Trends Post #7 on Why Spam Filters Suck “trickle blog” series By Desmond Liao | 2 minute read Slowing Things Down The problem is, typical email systems work in a queue. This means that high spam traffic clogs your network and crowds out legitimate mail. Botnets pour messages into your network, and mail servers receive the messages as quickly as they can. Next, the spam filter analyzes and tries to filter out any messages that appear to be spam. Filters are effective at separating spam from email but do nothing to stop the rising volume of SMTP connections hammering the server. When spam traffic rises, the server becomes overloaded and results in delivery delays for all email, similar to how a backlogged exit ramp can impede the flow of traffic on a highway during peak hours. Today, Internet facing email servers accept thousands of emails per minute. As spam volume increases, so too does the CPU required to process all that mail. The blunt solution is to scale hardware to keep up with volume but this is a one-to-one cost — the more volume, the more servers are needed. The fact is spam filters aren’t getting a whole lot more accurate, and it certainly doesn’t help that blocking spam is a reactive approach — a sender needs to be identified first before rules or signatures are updated. Filters will always be playing catch up with the spammers. If you block based on reputation, what do you do when a new spam campaign breaks out and the sender has never been seen before? What is needed is a way to get rid of the spam and prioritize legitimate mail without having to receive all the messages first or know who the bad senders are before hand. To use the highway analogy, what if you could put good senders in an express lane and the spammers in the slow lane so that legitimate email can be delivered first? NEXT: Post #8 Dealing a Blow to Spammers PREVIOUS: Post #6 Blocking Spam in 2008