Jun. 23--An alliance of some of the world's largest
e-mail providers unveiled a plan Tuesday to slow the torrent of spam that now
accounts for well more than half of all e-mail.
At the heart of the proposal are two technological
solutions that would help verify that e-mail is actually coming from the people
who appear to be sending it. About half of all unsolicited e-mailed advertising
pitches, nicknamed "spam," are sent with forged return addresses,
according to Microsoft.
Microsoft, America Online, Yahoo and EarthLink said
they would test the two methods for the rest of this year, with a goal of
implementing one or both after that.
"The bet is we're going to find that both
strategies work very well together," said Miles Libbey, anti-spam product
manager for Yahoo Mail.
One method, backed by Microsoft, AOL and EarthLink,
involves checking the address of an incoming e-mail against its numerical
Internet identifier. It's the digital equivalent of the post office matching
people's names with their registered home addresses -- if there's no match, the
e-mail doesn't go through.
The other method, backed by Yahoo, adds a unique
digital signature, or key, to each outgoing message. The recipient's e-mail
provider then matches the signature against another key to make sure it is authentic.
"If we really want to make some real progress
here, the first thing we have to solve is the identity issue," said Ryan
Hamlin, general manager of Microsoft's anti-spam technology and strategy group.
The companies, which formed the Anti-Spam Technical
Alliance in April 2003, said they are committed to finding better ways to block
spam from ever reaching customers.
It's a constant battle. As technology and federal
legislation make life more difficult for the senders of unwanted e-mail
pitches, many of them are turning to new technology tricks. They
"spoof," or forge, e-mail addresses to avoid detection.
They also use special software, often spread via
infected e-mails, to hijack individual computers and turn them into
"zombies" that send out thousands of pitches for everything from
cheap mortgages to Viagra.
"Spammers are quickly evolving and changing their
strategies for not only sending mail...but also strategies for changing their
identity and forgery," said Libbey of Yahoo.
Tuesday's proposal includes 21 recommendations for
Internet service providers, e-mail marketers and consumers to help stop
unwanted e-mail. For ISPs, the alliance recommended that they close common
security holes and limit the amount of e-mail a user could send. (Thousands of
e-mails coming from a home user is a common sign that computer is being used as
a zombie.)
The alliance urged consumers to install firewalls and
anti-virus software and use spam filters to stem the tide. And legitimate
e-mail marketers were urged to make it easy for recipients to opt out of
pitches.
The guidelines were the first recommendations put out
by the alliance, which was founded in April 2003. In March of this year,
members of the group sued some spammers under the federal CAN-SPAM law.
Some e-mail experts saw little new in Tuesday's
announcements.
" It is sort of the biggest players coming
together to endorse a set of common principles, but there is certainly nothing
controversial about these principles," said Ray Everett-Church, chief
privacy officer of ePrivacy Group, which sells anti-spam technology.
He added that there still is no agreement on the key
issue of a standard method for accurately identifying e-mail senders, which
affects not only spam but also the e-mail fraud known as "phishing."
In a phishing scam, an e-mail sender tries to trick a recipient into giving up
sensitive financial information by pretending that the e-mail is coming from a
bank or other legitimate business.
"There are some deep divisions with regard to
what is the most effective way to take on the identity issues that are so much
a part of the spam and phishing problem," Everett-Church said. EPrivacy is
developing an authentication standard of its own.
Spammers gain access to zombie computers through
backdoor programs left behind by viruses. The increased use of "always
on" high-speed home Internet connections has given spammers a ready supply
of machines that can be easily taken over, said Michael Osterman, president of
research and consulting firm Osterman Research.
Microsoft has said that about 40 percent of the spam
it monitors is sent from zombie machines.
"If
the ISPs do make some headway into the best practices, we're going to radically
reduce the amount of machines that the spammers can use," Libbey said
No comments:
Post a Comment