Often, it is only when the CEO starts receiving emails for ‘herbal viagra', ‘animals in action' and ‘the best legal money making scheme ever' that a company starts to act.

Such spam – unsolicited mass emailings – not only makes a mockery of corporate Internet usage policies, particularly when HTML pages of pornography automatically open in a user's in-box, but is increasingly overwhelming the email servers of Internet service providers (ISPs) and companies alike.

The figures illustrate the fast-growing nature of the problem. According to MessageLabs, the email monitoring unit of Star Technology Group, 15% of all the email it filters is spam and the problem is getting worse.

Data from MessageLabs' competitor Brightmail suggests that the amount of spam doubled in the last six months of 2001 alone and, if the UK and Europe follow US trends, that volume will double again during 2002.

All this costs recipients money: MessageLabs estimates that dealing with spam currently costs organisations £470 per employee per year, just in terms of the time it takes users to deal with it.

The problem with spam is that mass emailing is simply too cheap, even when compared to traditional junk mail. At least with junk mail, the sender has to pay for the design, production and sending of the literature. In comparison, the cost of sending spam is minimal, particularly when the spammers use every dubious method possible to run their mass emailing campaigns. Much of the cost that does accrue, is passed on to Internet service providers (ISPs), recipient companies and, ultimately, to end-users.

One of the loopholes that spammers most commonly exploit is ‘open relays'. This feature is a legacy of the pre-commercial Internet of the 1970s and 1980s. Back then, they were used to relay email messages between otherwise closed email technologies, such as systems based on the Unix-to-Unix copy protocol (UUCP).

Open relay is still an integral element of the simple mail transfer protocol (SMTP) standard and until the mid-1990s, email server packages such as the open source Sendmail application would default to open relay on set-up.

The primary tools in the spammers' armoury are scanners that can search the Internet for email servers with open relay switched on. When they find them, they can use these to launch their spam attacks without fear of being traced.

Another commonly used method is to scan the Internet for widely released ‘Trojan horse' programs, such as BackOrifice, NetBus or SubSeven. These might reside on the PCs of unsophisticated broadband Internet users. Once found, spammers can use these either to take over the PC or to hijack an Internet account for their own ends.

Sendmail.org, the open source development community behind Sendmail, has tried to address the problem. It has re-configured the set-up process so that it does not default to open relay, as well as incorporating a number of anti-spam facilities from version eight, released in 1998.

But there are still many systems administrators running email servers using old versions of Sendmail, as well as servers in far-flung parts of the world that have been poorly set up. The problem here is four-fold. First, although Sendmail is highly rated for its configurability, users need to have a good understanding of Unix in order to be able to edit the relevant files. "It's very easy to set up the server incorrectly simply because the configuration files are quite difficult to read," says Matt Sargeant, anti-spam technologist at MessageLabs.

Second, open source software such as Sendmail is popular across Asia because it is effectively free. Yet because of its relative complexity, Sendmail servers are often set up by inadequately skilled systems administrators, and used as launchpads for spam.

Third, much of the documentation available over the Internet is only in European languages. Help for Chinese or Taiwanese systems administrators who do not understand English is therefore limited.

Finally, because Asia is still little touched by spam, many organisations there simply do not understand the problem – until, that is, their email servers become over-loaded or, worse still, blacklisted.

Blacklisting is the approach that many anti-spam organisations have adopted: Organisations found to be running open relay email servers are first warned and then added to anti-spamming blacklists compiled by organisations such as the Mail Abuse Prevention System's (MAPS) Real-time Blackhole List (RBL).

These are used by companies such as Activis and MessageLabs, as well as many ISPs, as the first layer in their anti-spam defences. For a blacklisted organisation, it means that much of the email they send stands a high chance of being bounced back to the sender.

But some ISPs have a double-edged relationship with spammers. On the one hand, their standard contracts explicitly forbid using their network to send out mass, unsolicited emailings. Yet on the other, some also sign secret deals with spammers charging premium rate fees.

And it is not necessarily small ISPs, desperate for cash, which have been caught double-dealing in this way. A number of big names have been found to have such contracts with spammers, including AT&T, PSInet and Sprintlink.

On top of this, blacklists are often unreliable. An alternative is for companies to start filtering their email, using packages such as Clearswift's Mimesweeper or to employ a third-party filtering service, such as Activis or MessageLabs.

In addition to subscribing to the anti-spam blacklists, these companies also deploy a number of other techniques, the most common of which are based on word lists. All the major email filtering software and service vendors – Activis, Brightmail, MessageLabs and SurfControl – use word lists.

"We provide a pre-defined list of words that are commonly found in spam and we scan for strings like ‘No obligation, no charge' and ‘There's no better time to re-finance'," says Richard Willers, product manager at Activis. Spam filtering is an integral part of Activis' anti-virus service.

Both Brightmail and MessageLabs have also subscribed to most of the world's spam mailing lists to keep them up-to-date on the latest spams. Brightmail uses the intelligence it receives to dynamically update its software running on clients' systems, 24 hours a day. Like Activis, its software is based on word lists.

MessageLabs' aim is to correlate the data it derives from this source and load it into Skeptic, its in-house developed anti-virus engine that it plans to deploy in its anti-spam service. By applying the ‘heuristic detection' techniques used in anti-virus software, MessageLabs hopes to be able to boost spam detection rates. In tests, Sargeant claims that this method has achieved accuracy rates in excess of 99%.

By contrast, in tests run by Ziff Davis's eTesting Labs, MAPS RBL apprehended less than 10% of the spam sent its way, while Brightmail, which uses word lists, achieved a rate of 94% with no false positives – that is, legitimate emails wrongly identified as spam.

But there are other, simpler methods that systems administrators can deploy that do not cost a penny and which should help staunch at least some of the flow of spam. First, they can subscribe to the blacklists and configure their email server to reject anything from an address on these blacklists.

Second, an email server can be set up to reject emails in which the data in the message header is inconsistent. For example, if the domain from which the email is ostensibly from and the Internet protocol (IP) address from where it originated do not match up, that is a strong indication that the email is spam.

An alternative approach adopted by some hard line ISPs in the US has been to hunt down the spammers and sue them for damages. Such a method is certainly satisfying when they win, but is too time-consuming and expensive for the average organisation to pursue.

	The composition of spam Source: Spam Recycling Centre