Proceedings of the 39th Hawaii International Conference on System Sciences - 2006
Effective Anti-spam Strategies in Companies: An International Study
Mikko Siponena
Carl Stuckeb
a
Department of Information Processing Science, University of Oulu, Oulu, Finland
b
Department of Computer Information Systems, Georgia State University, 35 Broad Street,
Atlanta, Georgia 30302, USA.
Abstract
While spam is considered a crucial problem for
both companies and ordinary computer users, little is
known about how spam actually affects companies
and which anti-spam techniques have been found
most useful in practice. To address these issues, we
explored the 500 biggest companies in the US (n=44)
and Finland (n=101). The results suggest that 81.6%
of all email traffic is spam, and that the respondents
use 13 minutes of their daily working time to deal
with spam. The time used for dealing with spam and
the age of the respondents influence attitudes towards
spam. There is marginal support that having an email address available on the Internet correlates with
the amount of spam one receives. Filters, blacklists,
restricting the disclosure of email addresses,
presenting modified or invalid email addresses, and
white lists were seen as the most effective anti-spam
techniques, in order of effectiveness. The respondents
saw that Internet Service Providers and legislation
should take strong action against spam.
1. Introduction
Spam, referring to the sending of unsolicited email,
is a crucial and increasing problem for both home
users and companies. A few recent years and spam
estimates for those years are: 2002 at 36 % [1], 2003
at 12-15 % [6], 2004 at 64 % [4], and 2004 again at
75% [11]. While these estimates vary as to how much
of all email traffic is spam, the overall increase is
clearly shown.
The extant research regarding spam has focused on
different anti-spam techniques, such as filters (e.g.,
[3]), blacklists [4] and helping Internet Service
Providers prevent sending outgoing spam [7].
Previous research has also studied the content of the
spam messages. For example, according to a study by
Cranor and LaMacchia [2], 35 % of all spam was
advertisements for money-making opportunities, while
25 % of the spam advertised different products [2].
Furthermore, while spam and the effectiveness of
technical anti-spam techniques have been studied at
one organization or one Internet Service Provided
level ([2]; [4 p. 372]), we find no academic studies
exploring how spam actually affects companies in
reality, and what anti-spam methods are found useful.
In order to address these issues, we explored 500
biggest companies in the US (Fortune 500) (n=44)
and Finland (n=101).
The remainder of this paper is organized as
follows. In the second section, the research
background, including the hypotheses, is described. In
the third section, the results of the study are presented.
The fourth section, the discussion, considers the
limitations and the implications of the study. Finally,
in the conclusion, the key findings of the study are
summarized.
2. Research background,
subjects and research methods
research
Extant research on spam motivated the 13
hypotheses listed next, along with open, unstructured,
qualitative questions to obtain more information on
these issues.
Effectiveness of anti-spam techniques. It is
important for practitioners to know which anti-spam
techniques really work in practice, and which
techniques are less useful. To explore this, we have
formulated the following hypotheses:
H1: There is no difference between the usefulness
of different anti-spam techniques.
H2: Respondent age and perceived usefulness of
anti-spam techniques are independent.
Small businesses are a larger target of SPAM [11].
Hence, company size might explain the differences in
usefulness between the anti-spam techniques.
Therefore, we hypothesize:
H3: Company size and usefulness of anti-spam
techniques are independent.
0-7695-2507-5/06/$20.00 (C) 2006 IEEE
.
1
Proceedings of the 39th Hawaii International Conference on System Sciences - 2006
Previous research has speculated, without
statistical explanatory power, that the more available
your address is on the Internet, the more spam you
will receive [2]. To study this, we hypothesize:
H4: The availability of one’s email address on the
Internet, and the amount of spam received, are
independent.
Attitude towards spam.
It is often speculated that spam is a serious threat
to companies. To study whether this anecdotal
evidence is true regarding Fortune 500 companies, we
study the following hypotheses:
H5A: Spam is not a problem in the company.
H5B: Spam will not be a problem in the company
in the future.
To study whether age explains attitude towards
(perceived problem of) spam, we test the hypotheses:
H6: Respondents’ age and perception of the
problem of spam (attitude towards spam) are
independent. A study [10] concluded that age was not
a significant influence on attitude toward spam. This
motivates analyzing whether age might influence
attitudes toward spam (H6) and perceptions of antispam technique usefulness.
H7: Respondents’ age and whether spam will be a
problem in the future (attitude towards spam) are
independent.
