1x1



APRIL 22, 2003

SECURITY NET
By Alex Salkever

Anti-Spammers Get Serious
[Page 2 of 2]


  STORY TOOLS
Printer-Friendly Version
E-Mail This Story

Related Items
Security Net Archive

POLL INSTANT SURVEY >>
With which of the following statements on outsourcing do you most agree?

The benefits of outsourcing to corporate America far outweigh the costs
There's an even split between the drawbacks and rewards
Any benefits are overshadowed by the loss of U.S. jobs
Unsure

VIEW POLL RESULTS >>
  PEOPLE SEARCH

Search for business contacts:

First Name :
Last Name :
Company Name :

PREMIUM SEARCH
Search by job title, geography and build a list of executive contacts

Search by Zoominfo
  Tech White Papers
Most Recent
Most Popular
GETTING DE-LISTED.  Broadway Net also swallows indirect costs resulting from the spam epidemic. On occasion, valid direct-marketing e-mail from real commercial customers at Broadway Net get rated as spam. In these instances, the bway.net domain can be placed on spam blacklists. Those lists provide domains commonly used to send spam, and mail administrators who subscribe the blacklists may choose to screen out all mail from that domain. So Broadway Net's postmaster has to contact the blacklists and get bway.net domain removed. "I spend a lot of time dealing with this, more than I should really," says the ISP's postmaster, who chose to remain unidentified.


The proposed CAN-SPAM law should provide some limited help. It aims to levy stiff penalties against spammers operating inside the U.S. who send marketing e-mail with fake or invalid return addresses. That could help against the 50% of the major spammers who still operate within the country. Wyden spokesperson Carol Guthrie is optimistic that the bill will pass this year.

Unfortunately, spammers will likely adapt by moving their operations offshore, a trend already under way in large part due to the types of lawsuits AOL, Microsoft (MSFT ), and other big ISPs have pursued. Only a few years ago, 90% of the big-time spammers operated inside the U.S.

ANSWER THIS FIRST.  Where laws fail, technology could to a certain degree slow the spam flow. A handful of anti-spam systems are available today. Blacklists are the crudest but are widely used by aggressive postmasters. "Whitelists" are becoming more common. That means each individual user has a list of people from whom they will accept e-mail (see BW Online, 3/13/03, "Marketers vs. Spam? Hey, It's a Start").

Whitelists work hand-in-hand with mandatory-response systems that request a second e-mail from a sender to verify they're a live person and not a bogus address concocted by spam software. Some of these systems include recognition requests that humans can easily answer but machines cannot, such as simple math equations or even sequences of rhyming words.

More advanced still are sophisticated content filters that judge whether a message is spam by looking for clear signs, such as a plethora of exclamation marks and pornographic words. But these systems struggle with simple deceptions such as inserting a period between each letter of the word sex to create something humans easily understand but content filters won't know is junk mail.

On the bleeding edge now is software that records a specific signature for the content of each e-mail. ISPs using the software can share the signatures over the Net, providing each other with early warning and a means of defending against mass spam mailings.

"MISSING LINK."  Even further out are ways to put a difficult-to-forge digital postmark on each message, allowing mail administrators to track the origins and trajectory of the message. Today this is impossible as the existing e-mail system makes it very easy to falsify a sender's identity or to take advantage of vulnerable mail servers to send millions of messages from a valid domain without notifying the owner. And while most current e-mail clients can handle digital signatures that would make forged e-mails easy to spot and eliminate, few have adopted their use.

That could change in the near future if spam gets much worse. "The missing link for spam deterrence is our inability to be able to track and locate the senders of the message," explains Paul Judge, the CTO of secure e-mail provider CipherTrust and chairman of the IETF anti-spam taskforce.

Forging that missing link should be a key priority not only for e-mail providers but for every big company that suffers increasing productivity losses due to the flood of spam. With some luck, the confluence of congressional action, serious litigation, and technological advances will provide a better means to can spam. Even better, maybe it'll serve as a wake-up call to the companies and ISPs that still think the best way to deal with this scourge is to hit the delete key hundreds of times a day.

| 1 | 2 |  <<previous page



Salkever is Technology editor for BusinessWeek Online and covers computer security issues weekly in his Security Net column
Get BusinessWeek directly on your desktop with our RSS feeds.XML

Add BusinessWeek news to your Web site with our headline feed.

Click to buy an e-print or reprint of a BusinessWeek or BusinessWeek Online story or video.

To subscribe online to BusinessWeek magazine, please click here.

Learn more, go to the BusinessWeekOnline home page
Back to Top


  MARKET INFO
DJIA 0 0.00
S&P 500 0 0.00
Nasdaq 0 0.00

Portfolio Service Update

Stock Lookup

Enter name or ticker



Copyright 2003, Bloomberg L.P.
Terms of Use | Privacy Policy

Media Kit | Special Sections | MarketPlace | Knowledge Centers
Bloomberg L.P.