THE MAGAZINE

Web Sites Provide Rich Harvest for Spammers

By Peter Piazza

If your e-mail address is posted on a Web site, the chances of it being “harvested” by a spammer are much greater than if the address appears on a blog, on a message board, or in a chat room.

That’s one finding from a study conducted by the Federal Trade Commission (FTC), whose investigators created 150 e-mail accounts—50 with an Internet service provider (ISP) that does not use antispam filtering, and 50 each at two other ISPs that do filter for spam—to learn more about how to reduce spam. The investigators posted sets of three of these addresses (one from each of the ISPs) on 50 Internet locations, including FTC-run Web sites, popular message boards and blogs, chat rooms, and USENET groups.

All of the chosen sites had high numbers of visitors. To ensure that the addresses could only be collected by automated harvesting programs, the addresses were given the same color as the page background so that they could not be seen by human visitors.

After two weeks, staff counted the number of spam messages in each mailbox. The unfiltered addresses received 2,129 pieces of spam; three weeks later, the number rose to 8,885. By contrast, one of the filtered addresses received 469 messages after two weeks; the other, 95. After five weeks, these accounts received 1,208 and 422 messages respectively.

This “demonstrates the relative effectiveness of the two ISPs’ spam filters,” write the researchers, and should encourage more ISPs to employ such measures.

FTC staff also created four “masked” addresses (such as ppiazza at asisonline dot org) and posted them alongside four unmasked addresses on four popular Web sites to see if automated harvesting programs could decipher obfuscated addresses. After five weeks, the four masked addresses received only one piece of spam, while the others tallied close to 6,500.

The researchers discovered that more than 99 percent came to the addresses posted on unrestricted Web sites. They attributed proactive measures taken by blog and chat-room moderators to block automated harvesters from finding e-mail addresses for the disparity, such as requiring members to copy a randomly generated set of characters into a text box to ensure that they are human visitors, not address-collecting programs.

They also note that the “relative effectiveness” of the spam filters in use at the two ISPs “suggests that anti-spam technologies may be dramatically reducing the burden of spam on consumers.”

@ E-mail Address Harvesting and the Effectiveness of Anti-SpamFfilters, a report by the federal trade commission’s division of marketing practices, is at SM Online.

AttachmentSize
ftc_spam0206.pdf248.65 KB

Comments

 

The Magazine — Past Issues

 




Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.