H8: Company size and amount of spam received
are independent.
Working time and spam.
H9: The working time used for dealing with spam
and the amount of spam received are independent.
H10: The time used for dealing with spam and the
perceived problem of spam (attitude towards spam)
are independent.
Attitude towards anti-spam strategies. To explore
whether the amount of spam and the perceived
usefulness of the anti-spam strategies are independent,
we hypothesize:
H11: The amount of spam received and the
usefulness of the anti-spam strategies are independent.
To consider whether the perceived problem of
spam (attitude towards spam) currently and in the
future, and the usefulness of the anti-spam strategies
are independent, the following hypotheses were
formulated:
H12: The perceived problem of spam (attitude
towards spam) and the usefulness of the anti-spam
strategies are independent.
H13: The perceived problem of spam (attitude
towards spam) in future and the usefulness of the antispam strategies are independent.
Data Collection. Based on the existing research
literature, a questionnaire was designed, to obtain
information on how spam actually affects companies
in reality, and what anti-spam techniques have been
found useful. The questionnaire consists of both
qualitative and quantitative items. Regarding the
latter, the respondents were asked to answer each
quantitative question using a seven-point Likert scale.
The questionnaire was put on the web page of the
Georgia State University, USA, and the respondents
were asked to fill out the questionnaire on this web
page.
To study how spam actually affects companies in
reality, and what anti-spam techniques have been
found useful, we selected 500 biggest companies in
the US (Fortune 500) and Finland as the target
population. Within these companies, the survey
instrument was sent to operational IT managers.
Operational IT managers typically have used different
anti-spam techniques and therefore may have
important insights about how the problem of spam
should be handled. Accordingly, the WWW-link to
the questionnaire was first emailed to operational IT
managers in our selected companies. Then, to increase
the response rate, and ensure that our email invitation
to fill out the questionnaire was not removed by the
companies’ spam filters (a frequent event), a request
to fill out the questionnaire was mailed to those
Finnish companies who did not respond in the first
round. No mail was sent to the U.S. firms which may
partially explain the low response rate. Instead, a
follow-up email was sent.
Altogether, we received responses from 101
Finnish and 44 US companies. The response rate in
Finland was about 20 percent, and in the US about 9
percent. The low US response rate is in accordance
with recent findings showing difficulty obtaining
security-related data from US companies [5]. The
collection of the data took about 10 months, and was
carried out in 2004.
3. Results of the study
The average age of our respondents was 43. Of 145
respondents, 122 respondents (84 %) were male and
23 respondents (16 %) were female. Our respondents
received 348 030 emails per day. Of those, 283 922,
or 81.6 %, were spam.
Of the 145 respondents, 52 (36 %) have and 92 (64
%) do not have their email address available on the
company’s website.
Of the 145 respondents, 58 respondents do not, and
81 do analyze the headers of spam messages (5
respondents do not know whether they analyze the
headers or not).
According to our respondents, spam takes up an
average of 13 minutes of working time each day.
2
Proceedings of the 39th Hawaii International Conference on System Sciences - 2006
The respondents estimated that 14 percent of the
spam they receive originates from their own country,
and 86 percent of the spam originates from a foreign
country (39 respondents did not know where the spam
comes from). When we asked the respondents to
estimate where most of the spam comes from, 47
respondents suggested the US as the main source of
spam, while 2 suggested Czech and 2 the UK as being
the main source of spam. Eastern Europe was
mentioned by 3 respondents, Africa and Asia by 2
respondents each, and Russia by 3 respondents.
3.1. Quantitative results
Anti-spam technique effectiveness
H1: There is no difference between the usefulness
of different anti-spam techniques. This hypothesis is
not supported.
H2: Respondent age and perceived usefulness of
anti-spam techniques are not related. This hypothesis
is supported, with the exception that there is statistical
evidence that the expected value of the perceived
usefulness of blacklist is related to the value of age.
H3 held that company size and perceived
usefulness of anti-spam techniques are independent.
As seen in Table 5, this not was the case in relation to
users deleting spam and displaying email addresses as
pictures. Otherwise, the hypothesis was supported.
Availability of email address on the Internet and
spam
H4: The availability of one’s email address on the
Internet, and the amount of spam received, are
independent. With p = .0520 for Pearson Correlation,
the availability of one’s e-mail address on the Internet
has a marginal influence on the amount of spam
received. However, if we eliminate two outlier
observations, ANOVA shows substantial influence.
