Antispam confab looks beyond filters
Leaders in the fight against spam, phishing and e-mail fraud gather at the MIT to compare notes.
Speakers at MIT's 2006 Spam Conference were notably cognizant of the recent proposals of white lists and AOL's Goodmail, a pay per e-mail service offering preferential treatment in e-mail delivery for marketers. It is also one year since the implementation of Can-Spam, the federal law that sets e-mail marketing standards and makes it less complicated for law enforcement to go after John Doe spammers.
Many addressed these issues head on. Others proposed solutions that would clearly bypass the issue of e-mail postage, or creating a hierarchy of e-mail senders, an idea that goes against the Internet's equalizing spirit.
Phil Raymond of Vanquish Labs, who presented on behalf of the Email Accountability Initiative, put it bluntly, "If you have a first class (car) on the train, there will be a lot of people in the cattle car and some of those cars will be left behind completely."
Rather than an e-mail postage system, Raymond proposed another type of economic incentive. In lieu of paying postage to send e-mail, bulk e-mailers could be required to put up a bond. And rather than worrying about how to legally classify spam, leave it up to the recipients. Under this system, e-mail recipients would have the ability to penalize those senders they don't want mail from. A price would be attached to the penalty, and the marketers' bonds would cover the cost of those e-mails rejected as spam.
The idea is that spammers and legitimate marketers alike would be less likely to send mass e-mails if rejection is going to cost them actual dollars. A study showed that under such a system, spammers give up, and legitimate marketers, according to Raymond, aim their e-mail campaigns more specifically at parties likely to be interested.
The consensus seemed to continue to be that though filters are good, they don't cut to the heart of the matter. Presenters urged greater concentration on preventing and going after generators of spam content, rather than just keeping spam e-mail from entering users' in-boxes.
"Filtering e-mail is like easing the symptoms of a disease without curing the disease itself. The only thing it's doing is easing the pain," said Tobias Eggendorfer of the University of Bendeswehr Munchen, who proposed the use of SMTP and HTTP "tar pits" to slow delivery of bulk e-mail.
Eggendorfer's sentiment about filters was echoed throughout the conference.
CipherTrust, a network security company, emphasized going after e-mails with phony domain names and the spoof Web sites they link to. It announced the release of PhishRegistry.org, a free service that alerts registered legitimate Web sites when they are being spoofed.
Two attorneys also weighed in on Can-Spam. Jon Praed of the Internet Law Group, a boutique high-technology law firm representing such clients as America Online, suggested going after e-mail harvesters, the entities that gather e-mail addresses from the Internet for the purpose of spamming or selling the addresses to spammers.
In Praed's opinion, Can-Spam has led legitimate marketers to spend large sums of money to comply and change their tactics, while failing to rein in dangerous spammers.
Aaron Kornblum, an attorney from Microsoft's 65+ antispam litigation team, saw Can-Spam as a useful tool that has aided law enforcement in states with weak or nonexistent Internet fraud laws. Since 2003, Microsoft has filed 109 civil lawsuits. Seventy of those were filed since Jan. 1, 2004, utilizing Can-Spam provisions. Seventeen of those defendants were from the Registry of Known Spam Operations (ROKSO), the FBI Most Wanted List equivalent for spammers.
Though researchers are just scratching the surface of spam prevention, progress has been made, many presenters said. Vocabulary is being developed so that law enforcement and experts are communicating with each other and the public.