The death of SPAM? (article)

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • pimplink
    Confirmed User
    • Jun 2001
    • 9535

    #1

    The death of SPAM? (article)

    http://www.latimes.com/business/la-f...-home-business
    Searching for Ways to Fight Junk E-Mail
    Internet service providers are working on systems that would verify senders' identities
    By Chris Gaither
    Times Staff Writer

    July 15, 2004

    Be liberal in what you accept and conservative in what you send.

    That was the philosophy when computer scientists sent the first electronic-mail messages over the Internet more than 30 years go.

    At the time, the Net was in its infancy, used by a few hundred researchers at universities, government labs and high-tech companies.

    Today, hundreds of millions of people have e-mail addresses, and junk e-mailers send out billions of messages every day. And Internet service providers are racing to figure out how to force spammers to abide by that old golden rule.

    Microsoft Corp., Yahoo Inc. and other companies are taking different approaches, but they all have the same objective: finding a way to verify that people who send e-mail are who they say they are.

    That would plug the biggest hole in Simple Mail Transfer Protocol, the system that has been shuttling messages around the Net since 1983.

    The designers of SMTP knew their protocol didn't have a built-in authentication system. But they saw no reason to worry.

    "There was very little attention paid to nasty people because we all knew and trusted each other," said David Farber, an Internet pioneer who is now a professor of computer science and public policy at Carnegie Mellon University. "It was understood that it was easy to forge mail, but who would forge mail among your friends?"

    Spammers have taken full advantage of that oversight. They falsify their names and reply-to addresses to bypass junk e-mail filters and trick recipients into opening messages. They copy corporate logos to send fake messages purporting to be from companies such as EBay Inc. and Citibank to fool people into handing over their credit card numbers and other personal information in so-called phishing attacks.

    "Accountability is really the missing link for many of the problems we have on the Internet," said Phillip Hallam-Baker, principal scientist for VeriSign Inc., the company that maintains the master list of commercial Internet addresses.

    The Federal Trade Commission last month cited the lack of authentication standards when it declined to create a "do-not- e-mail" registry modeled after the "do-not-call" list for telemarketers. Without knowing for sure who is sending a message, the FTC said, Internet service providers and other spam fighters wouldn't be able to punish violators.

    The big Internet service providers don't agree on how to best fix the authentication problem. Two systems being tested now are Yahoo's DomainKeys standard and Sender ID, which is backed by Microsoft and the Pobox.com e-mail service.

    Sender ID has attracted the most interest. It counts on the fact that though e-mail headers are easy to forge, IP addresses ? the unique set of numbers attached to every Internet domain ? are not.

    Here's how it works: A company like Amazon.com Inc. publishes its IP address in a public database. When a message arrives that claims to be from the online retailer, the recipient's e-mail program automatically checks the information in the header and compares it with the information in the database. If it matches, the message goes through. If it doesn't match, the message is quarantined or blocked.

    ISPs including EarthLink Inc. and Time Warner Inc.'s America Online are testing a component of Sender ID called SPF, or Sender Policy Framework. AOL has started publishing the list of IP addresses from which it sends its members' e-mail so that other e-mail service providers can block messages from spoofed AOL addresses.

    By the end of the summer, the country's biggest ISP hopes to begin blocking e-mail that purports to come from companies often impersonated in phishing attacks ? such as EBay's PayPal division ? but that can't be verified as legitimate.

    Authenticating e-mail "is the single most important thing we can do to enhance the SMTP," said Carl Hutzler, AOL's director of anti-spam operations.

    DomainKeys takes an approach that is based on public-private key cryptography.

    Sent messages include an encrypted digital signature created by the e-mail provider's private key. When the message arrives at the recipient's e-mail server, the server checks a database for the sender's public key. If the public and private keys match up, the signature can be decrypted and the sender's identity validated. If not, the message can be blocked by spam filters.

    Yahoo began testing DomainKeys in March. The company said it planned to implement it for outbound messages from its Yahoo Mail customers and at least some incoming messages by the end of the year.

    If the ISPs succeed, e-mail marketers will have no choice but to authenticate their messages to prevent them from being blocked. And if they authenticate, ISPs and other spam fighters will be able to keep track of senders and their reputations.

    Companies would be held accountable for the sending habits of their employees, and ISPs would be responsible for their customers' e-mail. Those that developed a reputation for generating spam could find their e-mail blocked ? a situation that could force e-mail providers to ensure that their customers' computers are secured so spammers couldn't hijack them to send junk mail.

