The Guardian Angels of E-Mail


Headphones on, Kelly Conley sits quietly tapping away at her computer. Except for the view -- a sweeping vista of San Francisco's Bay Bridge -- Conley could be any high-tech worker keeping a low profile in the midst of her industry's prolonged bust. But this is not just any office. And Conley is not just any high-tech drone. She's the manager of antispam outfit Brightmail's Logistic Operations Center, or BLOC as it's known. She and her team of about 37 have what many would consider the worst tech job in the world: Reading spam.

Though every computer user complains about spam -- that unsolicited junk e-mail that crowds inboxes with their pitches for everything from Viagra to cheap mortgages -- it's usually pretty easy to tell it apart from legit mail. And all people have to do is hit the delete key. Cleaning out an inbox takes the average person only a few minutes each day. By contrast, Conley's job is to read, analyze, and categorize every new spam that's received by Brightmail's Probe Network, 1 million e-mail accounts specially designed to attract wily spammers.

SORTING THROUGH THE JUNK. She examines the headers -- the To and From lines -- and the route the message has taken across the Internet. She eyes the message, looking for things not apparent to the average reader: Is there an invisible graphic in the first line of text? Does the message offer a way to opt out but not provide any way to do so? On average, Conley says she reads 200 to 300 spam messages per eight-hour shift. Her analysis helps Brightmail to design spam filters that block unwanted junk e-mail for 50 Internet service providers, including MSN Hotmail and a growing number of large corporations. In July alone, Brightmail sorted through 61 billion e-mails.

Reading spam all day might seem like a nightmare to the average computer user, but for Conley it's fun -- and rewarding. Conley, 32, started at Brightmail in 1999 after realizing she would never be able to stay in the Bay Area on the salary of a special-education teacher. Today, she sees herself as a superhero of the Internet Age, stopping evil spammers from scamming innocent grandmas and bringing down corporate e-mail servers. After working the last four Thanksgivings as well as months of graveyard shifts, she still loves her job. For example, she can now recognize certain spammers on sight. Her favorite: The one who mails out hundreds of thousands of pleas for contributions to his time-warping moon-crystal collection.

The BLOC team, an under-35 crowd of information technology grads, videogame nuts, even a former employee of the local Starbucks, helps to keep things interesting. Late at night, BLOC employees have marathon chair races around the office. Sometimes, they use binoculars to spy on night owls -- but more often the cleaning staff -- in the building across the street. "It can get pretty crazy in here," she giggles.

RECRUITING SPAM FIGHTERS. According to Palo Alto-based research firm the Radicati Group, corporations will receive 26.8 billion spam messages each day in 2003. If left unchecked, the worldwide cost of dealing with spam will grow from today's $20.5 billion to $198 billion in 2007. It's no wonder so many outfits are following Brightmail's lead. For example, antivirus concern TrendMicro (TMIC) employs 400 people in Quezon City, Philippines, many of them dedicated exclusively to tackling spam. The antispam team receives and analyzes 30,000 messages every 24 hours. Brightmail recently hired 10 new spam fighters in Dublin, Ireland, to work the 11 p.m. to 7 a.m. PST shift (see BW Online, 6/10/03, "Before Spam Brings the Web to Its Knees".)

More than 10,000 spam messages are delivered to Brightmail's network of fake e-mail accounts each hour. To catch spam, its interface lets Conley sort messages based on categories -- adult, financial, scams, health, etc. A message entitled "Our No Fuss Italian Favorites" raised suspicion until a closer examination revealed that it was sent by cable channel The Food Network. A lucky (or unlucky, depending on how you look at it) BLOC employee might spend a day or a week tracking adult spam and writing software rules to prevent it from ending up in your inbox.

Employees also search the BLOC's network by "age" -- whether the junk e-mail was received in the last minute, hour, or day -- or "missed messages" -- how many of the suspicious messages are making it through current Brightmail filters. If the ratio is too high, the BLOC checks the spam out to see what trick the spammer is using to slip through the net. One message with the mysterious subject line "Austroiparian" was caught 10,376 times -- but 126 messages still slipped through.

RANDOM DODGER. The most likely cause: So-called randomization software that spammers use. This adds a little gobbledygook to the end of a subject line or body text, making each message unique, and therefore harder for Conley and her cohorts to write blanket rules to reject spam. If you've ever received a message with a subject line something like "Debt Reduction 2385DJ," that's randomization. Adding the addition can confuse the software filter, necessitating more complex rules.

Since spammers change tactics so rapidly, most of the rules Conley and her cohorts write automatically disappear from the Brightmail system within 72 hours. A rule that blocks the words "free porn," for example, might be classified "immortal," meaning that it stays on the books for good. Brightmail sends out new rules to its ISP and enterprise clients every 10 minutes. Currently, more than 50,000 rules are active. Brightmail also has developed technology to strip out randomization and help spam fighters see the essential pieces of a message and highlight similarities that might indicate it's from one spammer.

Exploiting human intelligence to win the spam wars isn't everyone's solution. At MailFrontier, a Palo Alto startup that has just received $10 million in second-round venture funding, engineers are trying to create a totally automated solution. Using an 18th century mathematical theory, MailFrontier's software tries to "get to know" your machine and personal preferences, rather than one-size fits all filters (see BW Online, 7/31/01, "The Ghost in the Machine".) The goal: An insurance company employee will still get e-mails about low mortgage rates, which are likely to be legitimate business correspondence, but not ads for herbal supplements. At an alternative-health business, the software might learn to do the opposite.

PREDICTING SPAM TRENDS. Tomorrow's automated future still needs human intervention today, however. That's why MailFrontier hired Australian Jon Oliver as chief spam fighter. (Yes, that's his official title.) Oliver spends his days devising spam messages he believes might beat MailFrontier's software, then testing his thesis. A few months ago, for example, Oliver began sending spam with no text or links, just an embedded graphic or photo, which can double the size of a message. Since most filters look for commonly used words like "Viagra" or links to servers known to send out spam, Oliver's spam wasn't blocked. Within months, Spamhaus, a nonprofit organization that tracks the Internet's worst spam gangs, reported that several spammers were using just this trick. Oliver also devised ways to send -- and catch -- messages that make sense to the human eye but not a spam filter. For example, he sent messages advertising Viagra but spelled it "V|/-\GR@."

MailFrontier's strategy is radically different, but like Brightmail's BLOC employees, Oliver feels an enormous sense of purpose. "Spam is making people's lives hell, and we're their guardian angels," he says.

Creating e-mail heaven, however, won't be easy. It's rare for a spammer to be brought to justice. And with spammers free to send again, the onslaught continues -- and continues to grow. More than 50% of e-mail is now junk, according to Brightmail, up from 16% in January, 2002. Spam fighters, however, remain undaunted. "It's O.K. that we don't catch them," says Conley. "If we did, we'd be out of a job." By Jane Black in New York


Soul Searcher
LIMITED-TIME OFFER SUBSCRIBE NOW

(enter your email)
(enter up to 5 email addresses, separated by commas)

Max 250 characters

 
blog comments powered by Disqus