The death of SPAM? (article) - GoFuckYourself.com

pimplink · 07-15-2004, 05:22 AM

http://www.latimes.com/business/la-f...-home-business
Searching for Ways to Fight Junk E-Mail
Internet service providers are working on systems that would verify senders' identities
By Chris Gaither
Times Staff Writer

July 15, 2004

Be liberal in what you accept and conservative in what you send.

That was the philosophy when computer scientists sent the first electronic-mail messages over the Internet more than 30 years go.

At the time, the Net was in its infancy, used by a few hundred researchers at universities, government labs and high-tech companies.

Today, hundreds of millions of people have e-mail addresses, and junk e-mailers send out billions of messages every day. And Internet service providers are racing to figure out how to force spammers to abide by that old golden rule.

Microsoft Corp., Yahoo Inc. and other companies are taking different approaches, but they all have the same objective: finding a way to verify that people who send e-mail are who they say they are.

That would plug the biggest hole in Simple Mail Transfer Protocol, the system that has been shuttling messages around the Net since 1983.

The designers of SMTP knew their protocol didn't have a built-in authentication system. But they saw no reason to worry.

"There was very little attention paid to nasty people because we all knew and trusted each other," said David Farber, an Internet pioneer who is now a professor of computer science and public policy at Carnegie Mellon University. "It was understood that it was easy to forge mail, but who would forge mail among your friends?"

Spammers have taken full advantage of that oversight. They falsify their names and reply-to addresses to bypass junk e-mail filters and trick recipients into opening messages. They copy corporate logos to send fake messages purporting to be from companies such as EBay Inc. and Citibank to fool people into handing over their credit card numbers and other personal information in so-called phishing attacks.

"Accountability is really the missing link for many of the problems we have on the Internet," said Phillip Hallam-Baker, principal scientist for VeriSign Inc., the company that maintains the master list of commercial Internet addresses.

The Federal Trade Commission last month cited the lack of authentication standards when it declined to create a "do-not- e-mail" registry modeled after the "do-not-call" list for telemarketers. Without knowing for sure who is sending a message, the FTC said, Internet service providers and other spam fighters wouldn't be able to punish violators.

The big Internet service providers don't agree on how to best fix the authentication problem. Two systems being tested now are Yahoo's DomainKeys standard and Sender ID, which is backed by Microsoft and the Pobox.com e-mail service.

Sender ID has attracted the most interest. It counts on the fact that though e-mail headers are easy to forge, IP addresses ? the unique set of numbers attached to every Internet domain ? are not.

Here's how it works: A company like Amazon.com Inc. publishes its IP address in a public database. When a message arrives that claims to be from the online retailer, the recipient's e-mail program automatically checks the information in the header and compares it with the information in the database. If it matches, the message goes through. If it doesn't match, the message is quarantined or blocked.

ISPs including EarthLink Inc. and Time Warner Inc.'s America Online are testing a component of Sender ID called SPF, or Sender Policy Framework. AOL has started publishing the list of IP addresses from which it sends its members' e-mail so that other e-mail service providers can block messages from spoofed AOL addresses.

By the end of the summer, the country's biggest ISP hopes to begin blocking e-mail that purports to come from companies often impersonated in phishing attacks ? such as EBay's PayPal division ? but that can't be verified as legitimate.

Authenticating e-mail "is the single most important thing we can do to enhance the SMTP," said Carl Hutzler, AOL's director of anti-spam operations.

DomainKeys takes an approach that is based on public-private key cryptography.

Sent messages include an encrypted digital signature created by the e-mail provider's private key. When the message arrives at the recipient's e-mail server, the server checks a database for the sender's public key. If the public and private keys match up, the signature can be decrypted and the sender's identity validated. If not, the message can be blocked by spam filters.

Yahoo began testing DomainKeys in March. The company said it planned to implement it for outbound messages from its Yahoo Mail customers and at least some incoming messages by the end of the year.

