August 23, 2004 4:00 AM PDT
Stopping spam at the source
- Related Stories
Microsoft touts 'Sender ID' to fight spam, scamsAugust 12, 2004
Symantec snaps up antispam firmJuly 12, 2004
Antispam framework scores Microsoft endorsementMay 25, 2004
Symantec to buy BrightmailMay 19, 2004
Brainier networking gear to the rescueFebruary 27, 2004
Yahoo, Sendmail to test antispam systemFebruary 24, 2004
Finding a way to fry spamFebruary 24, 2004
Competing spam 'solutions'January 25, 2004
Telecoms, ISPs partner in spam fightJanuary 13, 2004
Study: Yes, spam's a problemOctober 13, 2003
At issue is the ability to authenticate the original source of e-mail messages, a major hole in the current system that allows spammers to easily forge return addresses and hide their tracks.
This month, the Internet Engineering Task Force (IETF) reviewed several e-mail authentication proposals, agreeing to fast-track a submission from Microsoft known as Sender ID. The group also reviewed submissions for signature-based authentication from companies such as Cisco Systems and Yahoo and recommended the authors combine and resubmit those proposals together.
New technologies promise what current antispam solutions can't yet offer--the chance to drive up costs for spammers.
Stakes in the antispam movement have never been higher, as several authentication proposals and other spam solutions come under review.
A timeline has yet to be set for reviewing and approving these proposals. But the attention on e-mail authentication standards is a welcome sign of progress, according to antispam experts, who said the technology promises what current antispam solutions can't yet offer--the chance to drive up costs for spammers.
"The spam filtering software we use on our mail servers works remarkably well, but it's not sufficient," said Phil Long, senior strategist for academic computing at the Massachusetts Institute of Technology in Cambridge, Mass. "It only filters mail after it's been sent. We need solutions that will make it more expensive for spammers to send out their mail. That's the only way to win."
The stakes in the antispam movement have never been higher as "phishing" attacks aimed at stealing a person's information for financial gain are on the rise. The volume of spam is also increasing, and it's taking its toll on networks by eating up valuable bandwidth, mail server processing capacity, and storage.
Spam accounts for more than 65 percent of all e-mail processed by mail servers, according to Symantec, a security company that recently bought Brightmail, a spam-filtering company.
High volumes of spam can be particularly damaging in developing nations where the communications infrastructure is less advanced, said John Levine, co-chair of the Internet Research Task Force's Anti-Spam Research Group. In July, Levine attended an International Telecommunication Union meeting in Geneva, where countries from around the world expressed concern over the proliferation of spam.
"People in these countries tend to have slow and expensive connections, so merely downloading spam to throw it away costs them a lot of time and money," he said. "All the spam and phishing and other misbehavior on the Net makes people in developing countries reluctant to use the Net at all."Key is authentication
Because spammers make money when people click on spam messages, it's crucial for them to send as many e-mail messages as possible in the shortest amount of time with the least amount of effort for the lowest cost. Slowing down the process inevitably will raise costs, lower profit margins and possibly drive some spammers out of business, antispammers contend.
Adding a reliable layer of authentication to e-mail would create a significant new hurdle for spammers, experts said, potentially taking millions of e-mail addresses currently used as fronts for spam out of play.
Because the current e-mail system does not require any sort of authentication, spammers can "spoof" legitimate addresses to fool a recipient's spam filters. Spammers also have written programs that seek out vulnerable machines attached to the Internet and turn them into "zombies," which they use to launch attacks.
E-mail authentication technologies can protect against these attacks because they not only verify that e-mail is coming from a real IP address, but they can confirm that the sender is a trusted source.
Several companies, including Microsoft, Yahoo and Cisco, have developed e-mail authentication solutions.
The differences among the various approaches are in the details. Microsoft's Sender ID technology is designed to authenticate all inbound traffic by ensuring that the sender's return e-mail address is an actual address.
Yahoo's DomainKeys technology and Cisco's Identified Internet Mail take a different approach from Microsoft's. Cisco and Yahoo propose attaching encrypted digital signatures on all outbound mail, so that servers throughout the Internet can check and verify the origin of incoming mail.
A networked approach
TurnTide, a company that was recently acquired by Symantec, also has a solution that makes it more expensive for spammers to do their job. Unlike spam filters--which sit near e-mail servers, examining every e-mail message and quarantining those that look bad--TurnTide's antispam router looks at the actual packets and determines which ones are likely to have come from a spammer. Using features inherent in the TCP/IP (Transmission Control Protocol/Internet Protocol), it can limit the amount of traffic being sent from these sources.
Because most spam applications are impatient, they will give up and stop trying to send mail after a short period of time. In contrast, legitimate mail servers will continue to send test packets until they get a confirmation.
"The TurnTide router protects mail servers from getting overloaded because it gets rid of a big portion of spam before it's accepted," said Enrique Salem, formerly the CEO of Brightmail and now senior vice president of Symantec's network and gateway security group. "It changes the economics of spamming and introduces a cost to it."
Symantec said that the TurnTide product can reduce spam on the network by as much as 90 percent. And unlike filtering technologies, its rate of false positives, or the number of good e-mails rejected as bad ones, is very low, the company said.
Experts say there is room for even more innovative approaches. Internet service providers and large corporate customers will continue to use spam-filtering technology and will likely use a combination of solutions to fight this problem. That's why companies such as Symantec are investing in several antispam technologies.
"It's an arms race," MIT's Long said. "And I'm sure it will continue indefinitely."
5 commentsJoin the conversation! Add your comment