Attitude towards spam.
As noted earlier, H5A (Spam is not a problem in the
company) received 137 responses with a mean of
4.408 with a standard deviation of 1.59. H5B (Spam
will not be a problem in the company in the future)
received 134 responses with a mean of 5.2 with a
standard deviation of 1.37. Given this view that spam
is to be more of a problem in the future, we
investigated potential influences on attitudes towards
spam.
To study whether age explains attitude towards
spam, we hypothesized as follows:
H6 postulated that age and perceived problem of
spam are independent. The Pearson Correlation gives
a p of .0346, showing dependence.
H7: Respondent’s age and whether spam will be a
problem in the future are independent as indicated by
a Pearson Correlation p of .2120
H8: Company size and amount of spam received
are independent since the Pearson Correlation yields a
p of .8239.
Working time and spam.
H9 held that the working time used for dealing
with spam and the amount of spam received are
independent. The Pearson Correlation p of .8180
supports this.
H10 proposed that the time used for dealing with
spam and the perceived problem of spam are
independent. This hypothesis is not supported. (The
Pearson Correlation p of .0076 suggested influence
between these two. Multiple regression and ANOVA
suggest there is strong statistical evidence that an
increase in time dealing with spam is associated with a
decrease in the expected value of the perceived
problem of spam)
Attitude towards anti-spam strategies.
H11 suggested that the amount of spam received
and the usefulness of the anti-spam strategies are
independent. This was supported, except in the case of
restricting Internet disclosure of email addresses (at
cut off with round off).
H12 postulated that the perceived problem of spam
and the usefulness of the anti-spam strategies are
independent. This hypothesis is supported, with the
exception of restricting Internet disclosure of email
addresses,
presenting
modified/invalid
email
addresses on the Internet, filters, and blacklists.
H13 suggested that the perceived problem of spam
in future and the usefulness of the anti-spam strategies
are independent. This hypothesis is supported, except
in the case of use of blacklists.
The role of Internet Service Providers and
legislation in fighting spam.
According to the respondents, Internet Service
Providers (average value on a 7-point Likert scale was
6.27; where 1 denoted 1 “overlook” and 7 “take
strong actions against the spammers”) and legislation
(average value on a 7-point Likert scale was 6.15)
alike should take strong action against spam.
3
Proceedings of the 39th Hawaii International Conference on System Sciences - 2006
Why spam will or will be not a problem?
Table 1. Volume and perceived problem of spam.
Standard
Deviation
(S)
145
Average
value on a
scale of 1
to 7
6.0
143
4.4
1.57
135
5.2
1.37
Number of
respondents
Has the volume
of spam been
increasing during
recent years?
Is spam
currently a
problem in your
company?
Do you think
that spam will
be a problem in
your company
in future?
1.32
As Table 1 suggests, 145 respondents see the volume
of spam as having increased considerably during
recent years, the average estimation on the 7-point
Likert scale being 6 (1 means that spam has
decreased, while 7 means that spam has increased
significantly). Recognizing this, it is interesting that,
as seen from Table 1, 143 respondents consider spam
to be a minor problem, the average value being close
to neutral. In this question, a value of 1 means spam is
not a problem, 4 is neutral, while 7 means that it is a
serious problem. However, the respondents believe
that in the future spam will be a problem, though not a
serious one, the average value being 5.2, where 1 is
“not a problem”, and 7 means “a serious problem”
(Table 1).
We asked respondents to provide further
information in the form of an open question as to why
spam will or will not be a problem in their company.
For this question, we received answers from 97
different respondents, of which 75 were Finns and 22
Americans. These answers can be placed into three
categories: reasons why spam will not be a problem,
reasons why spam will increase, reasons why spam
will be a problem. These reasons are discussed next.
3.2 Why spam is regarded as a problem
Table 2. Qualitative analysis of the reasons why spam
is regarded as being a problem in the future.
Category
Number of
respondents
Wastes time & human resources
28
Consumes technical resources
12
Malware
7
Reduces the use & reputation of
email and the Internet as a
communication medium
6
Complications of anti-spam
techniques
2
Frustration and anger
2
Wastes time and human resources. 28 respondents,
4 US and 24 Finnish, cited the waste of human
resources as the reason why spam will be a problem in
the future. A US respondent says:
“[it] consumes valuable staff time to deal with spam.”