If the ISPs succeed, e-mail marketers will have no choice but to authenticate their messages to prevent them from being blocked. And if they authenticate, ISPs and other spam fighters will be able to keep track of senders and their reputations.

Companies would be held accountable for the sending habits of their employees, and ISPs would be responsible for their customers' e-mail. Those that developed a reputation for generating spam could find their e-mail blocked ? a situation that could force e-mail providers to ensure that their customers' computers are secured so spammers couldn't hijack them to send junk mail.

Legitimate e-mail marketers that allow recipients to remove themselves from mailing lists and that obey other professional codes of conduct would have their messages whisked around spam filters instead of getting blocked.

Technologies like DomainKeys and Sender ID are needed to "take SMTP from being dangerously wide open to being much more controlled," said Steve Jillings, chief executive of FrontBridge Technologies Inc., a Marina del Rey e-mail security company that plans to implement Sender ID.

The catch is that an authentication standard has to be widely adopted to be effective. Getting companies around the world to agree on a standard and implement it seems highly unlikely to technologists such as Carnegie Mellon's Farber.

But the future of e-mail depends on it, said Scott Weiss, chief executive of the anti-spam company IronPort Systems Inc. "The innovation of e-mail now needs to catch up with many of the rich features that have now been rendered virtually unusable."

Bottom line: Spam is more of a technological issue than a legal issue. As long as there is money to be made, expect spamming to stick around.

reynold · 07-16-2004, 01:12 AM

You don't say

Radik · 07-16-2004, 01:17 AM

To be honest, www.spamarrest.com and look no ref link..
Serious if you have an issue with spam this will help.

I would expect a model like this making it's way back into mainstream mailers qmail/sendmail works well.

pxxx · 07-16-2004, 01:24 AM

Quote:

Originally posted by Radik
To be honest, www.spamarrest.com and look no ref link..
Serious if you have an issue with spam this will help.

I would expect a model like this making it's way back into mainstream mailers qmail/sendmail works well.

gets the job done.

Babagirls · 07-16-2004, 01:25 AM

spam will never die

Adultnet · 07-16-2004, 01:32 AM

Quote:

Originally posted by Babagirls
spam will never die

yes It's almost impossible......

reynold · 07-16-2004, 01:40 AM

Quote:

Originally posted by Babagirls
spam will never die

In one form or another, spam will survive ...

just like a digital cockroach surviving a nuclear war.

SykkBoy · 07-16-2004, 02:01 AM

if there is a way to submit, there is a way to spam...

although, I look at some of these technologies as a good thing...it means my true double opt-in lists are worth more money, because I can send from a certain IP, have it in the database and it'll go through....and it'll hopefully get rid of fuckups like spamhaus and spamcop and send them back to what they should be doing in the first place: trying to get laid and doing something actually worthwhile in contributing to society...

mysh · 07-16-2004, 02:15 AM

I think that spam will evolve a couple of years more until its level becomes unacceptable for any spam filter.. After that all internet as we know it will end. I mean it wouldn't be such an anonymous thing it is today.

pimplink · 07-16-2004, 02:59 AM

Spam will keep mutating...

Email -- spammed

IM -- spammed

newsgroups -- spammed

community devices (friendster) -- spammed

blogs -- spammed

Search engines -- spammed

ref registries -- spammed

database relays -- spammed

you name it, as long as it has the POSSIBILITY of sending traffic, it WILL be spammed.