    Legitimate e-mail marketers that allow recipients to remove themselves from mailing lists and that obey other professional codes of conduct would have their messages whisked around spam filters instead of getting blocked.

    Technologies like DomainKeys and Sender ID are needed to "take SMTP from being dangerously wide open to being much more controlled," said Steve Jillings, chief executive of FrontBridge Technologies Inc., a Marina del Rey e-mail security company that plans to implement Sender ID.

    The catch is that an authentication standard has to be widely adopted to be effective. Getting companies around the world to agree on a standard and implement it seems highly unlikely to technologists such as Carnegie Mellon's Farber.

    But the future of e-mail depends on it, said Scott Weiss, chief executive of the anti-spam company IronPort Systems Inc. "The innovation of e-mail now needs to catch up with many of the rich features that have now been rendered virtually unusable."


    Bottom line: Spam is more of a technological issue than a legal issue. As long as there is money to be made, expect spamming to stick around.

    Need Mainstream Content and SEO?
    SEO * Website Copy * Blogs
    Blogging - PR Work - Forum Marketing - Social Marketing - Link building - Articles
    100% Guaranteed Content!
  • reynold
    Too lazy to set a custom title
    • Oct 2002
    • 51271

    #2
    You don't say

    Comment

    • Radik
      Confirmed User
      • Sep 2003
      • 808

      #3
      To be honest, www.spamarrest.com and look no ref link..
      Serious if you have an issue with spam this will help.

      I would expect a model like this making it's way back into mainstream mailers qmail/sendmail works well.


      100% Exclusive, Check Us Out!

      Comment

      • pxxx
        First African GFY Member
        • Mar 2004
        • 12114

        #4
        Originally posted by Radik
        To be honest, www.spamarrest.com and look no ref link..
        Serious if you have an issue with spam this will help.

        I would expect a model like this making it's way back into mainstream mailers qmail/sendmail works well.

        gets the job done.

        Comment

        • Babagirls
          Text Writer
          • Feb 2001
          • 18812

          #5
          spam will never die




          Need a Text Writer?
          Blogs|Reviews|Descriptions|Paysites|TGP's|Stories

          ICQ: 397892500

          Comment

          • Adultnet
            Confirmed User
            • Sep 2003
            • 8713

            #6
            Originally posted by Babagirls
            spam will never die
            yes It's almost impossible......


            TrafficCashGold Paying Webmasters Since 1996!

            Awesome Conversions! Fast Weekly Payments! Over 125 Tours!

            Comment

            • reynold
              Too lazy to set a custom title
              • Oct 2002
              • 51271

              #7
              Originally posted by Babagirls
              spam will never die
              In one form or another, spam will survive ...


              just like a digital cockroach surviving a nuclear war.

              Comment

              • SykkBoy2
                Jesus loves bacon
                • Feb 2001
                • 19969

                #8
                if there is a way to submit, there is a way to spam...

                although, I look at some of these technologies as a good thing...it means my true double opt-in lists are worth more money, because I can send from a certain IP, have it in the database and it'll go through....and it'll hopefully get rid of fuckups like spamhaus and spamcop and send them back to what they should be doing in the first place: trying to get laid and doing something actually worthwhile in contributing to society...
                Support my new movie “The Second Coming”

                Comment

                • mysh
                  Registered User
                  • Jul 2004
                  • 24

                  #9
                  I think that spam will evolve a couple of years more until its level becomes unacceptable for any spam filter.. After that all internet as we know it will end. I mean it wouldn't be such an anonymous thing it is today.
                  Maximum response from your teen traffic is HERE

                  Comment

                  • pimplink
                    Confirmed User
                    • Jun 2001
                    • 9535

                    #10
                    Spam will keep mutating...

                    Email -- spammed

                    IM -- spammed

                    newsgroups -- spammed

                    community devices (friendster) -- spammed

                    blogs -- spammed

                    Search engines -- spammed

                    ref registries -- spammed

                    database relays -- spammed

                    you name it, as long as it has the POSSIBILITY of sending traffic, it WILL be spammed.

                    Need Mainstream Content and SEO?
                    SEO * Website Copy * Blogs
                    Blogging - PR Work - Forum Marketing - Social Marketing - Link building - Articles
                    100% Guaranteed Content!

                    Comment

                    • polish_aristocrat
                      Too lazy to set a custom title
                      • Jul 2002
                      • 40377

                      #11
                      end of pop up seems near
                      I don't use ICQ anymore.

                      Comment

                      Working...