Here the respondents consider that anti-spam efforts
require human resources and time, and this is time
“away from productive work”, as a Finnish respondent
puts it. Anti-spam activities also require updating the
software, e.g., filters, which takes time and resources.
In relation to this, it was also noted that dealing with
spam requires financial investments, such as
purchasing anti-spam techniques.
Consumes technical resources
12 respondents, of which 9 were Finnish and 3 were
from the US, considered that spam puts a strain on
computer and network resources:
“Spam adds unnecessary volume to our network and
server storage…” (A US respondent).
Malware. Seven (1 US and 6 Finnish)
respondents believed that viruses and other malware
programs spread through spam:
“The major problem with it [spam] is the viruses
spreading through it.”
Here the concern is that spam messages may contain
computer viruses, or that WWW-links in the spam
messages may point to websites containing viruses.
Either by opening messages or following links to sites
containing viruses, the users will receive the viruses in
their PC. Clearly, this causes several problems within
the company.
Reduces the use and reputation of email and the
Internet as a communication medium. Six Finnish
respondents considered spam to have a negative affect
on email and Internet use:
“it [spam] will take away the credibility of Internet
and email.”
According to our interpretation, these respondents are
concerned that increased spam results in emails not
being taken seriously. One respondent stated that
“email loses its true meaning, since real messages
need to be dug out from the mass of spam messages.”
Complications of anti-spam techniques. Two
respondents mentioned the complications of anti-spam
techniques as a problem. In particular, the deletion of
important messages was mentioned:
“We delete important messages by accident.”
4
Proceedings of the 39th Hawaii International Conference on System Sciences - 2006
new anti-spam techniques and activities will be
invented, and these will reduce the amount of spam.
The fourth Finnish respondent emphasized the fact
that co-operation between different parties will reduce
spam.
Here the issue is that anti-spam software may, for
example, delete important messages, or move these to
a spam folder.
Frustration and anger. Two Finnish respondents
believed that spam increases frustration and anger
among the employees who receive it: “spam messages
increase anger among workers.”
3.4. Why spam will increase
3.3 Why spam is not regarded as a problem
Table 4 presents the reasons as to why spam will
increase offered by the respondents.
Table 3 presents the qualitative analysis of the reasons
why spam is not regarded as being a big problem in
the future.
Table 3. Qualitative analysis of the reasons why spam
is not regarded as a big problem in the future.
Category
Table 4. Qualitative analysis of the reasons as to why
spam will increase
Category
Number of
respondents
New spam techniques
13
Users give their email addresses
5
Advertising and marketing through
web pages, and Internet use
4
Ineffective laws
2
Profitable and low-risk
1
Amount increases
1
Number of respondents
Effective anti-spam
techniques in use
20
Better techniques to protect
against spam
4
Effective anti-spam techniques in use. 8 Finnish and
12 US respondents (20 altogether) mentioned the use
of effective anti-spam techniques as the reason why
they do not see spam as a big problem. One Finnish
and two US respondents named the anti-spam
products they use successfully to fight spam, while 16
respondents did not reveal the exact technique they
used. Two Finnish respondents also mentioned the
culture and good compliance of end-user security
guidelines (forbidding users to give away their email
addresses) as another reason why they do not receive
much spam (and hence, spam is not a problem at the
moment). One Finnish respondent estimated that their
good situation with respect to spam stems from the
fact that their email addresses are not available on
their company website. One Finnish respondent
suggested the use of multiple solutions, from filters to
black and white lists, as being the key to avoiding
spam. One Finnish respondent saw the updating of
filters as the key way to avoid spam. Along those
lines, a US respondent described this situation:
“The filtering and blocking we are doing does a pretty
good job. A year ago I never got any spam at work.
Now I am getting a few each day so the filtering and
blocking becomes less effective as spammers find
ways around the systems.”
Better techniques to protect against spam.
Responses in this category (4 respondents) expressed
the view that spam would not be a big problem in the
future, since anti-spam activities will be improved in
the future. Three Finnish respondents mentioned that
New spam techniques
Six US and seven Finnish respondents believed that
spammers will improve their spam techniques. As a
result, spam will be a big problem in the future. One
Finnish respondent mentioned that spammers are able
to make messages and their subject fields look more
and more like subject fields in real messages.