polish_aristocrat · 07-16-2004, 03:13 AM

end of pop up seems near

07-15-2004, 05:22 AM	#1
pimplink Confirmed User Join Date: Jun 2001 Location: Closer than you think Posts: 9,535	The death of SPAM? (article) http://www.latimes.com/business/la-f...-home-business Searching for Ways to Fight Junk E-Mail Internet service providers are working on systems that would verify senders' identities By Chris Gaither Times Staff Writer July 15, 2004 Be liberal in what you accept and conservative in what you send. That was the philosophy when computer scientists sent the first electronic-mail messages over the Internet more than 30 years go. At the time, the Net was in its infancy, used by a few hundred researchers at universities, government labs and high-tech companies. Today, hundreds of millions of people have e-mail addresses, and junk e-mailers send out billions of messages every day. And Internet service providers are racing to figure out how to force spammers to abide by that old golden rule. Microsoft Corp., Yahoo Inc. and other companies are taking different approaches, but they all have the same objective: finding a way to verify that people who send e-mail are who they say they are. That would plug the biggest hole in Simple Mail Transfer Protocol, the system that has been shuttling messages around the Net since 1983. The designers of SMTP knew their protocol didn't have a built-in authentication system. But they saw no reason to worry. "There was very little attention paid to nasty people because we all knew and trusted each other," said David Farber, an Internet pioneer who is now a professor of computer science and public policy at Carnegie Mellon University. "It was understood that it was easy to forge mail, but who would forge mail among your friends?" Spammers have taken full advantage of that oversight. They falsify their names and reply-to addresses to bypass junk e-mail filters and trick recipients into opening messages. They copy corporate logos to send fake messages purporting to be from companies such as EBay Inc. and Citibank to fool people into handing over their credit card numbers and other personal information in so-called phishing attacks. "Accountability is really the missing link for many of the problems we have on the Internet," said Phillip Hallam-Baker, principal scientist for VeriSign Inc., the company that maintains the master list of commercial Internet addresses. The Federal Trade Commission last month cited the lack of authentication standards when it declined to create a "do-not- e-mail" registry modeled after the "do-not-call" list for telemarketers. Without knowing for sure who is sending a message, the FTC said, Internet service providers and other spam fighters wouldn't be able to punish violators. The big Internet service providers don't agree on how to best fix the authentication problem. Two systems being tested now are Yahoo's DomainKeys standard and Sender ID, which is backed by Microsoft and the Pobox.com e-mail service. Sender ID has attracted the most interest. It counts on the fact that though e-mail headers are easy to forge, IP addresses ? the unique set of numbers attached to every Internet domain ? are not. Here's how it works: A company like Amazon.com Inc. publishes its IP address in a public database. When a message arrives that claims to be from the online retailer, the recipient's e-mail program automatically checks the information in the header and compares it with the information in the database. If it matches, the message goes through. If it doesn't match, the message is quarantined or blocked. ISPs including EarthLink Inc. and Time Warner Inc.'s America Online are testing a component of Sender ID called SPF, or Sender Policy Framework. AOL has started publishing the list of IP addresses from which it sends its members' e-mail so that other e-mail service providers can block messages from spoofed AOL addresses. By the end of the summer, the country's biggest ISP hopes to begin blocking e-mail that purports to come from companies often impersonated in phishing attacks ? such as EBay's PayPal division ? but that can't be verified as legitimate. Authenticating e-mail "is the single most important thing we can do to enhance the SMTP," said Carl Hutzler, AOL's director of anti-spam operations. DomainKeys takes an approach that is based on public-private key cryptography. Sent messages include an encrypted digital signature created by the e-mail provider's private key. When the message arrives at the recipient's e-mail server, the server checks a database for the sender's public key. If the public and private keys match up, the signature can be decrypted and the sender's identity validated. If not, the message can be blocked by spam filters. Yahoo began testing DomainKeys in March. The company said it planned to implement it for outbound messages from its Yahoo Mail customers and at least some incoming messages by the end of the year. If the ISPs succeed, e-mail marketers will have no choice but to authenticate their messages to prevent them from being blocked. And if they authenticate, ISPs and other spam fighters will be able to keep track of senders and their reputations. Companies would be held accountable for the sending habits of their employees, and ISPs would be responsible for their customers' e-mail. Those that developed a reputation for generating spam could find their e-mail blocked ? a situation that could force e-mail providers to ensure that their customers' computers are secured so spammers couldn't hijack them to send junk mail. Legitimate e-mail marketers that allow recipients to remove themselves from mailing lists and that obey other professional codes of conduct would have their messages whisked around spam filters instead of getting blocked. Technologies like DomainKeys and Sender ID are needed to "take SMTP from being dangerously wide open to being much more controlled," said Steve Jillings, chief executive of FrontBridge Technologies Inc., a Marina del Rey e-mail security company that plans to implement Sender ID. The catch is that an authentication standard has to be widely adopted to be effective. Getting companies around the world to agree on a standard and implement it seems highly unlikely to technologists such as Carnegie Mellon's Farber. But the future of e-mail depends on it, said Scott Weiss, chief executive of the anti-spam company IronPort Systems Inc. "The innovation of e-mail now needs to catch up with many of the rich features that have now been rendered virtually unusable." Bottom line: Spam is more of a technological issue than a legal issue. As long as there is money to be made, expect spamming to stick around. __________________ Need Mainstream Content and SEO? SEO * Website Copy * Blogs Blogging - PR Work - Forum Marketing - Social Marketing - Link building - Articles 100% Guaranteed Content!

