business continuity planning business analyst and technical writer


 Home  Who We Help  Services  Approach  Case Studies  Resources  Contacts  About Us

THE SPAM EPIDEMIC NEEDS STRONG MEDICINE

There has been much discussion about controlling the increasing amount of spam within our e-mail systems. Microsoft, Yahoo, AOL, Cisco and others have proposed or adopted various approaches to solving the spam problem. Battles have erupted over patent and licensing rights. To date, no completely effective solution has surfaced. Is there any hope of ridding the planet of this scourge?

What is spam?

The definition of spam is vague at best. Does it refer to an e-mail advertisement? Is it an unwanted solicitation? Should any unwanted e-mail message be called spam? Ultimately, each individual determines which e-mail messages are spam and which are legitimate communications. That's one of reasons why the software industry is having such a hard time dealing with the problem.

There are many spam filtering techniques available. Some of them reside on e-mail servers while others run on desktop PC's. None do a particularly stellar job of controlling spam. Either unwanted messages are allowed to get through (these are called false negatives) or legitimate messages are flagged as spam and blocked (false positives).

Current spam filters examine the addressing and contents of e-mail messages looking for clues. The clues are defined by a set of rules or filters that require continual updating. Some organizations also use "blacklists" to label all messages from some senders as spam.

In either case, false negatives and false positives are likely.

Spammers are known to frequently change their tactics to get around spam detection techniques. They change the wording of their messages. They purposely misspell words or insert symbols as in ca$h, to disguise their intent. They move among e-mail servers or change IP addresses to get around blacklists. The most nefarious spammers actually hijack desktop PC's using virus-like software and force those systems to send out their e-mail messages.

How did we get here?

This out-of-control situation is costing all of us time and money. How many minutes a day do you spend dealing with spam and false positives? Major Internet service providers like AOL, MSN and Yahoo block billions of spam messages each day. It takes a lot of computer power to receive, review and re-route that many messages. Is there any hope?

The reasons for this deplorable state of affairs are complex. It begins with the foundation technology for e-mail called the Simple Mail Transport Protocol (SMTP). The designers of SMTP did not anticipate how valuable e-mail would become as a marketing medium. They did not design SMTP to be a secure, verifiable communication vehicle. It is quite easy to misrepresent the sender of a message and claim to be someone you're not.

While such fraudulent activity occurs with postal mail as well, there are key differences. Postmarks cannot be forged, thus a letter can always be traced to the originating postal district. E-mail headers are easily forged. Use of the postal system is regulated and violators are subject to severe penalties. E-mail can originate from any country making U.S. law enforcement almost impossible. Postal mail is relatively expensive to print, address and deliver. E-mail costs a fraction of a cent per message.

Is there any hope of getting rid of it?

Fortunately, there is some good news to report. The spam problem can and will be solved but it won't be simple or cheap.

For starters, it will be necessary to create a group of federated registries where e-mail senders can enroll.

This will be similar to the way that web domain addresses are controlled by a federated group of domain registrars. A website name (commonly called a domain name) can be registered with any of the domain registrars who control the process and avoid duplication.

In addition to this new registration process, e-mail headers, which contain addressing information, will require changes to authenticate senders. Both the originator of the message and the service provider that transmits it will require identity verification. These changes will enable e-mail gateways, the systems that receive messages, to validate their source and intent.

Once registered, a sender will be authorized to send out bulk e-mail messages. Using the registration list and the authentication features, e-mail gateways will be able to monitor and report the performance of registered senders. Any sender who abuses its e-mail list, ignores unsubscribe requests, or attempts to disguise its identity will generate numerous complaints.

Will this really work?

Any reputable organization carefully protects its reputation. They strive to maintain good relationships with their customers or members and create long-lasting bonds. While some problems and complaints are inevitable, they will be a small percentage of overall relationships. If the complaint level gets abnormally high, e-mail gateways will have the right to reject messages from those senders.

Of course, someone could register a new sender identity and begin spamming immediately. However, gateways could label such messages are unverifiable or suspect. Complaints would pour in and the spammer would be quickly shut down. In addition, registration would require contact information and probably the payment of a small fee making perpetual spammers easier to identify.

No system is perfect but this conceptual approach offers hope for minimizing the amount of e-mail that is spam. In particular, all those messages offering medical advice or get rich quick schemes would become easy to reject. We need to maintain a balance between the need for an open, freewheeling Internet and the need for an adequate level of privacy and security.



Vin D'Amico is Founder and President of DAMICON, your ADJUNCT CIO™. He is an expert in leveraging open software to drive growth. DAMICON provides Freelance Technical Writing, IT Disaster Response Planning, and Network Security Management services to firms throughout New England.

This article appeared in Vin's monthly Virtual Business column for the IndUS Business Journal in November 2004.



To learn more about how DAMICON can help your business, please take a look at our service programs.

















Virtual Business

Virtual Business

This column appears monthly in the IndUS Business Journal.