Consequently, anti-spam techniques have difficulties
finding such spam messages, and users may open
these messages by mistake (by regarding these as nonspam messages). Moreover, two US and three Finnish
respondents stated that anti-spam mechanisms will
always lag behind spam techniques. A US respondent
describes this situation:
“Spammers and anti-spam solutions will continue to
battle and the [spam problem] will continue to exist.”
Users give their email addresses
One US and four Finnish respondents considered that
users feed their email addresses too easily into
different websites:
“Users give/write their email addresses everywhere
[on the Internet], against company policies.”
These email addresses end up with spammers, who
use them for spamming purposes.
5
Proceedings of the 39th Hawaii International Conference on System Sciences - 2006
Advertising and marketing through web pages,
and Internet use
Two Finnish respondents took up the issue that
companies advertise on their web pages: “Companies
use the Internet more and more [e.g., advertisements
on the company’s website] to advertise and to inform
[customers] about their products.” Email addresses are
available in these advertisements. As a result, spamharvesting programs can find the email addresses, and
add these addresses to spam lists.
Similarly, one Finnish respondent believed that
increasing use of the Internet will increase one’s
exposure to spam. Additionally, one respondent saw
increased use of email as the main cause of spam.
Ineffective laws
One Finnish and one US respondent were skeptical
about the effectiveness of legislation in stopping
spam. While they did not provide any information on
why they reached this conclusion, we assume that it
may be because stopping spamming would require
international laws, since spammers can always send
spam through servers outside of those countries
banning spam.
Profitable and low-risk
One US respondent believed that as long as spamming
is a profitable and low-risk activity, spammers will
find ways to send spam. In our interpretation,
according to this respondent, this is the reason why
spammers send spam. Consequently, by making
spamming less profitable and more risky, we would be
able to reduce spam.
3.5 Use of anti-spam techniques
The most used anti-spam techniques were filters (74
%), closely followed by letting the users themselves
delete spam messages manually (73 %), restricting the
disclosure of email addresses on the Internet (70 %),
blacklists (62 %) and presenting modified/invalid
email addresses on the Internet (50 %). Complaining
to the spammers was tried by 35 % of the respondents,
while the respective figure for complaining to Internet
Service Providers was 34 %, and use of white lists
was 31 %. Block-out lists (29 %), legal action (25 %)
and displaying email addresses in the form of a picture
(21 %) were the least-used anti-spam techniques.
Table 5 summarizes these results.
Table 5. Use of anti-spam techniques.
Techniques
Filters
Letting
the
users
themselves delete spam
messages manually
Frequency
114
112
Percentage
74
73
Restricting the disclosure
of email addresses on the
Internet
Blacklists
Presenting
modified/invalid
email
addresses on the Internet
Complaining
to
the
spammers
108
70
96
77
62
50
54
35
Complaining to Internet
Service Providers
White lists
52
34
48
31
Blocking opt-out listed
persons who do not want
to receive spam
Legal action
44
29
39
25
Displaying
email
addresses in the form of a
picture
Some other method
33
21
33
21
27 respondents (14 Finnish and 13 from the US)
commented on these techniques. While 17
respondents provided more information on the
techniques they use (and can these techniques be find
from the list below), 9 respondents listed additional
means not found in the list above (the list seen in
Table 5). These were: introduction of user education
and policies (2 respondents), changing the domain
name of the company (1 respondent), not sending
emails to “no mail” lists, since the spammers see that
the address is active (1 respondent), introducing a fee
for sending email (1 respondent), authenticating the
sender or source of the message (1 respondent),
removing all .exe files from incoming emails (1
respondent) and blocking messages from those
domains that send a lot of email to the company
though the company does not send email to these
domains (1 respondent).
3.5
Anti-spam
usefulness
techniques
perceived
The most useful of anti-spam techniques were filters,
blacklists, restricting the disclosure of email addresses
on the Internet, and presenting modified/invalid email
addresses on the Internet. White lists, displaying email
addresses in the form of a picture and letting the users
themselves delete spam messages manually were
regarded as quite neutral. Complaining to spammers
was seen as the least useful method, followed by
complaining to Internet Service Providers and taking
legal action.
6
Proceedings of the 39th Hawaii International Conference on System Sciences - 2006
Table 6. Usefulness of the different anti-spam
techniques.
