It’s not easy being an anti-spam specialist. When reputation scores and other filters fail to block all the junk, we sometimes have to jump in and analyze the messages manually. All the while, millions of end-users are breathing down my neck, waiting for me to release an update ASAP.
I don’t mind the big nasty waves. They’re always a fun challenge and with all the tools we have, we can get rid of them in seconds. What I’m more afraid of are what I call the ‘Spear Ham/Legit.’ (Don’t Google that term – it doesn’t exist! yet!). A ‘Spear Legit’ in my terms is a legitimate message that’s been classified as spam by the receiver. These types are really targeted at a specific group of users. I don’t include Marketing, Sales or HR in this category since they are always a nice target; I’m talking about managers (CEO, IT, department heads, etc.). The ‘Spear Legit’ volume is very low, precise and locally oriented. For example, a Montreal manager is starting to get F1 Racing advertisements for the upcoming Montreal Grand Prix from a very well-respected business. Another manager received an email from a local TV station through an address that he swears he never used to sign-up for newsletters or anything cheesy related to that station. Again, this message was very legitimate. There are others that fall into more of a grey area, but they still need your attention to evaluate the content.
So, put yourself in the shoes of the anti-spam expert. You have the spam complaint in your hands, it has very low volume, and you have to make a decision about whether to block this legitimate business or not. It’ll only affect millions of end-user mailboxes! So what do you do?
Well Marc please correct me if I got it wrong, a receiver will mark any mail that he has not subscribed to as ‘spam’ even if it is from a ‘legitimate source’. Further, one needs to question the ulterior motive of a legitimate source when it targets ‘managers (CEO, IT, department heads, etc.)’? So then logically the so called Legitimate source too is not doing any thing different then what spammers do – violating private spaces. Therefore they too need to be treated as SPAM.
As an analyst handling millions of samples, this particular genre should not be a Herculean task. (I don’t mean to be sarcastic) Spear phish,Rock phish, Bot phish should all be fried in the same pan!
Marc, when it comes down to it, I still go back to the definition of UCE (Unsolicited Commercial Email) for spam. If I didn’t want the message and the message is asking for my business, then it’s spam.
I understand your point though, I receive a ton of those types of very targeted messages, the soon to be coined ‘Spear-legits’. I have marveled at times at how well crafted they are and how legitimate they appear.