Local ISPs Push Back in the Fight Against Spam
When it was discovered that the now defunct ISP CapeInternet was using controversial blacklists in a vain attempt to block spam, it caused quite an uproar. Now, with spam rising at almost exponential rates, ISPs are in a rush to provide services to block spam. This new trend is largely in response to customer demand. It would seem that times have changed -- or have they?
The controversy has resurfaced. This time, locally owned ISP Cape.com has implemented blacklist blocks. Though they have been implemented server wide, customers can disable them on their account. However, as we have found over time, most people don't take the initiative to make such a change. This means that for all intents and purposes, Cape.com customers are subscribed to several blacklists.
Even with the pervasive anti-spam sentiment in the industry, blacklists are still to be considered very extreme. To put it another way, not all spam blocking systems are created equal. Some apply a brute force approach to blocking spam, throwing out good mail with the bad. Blacklists take this approach by assuming that if one piece of spam comes from a server, all messages from that server must be spam. Some blacklists go one step further and block entire countries or even entire continents.
Cape.com has announced that they will be using blacklists provided by Spamhaus.org, Abuse.net, ORDB, and OsiruSoft. Both Abuse.net and ORDB have fairly good reputations for being fair and level headed about the portions of the Internet that they block. Spamhouse, on the other hand, blocks huge chunks of Sprint and Verio, one of the largest hosting companies in the United States. OsiruSoft blocks entire regions of South America and probably elsewhere.
Other spam filtering systems take the opposite approach. They block very common, obvious spam messages. They analyze the "To" address, "From" address, and "Subject" of individual messages and discard messages based on certain preordained criteria. Unfortunately, these systems are almost entirely reactive. Additionally, they do little to block randomized or personalized subject lines such as "John, we've got great deals for you," or even messages with subjects as simple as "Hi."
c4.net's spam filtering takes neither of these approaches. Our system analyzes each message and judges the message on its own merits. We do not arbitrarily discard any message based on its country of origin or the server from which the message originates. We are also not limited to analyzing just the message headers. After all, what good are filters that can't analyze the message if that's where the solicitation exists.
To be clear, our filtering system scans the envelope and message (including the message body) for known spam signatures. Unlike most other systems, our system directs spam messages to a quarantine. Quarantined messages can be viewed online using our Web mail system. Finally, we do not filter anyone's account unless they specifically request it or enable filtering themselves. You chose to participate: we do not volunteer you.
The downside to such a system is that it is much more expensive. It takes much heartier servers to analyze every message and store spam for several weeks at a time. It also requires more maintenance, which is why we have joined a cooperative group of ISPs who work together to refine and improve the system daily. After all, the spam problem is larger than just a single company: shouldn't the solution be as well?