Techniques
Frequency
S
Filters
Blacklists
Blocking opt-out
listed persons who
do not want to
receive spam
Displaying email
addresses in the
form of a picture
Restricting the
disclosure of email
addresses on the
Internet
Presenting
modified/invalid
email addresses on
the Internet
White lists
Legal action
Some other method
114
96
108
Average
effectiveness
for those
using the
technique
4.9
4.8
2.9
33
3.9
1.24
108
4.5
1.73
Complaining to
Internet Service
Providers
Letting the users
themselves delete
spam messages
manually
Complaining to the
spammers
1.37
1.67
1.56
77
4.4
1.37
48
39
33
4.1
2.9
5.4
1.70
1.45
1.36
52
2.8
1.25
112
3.8
1.56
54
1.7
1.30
We also asked respondents to comment on the
techniques presented in Table 6. 24 respondents
commented on these techniques. 2 Finnish
respondents suggested restricting the disclosure of
email addresses on the Internet. One said that while
such restriction of disclosure of email addresses is a
good way to avoid spam, it cannot be used in all
cases. The other respondent shed some light on why
this might be so: organizations need to put some email
addresses on their website, including the email
addresses of their postmaster or webmaster.
Five (3 Finnish and two US) respondents
commented on filters. All five respondents stated that
filters also filter legitimate emails. One Finnish
respondent said that this problem occurs with
international emails in particular. One Finnish
respondent also mentioned that filters filtering
messages by finding certain spam words are too time-
consuming to maintain. One US respondent
commented on this problem by saying that “the
balance between blocking spam and creating false
positives is difficult to achieve.”
In relation to this, three US respondents and one
Finnish respondent mentioned that spammers change
their methods regularly, and that this makes anti-spam
activities difficult, as a US respondent writes:
“Spammer technology is getting too good for this to
be useful; they are now injecting fragments of Mark
Twain or other writing” (a US respondent).
Here the concern is that spammers make spam
messages look like legitimate mails with the result that
automatic anti-spam filtering does not work properly.
Another respondent saw a similar problem in the use
of other techniques, as well:
“What worked very well a year ago is showing some
signs of compromise today. Spammers are getting
smarter by changing their source addresses to look
different every time they send and resend a spam. It
makes address blocking less effective” (a US
respondent).
In the above passage, the respondent sees that by
changing their source addresses, spammers make
blocking based on the address of the sender less
effective. The same phenomenon is perceived in the
case of blacklists and white lists:
“Blacklists and white lists work best but spammers
have adapted and are able to ‘get around’ those means
of reducing spam” (a US respondent).
Moreover, one Finnish respondent hopes to see
improved spam filters in the future, while a US
respondent hopes that sender authentication and
sender reputation technologies will affect the spam
problem in a positive way. One Finnish respondent
reported that in his/her organization, 99% of spam can
be tackled by using a combination of several
techniques: filters, blacklists, white lists and restricted
disclosure of email addresses.
Some respondents also believed that Internet
Service Providers should increase filtering, before the
spam gets into the company’s network (2 Finnish
respondents). One of these respondents was also
skeptical about the role of legislation. One Finnish
respondent mentioned that users delete the spam
messages which are not recognized by spam-filter
software.
3.7. Future anti-spam preferences
Filters were listed as being the most common antispam technique in the future. Blacklists were in
7
Proceedings of the 39th Hawaii International Conference on System Sciences - 2006
second place, followed by opt-out lists, displaying
email addresses in the form of a picture, restricting the
disclosure of email addresses on the Internet,
presenting modified/invalid email addresses on the
Internet, and while lists. The fourth and third favored
techniques were legal action and complaining to
Internet Service Providers. Letting the users
themselves delete spam messages manually was the
second-least favored anti-spam technique for the
future, whilst complaining to the spammers was the
least preferred technique for the future.
Table 7. Future anti-spam preferences: frequency and
percentages.
Techniques
Frequency Percentage
Filters
Blacklists
Blocking opt-out listed persons
who do not want to receive
spam
Displaying email addresses in
the form of a picture
58
31
26
38
20
17
26
17
Restricting the disclosure of
email addresses on the Internet
25
16
Presenting
modified/invalid
email addresses on the Internet
25
16
White lists
Some other method
Legal action
Complaining
to
Internet
Service Providers
Letting the users themselves
delete spam messages manually
25
16
15
12
16
10
10
8
10
6
Complaining to the spammers
6
4
Some other methods (are there some other methods
that could or should be used to minimize spam?)
included qualitative answers by 32 respondents, which
suggested seven categories (Table 8).
Table 8. Other methods that could or should be used
to minimize spam.
