March 22, 2005 8:50 AM PST

IBM debuts spam assailant tool

IBM has developed a new spam weapon--e-mail sorting technology that analyzes domain identity and then works to slow down computers responsible for sending unwanted messages.

Unveiled Tuesday, the antispam technology is meant to take an aggressive swing at computers being used to deliver large volumes of unsolicited e-mail. After identifying a certain machine as an established source of spam, the software, dubbed FairUCE, bounces back any messages sent by the device in question with the intent of slowing that computer down and retarding its ability to produce more unwanted e-mail.


Related story
Cleaning spam
from P2P networks

Computers that "gossip"
with one another may
be key to filtering out
ads on networks.

In theory, the more spam a system targeted by FairUCE generates, the more traffic it will have redirected back at itself. IBM is making the software available for free download on its Web site.

According to IBM's research, 76 percent of all e-mail sent during February was spam, and one out of every 46 e-mail messages was blocked for carrying a virus or some other malicious content. Despite the high numbers, those figures actually represent a slowdown in the volume of spam from January, according to Big Blue. The company says that in January more than 83 percent of all e-mail messages were unwanted.

IBM said the filtering technology at the heart of FairUCE uses identity management tools on the network level to establish the legitimacy of an e-mail message by tracing it back to its source. After tracing a computer's IP address, the system creates a profile of the machine that is consistently sending out spam and begins redirecting the messages back to the device, thereby slowing its performance.

Marc Goubert, manager of IBM's AlphaWorks, the online community through which IBM forwards emerging technologies such as FairUCE to developers and other interested parties, said the intention was not as much to punish spammers as it was to help people fight spam.

"The idea of this technology is to relieve the recipient from receiving the spam," Goubert said. "It may be a more forceful approach, but it doesn't create a lot more network traffic, and we don't want to interfere with other traffic or e-mail coming in. We're not trying to attack spammers; we're just trying to clean up your in-box."

Drawing fire
Previous attempts to strike back directly at computers that generate spam, or the Web sites advertised in spam messages, have drawn criticism from Internet watchdogs. The major concern over such aggressive antispam tools has been that the technologies might imperil legitimate businesses that use e-mail to communicate with customers.

In one case, an antispam screensaver launched by Web portal Lycos Europe drew condemnation from industry watchers, including antivirus software makers, for an onboard technology that bombarded Web sites that were promoted in the text of unsolicited e-mails. Lycos Europe took the free product off the market after receiving heavy criticism that the "Make Love Not Spam" screensaver could actually launch denial-of-service attacks on innocent Web servers and assertions that the tool had shut down two Chinese sites.

IBM's Goubert believes that businesses will embrace the FairUCE tools, rather than decry them for ethical reasons.

"Spam is such a huge problem," he said. "I don't think people are opposed to this sort of aggressive approach; in fact, they're asking for it."

IBM and Lycos Europe are hardly the only companies trying out direct attacks on spammers. In January, security technology specialist Symantec released its Mail Security 8100 Series device, which is designed to help stem spam at the network level. Labeled by the company as e-mail "traffic-shaping" technology, the appliance is meant to automatically control the flow of e-mail messages based on a sender's behavior and on a profile generated by its Sender Reputation authentication service. The device aims to identify abusive e-mailers and prevent them from sending spam into protected networks.

One industry analyst lauded IBM's effort to help curb spam. Judith Hurwitz, president of Hurwitz Group, said the benefits of FairUCE will likely outweigh any complaints over the technology's impact on online businesses or Web traffic.

"Spam has become such a threat to business that you've got people setting filters so high that in some cases it's hard to communicate," Hurwitz said. "It really does hurt people's ability to do their jobs, so it's important to take an aggressive stance, and I don't think you'll see a lot of controversy over this technology."

8 comments

Join the conversation!
Add your comment
This program cannot really work against spam
If I understand the mechanism described correctly, it can have no real effect on sending of spam.

What is describe is that once the true source of a spam stream is identified (I assume this means the IP address of the sending SMTP server), then email is sent to that server to keep it occupied with incoming mail (the "bounces" described are not true SMTP bounces that would have no real effect on the servers that get milions of these - one for every invalid address they try to spam - but rather email messages with the original spam message attached).

This would only work if the spammers use an ordinary SMTP server that accepts mail from outside. However, they don't need to, and many of them don't. They send from dedicated software that uses the SMTP protocol to send spam (SMTP client) but does not act as a mail server. They use "zombie PCs" - PCs infected with a virus that acts as a mail client and sends spam to wherever it is instructed to. They're not a mail server and they cannot be affected by sending mail to them. In fact, a spammer can sit comfortably behind a firewall and spam the whole world, while no one is able to even ping his machine!
Posted by hadaso (468 comments )
Reply Link Flag
Actually, this program can only generate more spam
In my previous post I explained why this program really cannot affect the sending of spam. But now I read the description once more and saw that it could also generate more spam!

The description says that if no relation between the IP address of the sending server and the domain in the envelope-from address is found, a "challenge message" would be sent. Now where would that message be sent? To the IP address of the sender (the one that is known to be correct)? NO!!! that is not an email address. The challenge message can only be sent to the envelope-from address, that was already detemined to be most probably forged, to pester an innocent bystander whose email address was abused by a spammer (Google "Joe job" to learn about this spammer trick).

So in fact, it would just generate more unwanted and unneeded email. Challenge/response systems always transfer the burden of fighting one's spam to a third party. But this one makes sure the third party is innocent before pestering her!
Posted by hadaso (468 comments )
Reply Link Flag
It does nothing of the kind
In no way does this tool "strike back" at the spamming system.

It only tries to deduce the validity of the identity of the sender (returnpath) by comparing to the IP address of the system sending.

That's all, pure and simple. Please correct the article.
Posted by 203129769353146603573853850462 (97 comments )
Reply Link Flag
Not possible
Because of open relays and zombie PCs spewing this stuff, the only approach that makes any sense is the one Brightmail (now part of Symantec) took. Collect as much SPAM as you can, devise a clever way to "fingerprint" it, and supply this "Wanted" list to your server-based application so it can delete or quarantine the bad stuff. Trying to trace the source by IP addresses cannot be nearly as effective as the aforementioned approach.
Posted by (4 comments )
Reply Link Flag
Didn't lycos try something like this
except their was a screensaver, but they still had the same goal...to slow down servers responsible for spam. Seems legally questionable to me. Spam filters have been wrong before, what happens if this thing start attacking legit server? Seems like a liability to me.
Posted by unknown unknown (1951 comments )
Reply Link Flag
Story is wrong
Where is this myth coming from that FairUCE "bounces back any messages sent by the device in question with the intent of slowing that computer down"?

I just can't see how CNN, the WSJ, and now c|net have got this idea from. More thoughts at <a class="jive-link-external" href="http://www.richi.co.uk/" target="_newWindow">http://www.richi.co.uk/</a>
Posted by richijennings (3 comments )
Reply Link Flag
I downloaded this program and XP/Windows will not open it.
I downloaded this program land it will not open. I have it filed away on hard disk until someone tells me how to open it.
Posted by sargento (4 comments )
Reply Link Flag
Um, that's because it's not for Windows...
Read the documentation on the site. It's only a proxy for Linux right now...
Posted by crenaud (4 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.