- Related Stories
-
Lycos Europe denies attack on zombie army
December 1, 2004 -
Banner day for attacks?
November 22, 2004 -
Browser promises to fend off phishers
November 22, 2004 -
Spam gets religion
November 19, 2004 -
Report: Crooks behind more Net attacks
November 16, 2004
As technology executives hunker down for a prolonged battle against spammers and virus writers, they caution that their products can only go so far to protect consumers against the proliferation of "phishing" scams and virus-spreading e-mails. Instead, they say, some of the responsibility for spam prevention is on the shoulders of Internet users.
"This is an awareness problem, not a product problem," Symantec CEO John Thompson said during a panel discussion keyed to the launch of CNET Editor at Large Esther Dyson's Release 1.0 Web site.
If Thompson is right, it's a problem not given to quick solution. Despite advances in the last couple of years, other executives on the panel--which took place Wednesday at the headquarters of News.com publisher CNET Networks--agreed that the tech industry has a long way to go in raising this awareness.
Some panel participants, such as Brad Garlinghouse, vice president of communication products at Yahoo, and Meng Weng Wong, founder of PoBox.com, floated the idea of primary e-mail providers such as Yahoo, Microsoft and America Online giving users incentives to be more careful about how they share information online and what they download.
"We, as an industry, can give you incentives not to be lazy," said Yahoo's Garlinghouse. "By working collectively we can attack this."
Spam, once merely a nuisance that clogged in-boxes, has evolved into a tool for criminals intent on stealing credit card numbers or launching viruses.
Congress and a few states have passed laws that would impose jail time for some offenders. On Tuesday, the legislature of Ohio passed a bill that could bring out-of-state spammers to trial and impose harsh financial penalties and jail sentences. The bill, which has yet to be signed by the governor, follows the example of the federal government's Can-Spam bill, which went into effect at the beginning of 2004. Can-Spam would impose punishments based on falsified e-mail headers and "sexually oriented" messages that are not properly labeled as such.
At the same time, e-mail providers are taking their own steps to battle spam, steps that aren't necessarily in line with one another.
Yahoo and Cisco Systems have both created e-mail systems that use digital signatures to verify the sender's authenticity, called "DomainKeys" and "Identified Internet Mail," respectively. While the two products compete against each other, the companies are in discussions to establish some common ground, according to Cisco executive David Rossetti.
Other providers, such as Microsoft and America Online, are trying to tackle e-mail authentication by cross checking addresses with domain name service records. The idea is to ensure that the "@yourbank.com" address in one's in-box jibes with the message's underlying, numbered Internet protocol address.
Microsoft in May merged its "Caller ID for E-mail" technology with Pobox.com's SPF, or "Sender Permitted From" approach.
Microsoft submitted the merged technology, called "Sender ID," to the IETF standards body but faced resistance when people in the open-source community claimed Microsoft could charge royalties.
Microsoft eventually retracted its changes after open-source groups; America Online, which supports SPF; and Wong's Pobox.com pulled their support for Sender ID. Wong himself has filed with the IETF to standardize SPF. Yahoo has also filed to standardize DomainKeys.
Despite disagreements on how to tackle the spam problem, industry executives agree that spam can never be fully eradicated. Instead, companies, service providers and consumers alike will need to make their own contributions to reduce and prevent spam from harming their computers.
"There is no silver bullet to this problem," said Richard Gingras, CEO of Goodmail.
The only way to end spam is to make email so expensive to send that it becomes useless as a general public communication mechanism. How do we make it expensive? Well, for a start we could require everyone to run a fancy spam filter. Or require everyone to participate in an accreditation service (accreditation means paying money to someone like Verisign in exchange for their blessing). Or put in mechanisms that make email no longer public (
http://www.mailchannels.com).
Regardless of the mechanism chosen to end spam, spam will always continue as a problem. It's a social problem and the only way to permanently solve it is to kill all the spammers. In other words, to create a police state in which email is no longer relevant.
- "...Laziness has dire consequences."
- by Prndll December 2, 2004 4:49 PM PST
- This is exactly what I'm saying.....
- Like this Reply to this comment
-
(3 Comments)A user cannot put on someone else to do those things that they must do for themselves. The idea that an ISP would be given the responsability of filtering email (in any way) is crazy. If your going to own a pc and your going to be online, then you must understand that you need to take the time to learn about what it all really is. It is simply the idea that too many people don't want to learn anything about computers or the internet that they fall victom to the pitfalls found online. Self education is such a must for just being connected. If a user is unwilling are unable to learn...that user has no business online. It is the end user's responsability to learn to do things for themselves. Otherwise, the result is generally spam, ID theft, viri infection, or worse....being controlled by some corporate entity.