Category
Number of
respondents
Improvement of technical infrastructure
and methods
9
Development of new laws
6
A fee and/or registration for sending
email
4
User awareness and restrictions
4
Bigger role of ISP
2
Use of cryptographic methods
2
Other: use of Scandinavian characters,
action by Microsoft, focus on operators
that do not take spammers seriously
These seven categories, capturing respondents’ views
on other methods that could or should be used to
minimize spam, are discussed next.
Improvement of technical infrastructure and
methods
The respondents believed that technical
infrastructure should be improved (9 respondents).
For example, a Finnish IT manager wrote:
“SMTP needs to be improved. The credibility of
email and the whole Internet has suffered dramatically
[due to spam].”
Four respondents suggested that RMX records or
caller-id for email should be used. For example, a US
respondent stated the following view:
“RMX records added to the DNS specification, a
“Reverse-Mail-eXchanger” record, would allow
servers to positively identify whether the current
sender is ALLOWED to send email on behalf of the
user they are CLAIMING to be sending from…”
Development of new laws
In the category “development of new laws”, the
respondents suggested that international laws should
be established to fight spam (2 respondents), and one
respondent mentioned the introduction and
enforcement of legislation in general. Moreover, three
Finnish respondents believed that US legislation
should prohibit the sending of spam, as the following
passage shows:
“Spam [should be] regarded as a criminal offence,
especially in the USA”.
These three views are explained by the fact that
these three Finnish respondents considered most spam
to originate in the US.
A fee and/or mandatory registration for
sending email
In this category, four respondents suggested that
emails should be chargeable, with, as a Finnish
respondent said:
“a small fee for [sending] emails”.
This would reduce spam, since it would not be
feasible to send spam. As a US respondent put it: “We
have money; spammers don’t.” One respondent
8
Proceedings of the 39th Hawaii International Conference on System Sciences - 2006
suggested that the price could be one cent per email.
While the others (3 respondents) did not propose an
exact amount, they suggested that the amount should
be small.
User awareness and restrictions
Three Finnish respondents considered user
negligence to be a cause of spam, as the following
quote suggests:
“Users should not use the email address of the
company to register [with different services on the
Internet]”.
Here the respondents believe that users reveal their
email address too freely to different websites, and that
this information ends up with spammers. To minimize
this activity, two Finnish respondents suggested user
education, while one US respondent requested
stronger actions in restricted employees’ access to the
Internet.
Bigger role of ISP
In this category, three respondents called for
Internet Service Providers to take a bigger role in
minimizing spam. As a US respondent writes:
“ISPs should be a bigger part of the solution in the
case of spam…”
Additionally, one Finnish respondent also
suggested that other operators should try to block
those Internet Service Providers who allow spammers
to send spam.
Use of cryptographic methods
Three respondents (one from Finland and two
from the US) proposed the use of cryptographic
techniques to cope with spam.
“… Encryption will need to be incorporated into
email soon ... That, in my opinion, is the only way to
slow spam down or kill it completely” (a US
respondent).
Other
The category “other” included: the use of
Scandinavian characters, anti-spam action by
Microsoft, and pressure on operators that do not take
spammers seriously. However, one respondent
believed IP scanning to be a more common and
problematic phenomenon than spam.
One respondent also suggested that spam should
be dealt with by laws or at the ISP level only after the
receiver has refused to receive the spam.
4. Discussion
4.1 Reliability and limitations of the study
In qualitative studies, reliability is an important issue.
The qualitative data that the respondents provided
comes directly from the respondents. As in the case of
text analysis in general, the authors have not in any
way changed the respondents’ answers. Given this, the
question of reliability in this paper relates to the
categorizations and the interpretations made
(Silverman, p. 148). To address the issue of reliability
regarding the categorizations and the interpretations
made, we have provided citations from the
respondents’ answers.
The study is subject to typical limitations. The
sample size with respect to the US data is small. The
qualitative answers, while adding important
information not captured by the quantitative survey,
are relatively short, and lack the deep insights which
could be captured by interviews.
4.2 Implications for practice
For practitioners, the results of this study suggests that
filters, blacklists, restricting the disclosure of email
addresses on the Internet, presenting modified or
invalid email addresses, and white lists are the most
effective anti-spam strategies, in this order. Insights
from the qualitative data indicate that a combination
of these techniques should be used. The qualitative
data also reveals that anti-spam methods, such as the
use of filtering, require careful effort in monitoring
and updating. The former is required to ensure that
important and welcomed business-related messages
are not deleted or moved to spam folders. The latter is
necessary because, since spammers seem to improve
their spamming strategies to avoid filters and other
anti-spam techniques, companies are constantly
required to update their anti-spam strategies.
