• PC World
• »Software
• »Browsers & Add-Ons

New technology from IBM is designed to stop spam by identifying the Internet domain it came from, and can help spot online scams such as phishing attacks and e-mail spoofing.

The company this week announced the release of FairUCE, or "Fair use of Unsolicited Commercial E-mail" for the company's AlphaWorks advanced technology program, citing a newly released IBM survey that found spam is 76 percent of all e-mail and may cost U.S. companies $17 billion to fight this year. The technology uses identity management features to link inbound e-mail back to its original IP (Internet Protocol) address, establishing a connection between an e-mail message, the Internet domain, and the computer from which the e-mail was sent, IBM says.

AlphaWorks is a program that distributes technological innovations to developers around the world who sign on as "early adopters" of technology developed by IBM's global research labs. FairUCE will allow AlphaWorks software developers and third-party vendors to build more effective spam filtering technology, IBM says.

Early Version

IBM researchers acknowledge that FairUCE is not a full-blown antispam product, only an early version of technology that could one day be used in the marketplace.

"We'd like to see whether early adopters consider the technology an innovative approach to handling a massive problem," says Mark Goubert , manager of AlphaWorks. "We want to find out how innovators and early adopters would use it in their environments and get their feedback."

FairUCE software runs on e-mail servers. It pulls IP address out of e-mail messages, then compares those against one or more databases of known spammers, says Goubert.

Unlike many spam filtering technologies, which use message content to determine whether an e-mail message is spam, FairUCE links inbound e-mail back to IP addresses. That allows IBM to spot messages from compromised, or "zombie" computers, as well as legitimate e-mail servers, IBM says.

Identifying IP Addresses

Other logic built into the technology allows FairUCE to weed out good and bad IP addresses from large Internet service providers like Yahoo, so that not all mail from those domains is blocked. The product can also flag e-mail from servers based on "longevity"--how long the sending server has been online, Goubert says.

Recent data from e-mail security company CipherTrust suggests that e-mail "bad senders" frequently use new IP addresses, which may not be listed in databases of known spammers. Traffic from those machines is often attributed to zombie PCs that go on and offline frequently.

IBM cites results from its February 2005 Global Business Security Index report to support FairUCE. The company's Security Intelligence Services found that about 75 percent of e-mail was spam, and that one of every 46 e-mail messages carried a virus, Trojan horse program, or other malicious content, the company says.

The cost to U.S. organizations of fighting spam has risen sharply in the last two years, from approximately $10 billion in 2003 to an estimated $17 billion in 2005, IBM says. Lost productivity from workers who must sort through the reams of spam e-mail, inconveniences caused by legitimate mail that is incorrectly labeled as spam and blocked, and calls to corporate help desks are major sources of spam-related expenses, IBM says.

FairUCE is available through IBM AlphaWorks and can be downloaded from the company's Web site.

Other companies, including Microsoft and Yahoo, have proposed technology to weed out spam by checking the source of inbound e-mail, which is sometimes referred to as "sender authentication."

Microsoft's Sender ID technology framework, for example, closes loopholes in the current system for sending and receiving e-mail that allow senders--including spammers--to fake, or "spoof," a message's origin. With Sender ID, organizations publish a list of their approved e-mail servers in the domain name system. That record, referred to as the sender policy framework record, is then used to verify the sender of e-mail messages sent to other Internet domains using Sender ID.