Content filtering, readily available open-source tools and public blacklists were no longer enough to keep spam at bay, said British-based security vendor Sophos. Sophos Anti-Virus Asia managing director Charles Cousins, who is based in Singapore, believes more sophisticated detection techniques are needed to weed out spam as it becomes a critical security threat. 'You have to stop the myth that stopping spam is just looking for key words,' he says. Spam, known formally as unsolicited commercial e-mail (UCE), is 'in its third generation', Mr Cousins says. 'Using content filtering alone is not going to stop it.' This is especially true as spam, traditionally treated as a nuisance and productivity killer, becomes a popular dispersal tool for virus writers. Earlier this year, spam e-mails spread variants of the Bagle, MyDoom and Netsky viruses, using nifty social engineering techniques and encrypted infected attachments to wreak havoc on computers across the internet. 'Spam and virus writers are also sharing techniques, and it makes sense for us to have one bundled product,' Mr Cousins says. Sophos' own anti-spam candidate, PureMessage, uses 'more than 700 different tests'. 'Some of them are based on content but the majority are based on many different rules,' Mr Cousins says. Sophos acquired PureMessage when it bought anti-spam specialist ActiveState in September last year. Mr Cousins says the product, which combines anti-virus and policy management features with anti-spam capabilities, uses both Sophos' own blacklist and public ones. Blacklists, also called blackhole lists, are groups of internet addresses known to be sources of spam. Keeping detection techniques proprietary is one good way to fight spam, Mr Cousins says. PureMessage uses both open-source and proprietary tests to remove spam. 'We cannot tell anyone about [the proprietary methods] because then people will know how to get around spam detection engines.' Mr Cousins points out that making detection techniques public will only make them redundant. 'There is a trend towards open-source software but spam writers are using them to 'QC' their spam.' Although PureMessage uses public blacklists, Mr Cousins believes these should be managed by professional organisations. 'Today, many public blacklists are manned by organisations or individuals who are not necessarily commercial,' he says, adding that such lists sometimes mistakenly identify legitimate businesses as spam sources. Professional organisations will be more careful than amateur groups or individuals about what they put on their blacklist because they can be sued more easily, he argues. Spam is slowly becoming multilingual, with Sophos seeing more spam created in languages other than English. Although the company claims that PureMessage, now in version 4.5, has a 97 per cent accuracy rate when it comes to detecting spam in English, 'we are not claiming that in other languages', Mr Cousins says. PureMessage can filter French and German spam and uses other techniques to 'flag off' potential spam in other languages. Mr Cousins adds that new language libraries 'can improve the accuracy as there are some words that will be peculiar to that language'. However, he believes this is not a major issue, 'because 95 per cent or more of spam is in English and [junk e-mails] are only just coming out in other languages'.