5. Conclusions
While spam is regarded as a key problem for both
companies and ordinary computer end-users, little is
known about how spam actually affects companies in
reality and which anti-spam techniques have been
found most useful in practice. In order to address
these issues, we explored the 500 biggest companies
in the US (n=44) and Finland (n=101). The research
instrument was a quantitative and qualitative survey.
According to the respondents (n=145), 81.6 % of all
email traffic is spam, and respondents use 13 minutes
of their daily working time to deal with spam.
Respondents held the unanimous view that spam will
increase in the future, because of (i) new spam
9
Proceedings of the 39th Hawaii International Conference on System Sciences - 2006
techniques used by the spammers, (ii) careless users
who reveal their email address too easily, (iii)
advertisements on the web page of the company, and
(iv) ineffective laws. However, despite these figures,
while the respondents believe that spam will be a
small problem in the future, they currently have a
neutral attitude towards spam. Qualitative answers
revealed that the waste of money and human
resources, the consumption of computer and network
resources, the risk of malware and viruses and the
reduction in the reputation of email as a
communication method were seen as the reasons why
spam was regarded as a problem, according to the
respondents. In turn, the reasons why spam is not
perceived as a problem related to the effective antispam techniques used by these respondents. In terms
of these techniques, filters, blacklists, restricting the
disclosure of email addresses, presenting modified or
invalid email addresses, and white lists were seen as
the most effective anti-spam methods, in this order.
Complaining to the spammers was regarded as the
least effective method. Filters were the most
commonly-used technique, letting the users delete
spam manually being the second-most common, and
restricting the disclosure of email addresses was in
third place. Finally, the respondents wished for
improvements in technical infrastructures to deal with
spam, and stated unanimously that Internet Service
Providers and legislation should take strong actions
against spam.
This study analyzed spam on rather a limited time
interval (the 2004 spam environment). Rapidly
evolving spammer techniques and spam blocking
techniques provide a rich opportunity for continued
research, which also study the spam trend within a
longer interval of time.
.
[5] Kotulic, A.G. and J.G. Clark “Why There Aren’t More
Information Security Research Studies” Information &
Management, Vol. 41, (May, 2004) pp. 597-607.
[6] Lazar, J., and Preece, J. (2003). Spam, Spam, Spam,
Spam: How can we stop it? Proceedings of the ACM CHI:
Human Factors in Computing Systems 2003 Conference,
706-707.
[7] Goodman, J. T. & Rounthwaite, R., (2004) Stopping
outgoing spam. ACM Conference on Electronic Commerce
2004: 30-39
[8] Goodman, J., (2004) Filtering, Stamping, Blocking,
Anti-Spoofing: How to Stop the Spam. LISA 2004.
[9] Silverman, D., (1997), Interpreting Qualitative Data:
Methods for Analyzing Talk, Text and Interaction. SAGA
Publications, UK.
[10] Grimes, G. A., Hough, M. G., & Signorella, M. L.
(2003). User attitudes towards spam in three age groups.
ACM Conference on Universal Usability, Vancouver,
Canada.
[11] Postini (2005). Email Security for Small Businesses:
What’s the Right Solution For You? Retrieved from
http://www.myspamfilter.com/whitepapers/SMB_WP.pdf
on 9/11/2005
10. References
[1] Clifford, M., Faigin, D., Bishop, M., & Brutch, T.,
(2003), Miracle Cures and Toner Cartridges: Finding
Solutions to the Spam Problem. Proceedings of the 19th
annual computer security applications conference (ACSAC
2003).
[2] Cranor, L.F. & LaMacchia, B.A. (1998), Spam!,
Communications of the ACM, Vol.41, No.8, Aug., 74-83.
[3] Fawcett, T., (2003), "In vivo spam filtering: A challenge
problem for data mining”. KDD Explorations vol.5 no.2,
Dec., pp.140-148.
[4] Jung, J. & Emil, S., (2004), An Empirical Study of
Spam Traffic and the Use of DNS Black Lists. In the
Proceedings of Internet Measurement Conference,
Taormina, Italy, October.
10