Alliance turns up heat on spam
A group of ISPs releases recommendations for stopping junk e-mail. Among their advice: Kill the "zombies."
Yahoo, Microsoft, EarthLink, America Online, British Telecom and Comcast announced a proposal of best practices for filtering and sending e-mail. Among the recommendations are technical methods for authenticating e-mail senders by Internet Protocol address or with digital content signatures. That way, ISPs and e-mail providers could help prevent e-mail fraud, one of the chief frustrations for antispam fighters.
In addition, the group advocated that ISPs detect and shut off Internet traffic from "zombie" machines, hijacked consumer PCs on their networks used to send millions of unwanted e-mail messages every day.
"Our aim with this proposal is to help lay out a clear framework for the industry as we continue to work together to end the spam business and put our customers back in control of their inboxes once again," Ryan Hamlin, general manager of Microsoft's Anti-Spam Technology and Strategy Group, said in a statement.
The effort is the latest from the Anti-Spam Technical Alliance, or ASTA, a group formed in April 2003 by the four major ISPs--Yahoo, Microsoft, EarthLink and AOL. Since its founding, the coalition has not publicly announced many joint projects, but individually, the parties have labored over technical and legal efforts to thwart spammers.
On the technical front, each company in the last year has publicly backed a different system for authenticating e-mail and quashing mail forgeries, or domain spoofing. Yahoo has backed a system known as DomainKeys for verifying the identity of an e-mail sender with digital signatures, or two-key encryption. AOL has been testing a DNS-based system, formerly known as Sender Permitted From and recently renamed Sender Policy Framework, or SPF. Microsoft, too, has developed its own system for identifying the origin of e-mail, called Caller ID for E-mail. It recently proposed a merger of Caller ID with SPF.
On Thursday, the coalition endorsed the underlying technical methods of each system, without specifying a standard. The group is examining both DNS-based and encryption-based systems and believes that the two standards are complementary.
ASTA's proposal also said that ISPs should implement rate limits on outbound e-mail traffic, control automated registration of accounts and close all open relays, which are a big source for e-mail. They also urged ISPs to block or limit e-mail on Port 25, the main thoroughfare for e-mail communications. For consumers, they recommended that all PC users install virus protection and security systems.
Earlier this year, ASTA launched its first joint legal assault against spammers. The suits claim that hundreds of unnamed defendants sent messages using false e-mail addresses--a violation of the newly enacted federal Can-Spam Act.