07-16-2004, 01:17 AM	#3
Radik Confirmed User Join Date: Sep 2003 Location: Vancouver ICQ: 3588423 Posts: 808	To be honest, www.spamarrest.com and look no ref link.. Serious if you have an issue with spam this will help. I would expect a model like this making it's way back into mainstream mailers qmail/sendmail works well. __________________ 100% Exclusive, Check Us Out!

07-16-2004, 01:25 AM	#5
Babagirls Text Writer Join Date: Feb 2001 Location: Wisconsin Posts: 18,812	spam will never die __________________ Need a Text Writer? Blogs\|Reviews\|Descriptions\|Paysites\|TGP's\|Stories ICQ: 397892500

07-16-2004, 02:01 AM	#8
SykkBoy Jesus loves bacon Industry Role: Join Date: Feb 2001 Location: Sin City, Motherfucker Posts: 19,969	if there is a way to submit, there is a way to spam... although, I look at some of these technologies as a good thing...it means my true double opt-in lists are worth more money, because I can send from a certain IP, have it in the database and it'll go through....and it'll hopefully get rid of fuckups like spamhaus and spamcop and send them back to what they should be doing in the first place: trying to get laid and doing something actually worthwhile in contributing to society... __________________ Support my new movie “The Second Coming”

07-16-2004, 02:15 AM	#9
mysh Registered User Join Date: Jul 2004 Location: far far away Posts: 24	I think that spam will evolve a couple of years more until its level becomes unacceptable for any spam filter.. After that all internet as we know it will end. I mean it wouldn't be such an anonymous thing it is today. __________________ Maximum response from your teen traffic is HERE

07-16-2004, 01:12 AM	#2
reynold Too lazy to set a custom title Join Date: Oct 2002 Location: Global Traveler Posts: 51,271	You don't say

07-16-2004, 02:59 AM	#10
pimplink Confirmed User Join Date: Jun 2001 Location: Closer than you think Posts: 9,535	Spam will keep mutating... Email -- spammed IM -- spammed newsgroups -- spammed community devices (friendster) -- spammed blogs -- spammed Search engines -- spammed ref registries -- spammed database relays -- spammed you name it, as long as it has the POSSIBILITY of sending traffic, it WILL be spammed. __________________ Need Mainstream Content and SEO? SEO * Website Copy * Blogs Blogging - PR Work - Forum Marketing - Social Marketing - Link building - Articles 100% Guaranteed Content!

07-16-2004, 03:13 AM	#11
polish_aristocrat Too lazy to set a custom title Join Date: Jul 2002 Posts: 40,377	end of pop up seems near __________________ I don't use ICQ anymore.