The society, which operates out of the University of Ottawa,
was finding that as much as 80 per cent of the e-mail its members received was spam.
There are approximately 1,000 members at the CMS, made up mostly of mathematics professors across the country, but also students, institutions and others in the field. Alan Kelm, the web services manager at the CMS, is glad the organization decided not to provide all its members individual e-mail accounts, considering the problem. But there are approximately 120 CMS e-mail addresses for certain members like the editorial boards that publish the society’s journals.
“”There were probably around 1,000 messages per day going through. Some of those would be sent to multiple people, but it was increasing at an alarming rate,”” said Kelm. “”I think between March and May (2003) it roughly doubled. This was a serious phenomenon, because it was almost making it impossible to work for the person who managed the mail.””
Kelm said the society considered just using the University of Ottawa’s spam filters, but they proved inadequate. The university’s system filtered e-mail based on a series of keywords. One of them happened to be “”credit card.””
“”We felt that this was irresponsible,”” said Kelm. “”We could imagine legitimate e-mail containing some of these things. Some of our members pay their membership through a credit card.””
Though it has probably been upgraded by now, said Kelm, another problem with the U of O system was that it would reject mail that it considered spam rather than bounce it back to the sender, “”so the sender didn’t know if it was getting through and the recipient didn’t know it was sent.””
The CMS started working on its own filtering system, said Kelm, but then found that Roaring Penguin’s CanIt operated on many of the same principles. The society installed the software in May 2003 and noticed a dramatic drop in the amount of spam that was getting through.
By the fall, however, in-boxes were choked with it again. “”Spam was again a serious problem,”” said Kelm. “”The reason was the spammers are constantly upgrading their spam software. The spammers had found a way around the content filtering, so a lot of it was getting through.””
The CMS installed a CanIt upgrade in November, which seemed to rectify the problem, said Kelm, and there have been no major incidents since.
Roaring Penguin has to release upgrades on a regular basis in order to stay ahead of the spammers, said the president of the Ottawa company, David Skoll. The company also e-mails its customers with suggestions of how they can add new parameters to their installed CanIt software.
One of the most recent spam tricks is to list a string of unrelated, and often quite obscure, words in the subject line. CanIt should be able to handle that, said Skoll. “”Almost never in a real mail do you get 10 lower case words longer than four letters each with no punctuation — so that one’s fairly easy to detect.””
He added that the software can make certain predictions about the kind of spam that might be coming next by examining e-mail flow and seeing what was accepted or rejected in the past.