as spam in the future.
I had another e-mail, a daily humour digest
and it was getting caught as spam every day. Every day I unblocked it.
I finally gave up and whitelisted the sender address. But I guess that’s
part and parcel of being beta software!
And therein lies the rub. As with other
anti-spam programs I have looked at, you cannot be absolutely sure it will
catch all spam and you can’t be absolutely sure that it won’t have false
positives. Not catching all spams is not really a problem, although you
really do want it to catch the maximum possible. But most people have a
pretty low tolerance for legitimate e-mail being treated as spam.
Most anti-spam programs, SpamNet included,
handle the problem of false positives by refusing to silently purge spam
so you never see it. They will only move it to another folder.
And therein lies the other rub. Even though
SpamNet can move spam out of my Inbox for me, I still have to deal with
the spam at some point. Until I am confident that there are never any false
positives, I must look through the spam folder to make sure nothing was
accidentally caught. If and when I ever get that confident, dealing with
the spam will be a simple action of emptying the spam folder.
The final caution I have about SpamNet
relates to your privacy. Normal e-mail arriving at your Inbox is not sent
to Cloudmark – only the statistical signature is sent. Even when you Unblock
a message that was accidentally treated as spam, only a signature is sent.
But, when you hit the Block button, that message is sent to the Cloudmark
server. In most cases, this is not a problem. The message is just a spam,
I can understand why the Cloudmark lawyers
would insist it be in the license agreement, but users should be aware
that any message they block by hitting the block button is sent in its
entirety to a Cloudmark server and you “assign to Cloudmark any and all
right, title, and interest that you may have (including any intellectual
property or proprietary rights) in and to any such e-mail messages and
digital signatures thereof.” I am promised by Cloudmark staff, “All I can
do is assure you that we never look at, or acknowledge these messages in
anyway. No human beings are doing anything with the reported messages,
your privacy is protected.” But seeing the wording in the license agreement,
I would say you better not accidentally hit the Block button when your
partner sends you your latest business plan or the source code to your
program that is going to make you a millionaire!
SpamNet requires Outlook 2000 or Outlook
XP. A version for Outlook Express is in the works, but no release date
has been announced. If you are behind a firewall, you need to be able to
make an outbound connection with a destination on TCP port 2703. Most firewalls
will allow such outbound connections.
The SpamNet beta is free and will remain
free even after the final release hits the street. The final release version
will cost you something, but the pricing has not yet been set. An Enterprise
version is also in the works that will be appropriate for ISPs and large
You can download a copy of SpamNet from
Originally published: October, 2002