March 28, 2006 7:05 PM PST

Antispam confab looks beyond filters

The fight against spam, phishing and e-mail fraud should focus on economic incentives and aiding law enforcement, according to attendees at a conference examining the problem this week.

Speakers at MIT's 2006 Spam Conference were notably cognizant of the recent proposals of white lists and AOL's Goodmail, a pay per e-mail service offering preferential treatment in e-mail delivery for marketers. It is also one year since the implementation of Can-Spam, the federal law that sets e-mail marketing standards and makes it less complicated for law enforcement to go after John Doe spammers.

Many addressed these issues head on. Others proposed solutions that would clearly bypass the issue of e-mail postage, or creating a hierarchy of e-mail senders, an idea that goes against the Internet's equalizing spirit.

Phil Raymond of Vanquish Labs, who presented on behalf of the Email Accountability Initiative, put it bluntly, "If you have a first class (car) on the train, there will be a lot of people in the cattle car and some of those cars will be left behind completely."

Rather than an e-mail postage system, Raymond proposed another type of economic incentive. In lieu of paying postage to send e-mail, bulk e-mailers could be required to put up a bond. And rather than worrying about how to legally classify spam, leave it up to the recipients. Under this system, e-mail recipients would have the ability to penalize those senders they don't want mail from. A price would be attached to the penalty, and the marketers' bonds would cover the cost of those e-mails rejected as spam.

The idea is that spammers and legitimate marketers alike would be less likely to send mass e-mails if rejection is going to cost them actual dollars. A study showed that under such a system, spammers give up, and legitimate marketers, according to Raymond, aim their e-mail campaigns more specifically at parties likely to be interested.

The consensus seemed to continue to be that though filters are good, they don't cut to the heart of the matter. Presenters urged greater concentration on preventing and going after generators of spam content, rather than just keeping spam e-mail from entering users' in-boxes.

"Filtering e-mail is like easing the symptoms of a disease without curing the disease itself. The only thing it's doing is easing the pain," said Tobias Eggendorfer of the University of Bendeswehr Munchen, who proposed the use of SMTP and HTTP "tar pits" to slow delivery of bulk e-mail.

Eggendorfer's sentiment about filters was echoed throughout the conference.

CipherTrust, a network security company, emphasized going after e-mails with phony domain names and the spoof Web sites they link to. It announced the release of PhishRegistry.org, a free service that alerts registered legitimate Web sites when they are being spoofed.

Two attorneys also weighed in on Can-Spam. Jon Praed of the Internet Law Group, a boutique high-technology law firm representing such clients as America Online, suggested going after e-mail harvesters, the entities that gather e-mail addresses from the Internet for the purpose of spamming or selling the addresses to spammers.

In Praed's opinion, Can-Spam has led legitimate marketers to spend large sums of money to comply and change their tactics, while failing to rein in dangerous spammers.

Aaron Kornblum, an attorney from Microsoft's 65+ antispam litigation team, saw Can-Spam as a useful tool that has aided law enforcement in states with weak or nonexistent Internet fraud laws. Since 2003, Microsoft has filed 109 civil lawsuits. Seventy of those were filed since Jan. 1, 2004, utilizing Can-Spam provisions. Seventeen of those defendants were from the Registry of Known Spam Operations (ROKSO), the FBI Most Wanted List equivalent for spammers.

Though researchers are just scratching the surface of spam prevention, progress has been made, many presenters said. Vocabulary is being developed so that law enforcement and experts are communicating with each other and the public.

See more CNET content tagged:
CAN-SPAM Act, marketer, spammer, law enforcement, anti-spam

2 comments

Join the conversation!
Add your comment
So much energy to "solve" a problem caused by a false assumption...
The cause of spam is one simple false assumption: that in email address is a scarce resource (like a phone number). The truth is that email addresses are as cheap as dirt. One can get an endless supply of them by getting a domain name for less than $10 a year, or for free by getting a subdomain offered by someone else that paid <$10 a year for a domain. With proper management of this resource spam is quite impossible.
Trying to treat a single email address as a valuable resource that has to be preserved, however, means that spam to that address is unavoidable. Spam is only effective if email addresses are persistent.
Posted by hadaso (468 comments )
Reply Link Flag
What's the REAL problem here?
One can create personal throw-away E-mail address easily. But corporations and those serious about keeping their current E-mail address will have a problem with that.

The only way to stop SPAM is to hold the source accountable.

The source is the spoofing SPAMMER whom MUST go through an ISP. So the ISP is the one directly about the spoofing SPAMMER whom CAN make a dent in their user's policies.

Likewise... free E-mail accounts are as you say... a dime a dozen... but that helps the SPAMMERS more than it does us.

What's needed is authenticatability and accountability.

Your E-mail (spam or otherwise) WILL NOT be sent unless you can be authenticated via a valid means. BUT... that does not mean via untrustworty authentication sites. The authentication sites MUST be trustworthy OR ELSE your E-mail doesn't see the light of day.

You STOP SPAM at it's source... NOT by changing E-mail addresses, NOT by filtering or any other means.

Blocking outgoing port 25 is one way ISP's can make a dent in Spammer's operations, but that alone is not enough.

Banning those who SPAM will only stop the Spammer from using that ISP's service... but with "dime-a-dozen" FREE E-mail sites... Spammers just create another "dime-a-dozen" E-mail and they're right back in business.

To stop the problem you have to go to the root. And sitting one up from the root are ISP's and FREE E-mail services which are currently hindering the problem!!!

Walt
Posted by wbenton (522 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.