Millions of emails are sent every day - work email, newsletters, messages from friends. But bubbling just under the surface of all that welcome communication is a massive volume of unsolicited email, what we often refer to as spam. These emails are often harmless, albeit annoying, but some are sinister, sent by criminal gangs hoping to ensnare the user and exhort money.

And the system that distributes spam is a lot bigger and more systematic than you might think. Compromised domestic and industrial computers are used to create botnets, which systematically pump out alarming amounts of spam. (One botnet, the Grum botnet, sent as much as 18 percent of all Internet spam at one point.)

As big business has stepped up to take control of the time-sapping, and sometimes dangerous, problem of spam, the to and fro of how much spam actually reaches end users has fluctuated. In 2009, one Microsoft report suggested that spam levels had exceeded an astounding 97 per cent of all email sent. Let's hope that's the high water mark. In the meantime, the technology industry has made significant advances in how spam is mitigated. Here are some the key technologies designed to protect users.


One of the more established methods of filtering unsolicited emails is nothing short of genius. It's known as graylisting, and you might say it falls somewhere between whitelisting and blacklisting. Employing the assumption that most spam is sent from compromised computers that only have a limited window before they are reclaimed by their owners, graylisting makes impatient SMTP senders wait before successfully being able to deliver email. By doing this, the recipient email server sorts the wheat from the chaff and rejects any sender that returns too soon. These eager senders are marked as illegitimate because legitimate email senders would happily wait a little longer to attempt delivery.

Heuristic Filtering

Another useful and popular approach used by several anti-spam solutions is heuristic filtering. It works by subjecting each inbound email to thousands of predefined rules. Some of these rules might relate to the sender, others to the body of an email or its subject line, while still others might look at whether an image is attached. The word heuristic simply means speculatively learning by trial and error, and some heuristic filtering solutions adapt over time in a dynamic fashion rather than just sticking to static, user-defined rule sets.

User-Based Spam Mitigation

Firmly placing the responsibility back into the hands of the email recipient, there are popular methodologies that rely almost solely on a user manually marking messages as spam. These solutions tend to learn from the user's actions and create rules based on the database of historical email transactions. These rules are then applied to each new inbound message. This approach is effective but simple mistakes can cause a user to block emails from an entire domain name without realizing it. Plus, depending on the volume of spam received, this method can be time-consuming for users.

Sender Policy Framework

A commonly used spam mitigation technique is called the Sender Policy Framework (SPF). It uses DNS announcements to stop spam. SPF can explicitly list authorized SMTP email machines per domain name that recipients should trust as genuine. Because it requires relatively little effort to deploy, its popularity has continued to grow and ostensibly at least, SPF is making notable headway in the battle against spam.

DomainKeys Identified Mail

Adopting a cryptography approach, DomainKeys Identified Mail (DKIM) also uses DNS records to provide recipients with a way of identifying where an email came from. The recipient of an email uses DNS to look up the signer's public key. A signature is attached to each email, and each signature can be compared to the public key for authentication. Originally developed by Yahoo, DKIM is a widely adopted standard that continues to be under development.

Is This the End of Spam?

Advancements in anti-spam techniques frequently help reduce the volume of unsolicited emails on the Internet. Many of the large email providers appear to have adopted several of the known techniques in varying combinations in order to achieve the desired levels of spam reduction. One or two of the largest players appear to have all but resolved the spam problem, leaving their less technically-minded users blissfully unaware of the substantive levels of filtering taking place behind the scenes each time an email is delivered to their inbox.

Although email is likely to continue to be subjected to spam for years to come as spammers evolve to keep up with new spam mitigation technology, modern techniques at least make it possible to reduce spam to acceptable levels. This allows users can get all the email they want - as long as they actually want it.