Beyond the CAN SPAM Law: Technology
In a recent Q&A article in the Boston Globe’s business section, Elana Anderson, a Forrester Research senior analyst, says that she believes the recent Can Spam law will have little affect on hard-core spammers. A few days later, a headline found online at Fox News screams out “FTC: ‘Can Spam’ Only a Mild Deterrent.”
I heartedly endorse the Can Spam law, which was passed late last year, as it was the first real step towards the war on spam at the federal level. But sadly, as our inboxes are continuing to be inundated with mail we don’t want, I, along with the rest of the email world, recognize that the war is far from over. Inroads continue to be made, however, and one area in particular is the turn towards technology as a more viable solution for eliminating spam.
One particular area that I believe is the most viable is email authentication and secure identity. There are several movements within the industry that I’d like to introduce you to, including:
- Project Lumos, a project from Email Service Provider Coalition (ESPC). eNews Builder is in full support of this project which proposes a unique registry approach as the following description of the project from their web site states:
"Project Lumos…provides ISPs and others with a means of securely identifying and authenticating email senders. By calling for full and secure disclosure of sender identity, Project Lumos allows ISPs to monitor and track the quality of mail senders, thereby ensuring that these senders are held accountable for their sending practices and the content of their messages.”
For more details, a technical architecture can found in a white paper entitled “Project Lumos: A Solutions Blueprint for Solving the Spam Problem by Establishing Volume Email Sender Accountability.”
- SmartScreen Technology from Microsoft. A spam filtering technology, SmartScreen was introduced by Microsoft in 2003. This technology puts the control in the hands of email recipients, allowing them to identify spam. After email recipients identify spam through SmartScreen, their computers then enter the data into a program that helps the spam filters in SmartScreen learn how to recognize and block spam in the future. According to Microsoft’s site,
“This patented technology is based on a machine-learning approach, where decisions regarding whether e-mail would be considered spam are made by e-mail customers themselves and then incorporated into a feedback loop to train the filter to know what to look for.”
- DomainKeys from Yahoo. The end of last year also saw Yahoo announcing DomainKeys, which targets spammers that use spoofing, a spammer technique which involves changing an e-mail message's header information so it appears to have been sent by someone else. As reported on PCWorld.com,
“Yahoo's DomainKeys is designed to let receiving e-mail systems confirm that a message in fact originated from a user authorized to send e-mail for the domain stated in the header. DomainKeys uses public cryptography technology to accomplish this validation. The outgoing message is digitally "signed" with a private key while the receiving e-mail system uses a public key to validate the signature.Yahoo's plan is to write open-source software for popular e-mail server programs such as QMail and SendMail that would check all incoming messages to ensure they're coming from real Internet domains.”
- Sender Permitted From (SPF) from AOL. Late in January (2004), America Online announced that that it was implementing SPF, which is another authentication protocol for preventing e-mail forgeries or spoofing. According to CNET.com, AOL has put SPF into a trial with its 33 worldwide million customers. This trial is the first large-scale test for the protocol, which standards groups are considering along with various other e-mail verification proposals.
I find it a little ironic that AOL, Microsoft, and Yahoo formed a coalition to combat spam in early 2003 and then they each put forth a proposal separately. Oh, well – no one said that the fight against spam would be easy. The good news is that each proposal is a positive step towards the shared goal of eliminating spam.
In addition to all of the above, there are several other initiatives, such as The Anti-Spam Research Group (ASRG) of the Internet Research Task Force (IRTF), who in late 2003 formed a subcommittee to investigate the differences between a number of competing protocols that are all aimed at spoofing and email authentication. And in January of this year, the ISP Messaging Anti-Abuse Working Group (MAAWG) was founded with the goal of setting standard practices and delivering an ISP code of conduct. This group is led by OpenWare Systems, Inc., an E-mail Software Provider (ESP).
Microsoft’s Bill Gates, who was recently quoted as saying that the spam problem will be solved within two years, suggested another possible solution. His opinion, as reported by Internet.com, is that the solution rests in adding postage to emails. The concept behind this is that bulk e-mail senders would pay a postage fee that guarantees that their e-mail be delivered to participating ISPs, who are paid for accepting the mail. It is believed that placing some monetary value on emails will generate the “friction” required to make it cost prohibitive for spammers to blast out millions of emails.
I believe that ultimately this problem will be solved through a combination of legislation, technology, and ISP cooperation. And with the efforts that are currently occurring on all of these fronts, perhaps, as Mr. Gates suggests, the end to the spamming problem may well be in sight.
by David Crispi, Director of ISP Relations
[PRINTER FRIENDLY VERSION]
|
