That's why IM gateway vendor FaceTime Communications this week unveiled an upgrade to its IM Auditor product, offering an aggressive new approach to combat the problem.
Foster City, Calif.-based FaceTime's instant messaging compliance product, IM Auditor, provides for logging and auditing capabilities in line with government requirements and rules governing highly-regulated industries.
Until now, the leading IM gateways have offered anti-spam features relying mostly on their advanced content filtering capabilities. Since products like IM Auditor (which is an add-on module to FaceTime's core IM Director platform,) IMlogic's IM Manager, and Akonix L7 Enterprise actually route IM traffic, they also have the ability to block messages with suspicious keywords or from suspicious senders, before the recipient even has an opportunity to see them. (They also can also allow traffic to pass through their filters, but not before alerting IT or compliance officials.)
But the new iteration of IM Auditor, version 4.5, goes a step further. Like some anti-spam systems for e-mail, the FaceTime solution relies on a challenge-response mechanism that intercepts externally-originating messages in an effort to stymie automated spamming tools, or "bots."
"If you are behind IM Auditor, and a bot contacts you, you will not see that initial contact," said FaceTime Products Director Alex Sherstinsky. "The anti-spam filter inside IM Auditor will first send a challenge to this bot ... Such as, 'Please type the word "42" in order to talk to me.' If this is a bot, chances are, it will not understand what it is being asked ... a human user would have absolutely no difficulty."
Ideally, humans should be able to pass the challenge-response test, while spamming bots should fail. At that point, IM conversations can resume as usual.
Need and Costs
Statistics vary on how widespread "SPIM" has become, but for the real-time enterprise that relies on connections to public IM networks, almost any level of the problem can cut into workday productivity -- threatening IM's very usefulness.
Even FaceTime's rivals report that the issue is reaching some level of critical mass.
"A couple years ago, we started to notice IM spam," said Francis deSouza, chief executive at IMlogic. "One of the customers we were working with, looking through their records, estimated that 17 percent of all their instant messages were spam -- it's a bigger number than most people think."
And because IM's appear directly on a user's screen, rather than being routed to an e-mail inbox for later reading, "it's actually a more obtrusive problem than e-mail spam is," he added.
But does the added step of a challenge-and-response mechanism hurt, more than help -- detracting from IM's real-time communication promise?
FaceTime's Sherstinsky conceded that the challenge method could potentially disrupt communications flow by creating an artificial hindrance to users' real-time information exchange. But he added that customer concerns about preserving a good user experience prompted his team to add safeguards while the product was in development: The system does not issue the challenge to any IM users who have successfully passed the challenge previously, nor to users listed in employees' contact lists.
On the other hand, Boston-based IMlogic continues to rely on the content-filtering method -- which is typically less intrusive than a challenge-response system. It also enables enterprise admins to manually block spamming bots of which they're notified. Additionally, the firm's partners, including Clearswift and Sybari, add more advanced content filtering and virus-blocking to the mix.
Still, deSouza said he sees similar protections eventually becoming mainstream throughout the industry.
"I think that almost everything you have for e-mail, you'll need for IM," deSouza said. "And I think it'll be more urgent, in the sense that it's more disruptive ... it can move faster through your network, and I think very quickly, you'll see the level of sophistication of IM spam reaching and exceeding e-mail controls."
Akonix, with offices in San Diego, Calif., also has offered forms of IM spam protection for some time -- and doesn't anticipate upping the ante with challenge-response anytime soon.
"We have found [blacklists, whitelists and content filtering] more than sufficient to allow the safe, secure and productive use of IM by our customers and specifically meet the real-world level of the 'SPIM' problem," said Francis Costello, chief marketing officer at Akonix. "One of the reasons is that the basic designs of the IM networks provide some protection, particularly since you can limit who can contact you based on your Buddy List. The network providers also all utilize policies and technologies to limit access to their network that could be an improper 'SPIM' user or application."
But Costello also said Akonix would consider additionally anti-spam features when it sees the "SPIM" threat growing significantly.
"We'll be able to extend our award-winning and flexible real-time gateway architecture to provide additional protection to our customers so they can leverage all the benefits of real-time communication safely and securely," he said.
Christopher Saunders is managing editor of InstantMessagingPlanet.com.
Loading Comments...