|
|
ONLINE FEATURES
Book Reviews
BW Video
Columnists
Interactive Gallery
Newsletters
Past Covers
Philanthropy
Podcasts
Special Reports
BLOGS
Auto Beat
Bangalore Tigers
Blogspotting
Brand New Day
Byte of the Apple
Economics Unbound
Eye on Asia
Fine On Media
Green Biz
Hot Property
Investing Insights
Management IQ
NEXT: Innovation
NussbaumOnDesign
Tech Beat
Working Parents
TECHNOLOGY
J.D. Power Ratings
Product Reviews
Tech Stats
Wildstrom: Tech Maven
AUTOS
Home Page
Auto Reviews
Classic Cars
Car Care & Safety
Hybrids
INNOVATION
& DESIGN Home Page Architecture Brand Equity Auto Design Game Room SMALLBIZ Smart Answers Success Stories Today's Tip INVESTING Investing: Europe Annual Reports BW 50 S&P Picks & Pans Stock Screeners Free S&P Stock Report SCOREBOARDS Hot Growth 100 Mutual Funds Info Tech 100 S&P 500 B-SCHOOLS Undergrad Programs MBA Blogs MBA Profiles MBA Rankings Who's Hiring Grads | |
JULY 8, 2003
By Alex Salkever The Only Way to Can the Spam [Page 2 of 2] MASKING CONTENTS. To keep the filters from scanning a solicitation's contents, spammers have increasingly resorted to a graphical e-mail format, which is encoded in HTML. Filters can't read such messages for the same reason that scanners can't pick out simple messages hidden in fuzzy backgrounds. It's a tricky mathematical problem of pattern recognition. Some anti-spam protection rely on "challenge-response" systems, which require you to click through a URL and or simply to hit reply before letting the contents of the e-mail come through. Sounds great -- until your bank sends you a notification of an account overdraft, and you miss it because you overlooked the prompt amid all the spam (see BW, 7/7/03, "A Spam-Fighter More Noxious Than Spam"). Some anti-spam crusaders see promise in a sort of spam directorate that helps ISP operators easily spot unwanted e-mail. Something like this is already enforced: Huge bombardments of messages now trip alarms at the major ISPs. Unfortunately, spammers are again ahead of the game here, too. They've started chopping up their attacks into smaller blocks, sent at random intervals and often using randomly sequenced connections with multiple ISPs. And they're getting their pesky solicitations through. THE REAL PROBLEM. Another popular proposal would set up a sliding fee scale for e-mail. The first 400 messages per month from an account might go free of charge. The next 10,000 might cost the sender 1/8 of a cent apiece. The next 10,000 might cost 1/4 of a cent a piece. And so on. The problem with this approach is that a considerable percentage of spam comes from mail servers of unsuspecting organizations. Spammers sometimes hijack mail servers and spew out unsolicited messages with the return address of the legitimate and unaware organization or person. So charging for e-mail messages might push more spammers to hack into and exploit legitimate mail servers. Look hard enough at all this, and you soon realize it's a result of the Net's anonymous structure. The real solution lies in the system's masters -- the backbone connectivity providers, the router makers, the big telecoms, and the big ISPs -- getting together and requiring anyone wishing to send e-mail over their networks to identify themselves. ENCRYPTED BUT AUTHORIZED. This is the only approach that will ever strike at the root of the spam problem. Every message entering the e-mail system would need to have a unique digital postage stamp that's difficult to forge. It's not a novel concept: Web sites have a system like this already with digital certificates designed to give assurances that they are who they say they are. Granted, this solution is controversial. Cyber-libertarians cry foul whenever someone suggests a way to strip the anonymity out of e-mail. Fair enough, I say. But such fears can be addressed. ISPs could allow e-mail users to encrypt their message but still carry an authentication stamp. Or individuals concerned about maintaining their privacy could use third-party proxy organizations to strip out their identity but still validate a message as legitimate. A company called Anonymizer already does just that for Web surfers. Such validating would allow, say, people inside repressive countries to use encryption to communicate privately. The Internet Engineering Task Force is already looking at ways of designing such a system. Top Net designers, such as Paul Vixie and Paul Mockapetris, think an e-mail-authentication system could be rolled into the next version of Internet backbone software. HOW MUCH GUTS? Yes, some disruption would occur. Everyone who uses e-mail would need to upgrade their software to handle these signatures and encryption. But the technology is comparatively simple. It's really a matter of will -- as in will the organizations that run the Internet have the guts to make a decision that could be disruptive in the short-term but immensely helpful in the long-term? I can only hope for the best -- and look forward to a day when I no longer have to spend mornings cleaning out my company e-mail of all manner of unwanted come-ons.
 Salkever is Technology editor for BusinessWeek Online and covers computer security issues weekly in his Security Net column Edited by Douglas Harbrecht Get BusinessWeek directly on your desktop with our RSS feeds.  Add BusinessWeek news to your Web site with our headline feed. Click to buy an e-print or reprint of a BusinessWeek or BusinessWeek Online story or video. To subscribe online to BusinessWeek magazine, please click here. Learn more, go to the BusinessWeekOnline home page  | | |
 Copyright 2003, by The McGraw-Hill Companies Inc. All rights reserved.Terms of Use | Privacy Policy |
Printer-Friendly Version
