Spam: You just can't win

No real solutions arise at the Information Security Best Practices conference at Wharton School of the University of Pennsylvania.

This was originally posted at ZDNet's Between the Lines.

For anyone even slightly optimistic about thwarting the never-ending crush of spam I have two words: don't bother.

At the Information Security Best Practices conference at Wharton School of the University of Pennsylvania, I've learned the following from the first panel.

Comcast's Gerard Lewis, senior counsel and chief privacy officer, noted that the Can-Spam act of 2003 "hasn't done anything to curb spam," but is "a well intentioned law." Indeed, almost all e-mail is classified as spam.

Lewis should know since Comcast moves millions of e-mails a day--450 million on average to be exact. Lewis walked through the evolution of spam and how defenses have moved from generic filtering to a more sophisticated model. The rub: the fancy stuff doesn't work too well either.

Lewis said that giving consumers more control and tools to prevent spam helps a bit. But plenty still fall for social engineering tricks.

What's the solution?

I haven't heard one yet. Chris Marsden, a professor at the University of Essex, said there are a bevy of regulation schemes being cooked up across the pond. But it didn't sound like there were any spam killers coming from the UK.

Marsden said ISPs will likely see more regulation, but giving consumers more tools isn't the answer per se.

"ISPs have made it clear that consumers will not implement filters," said Marsden. Australia has even sent CDs to citizens to prod them to implement filters. One outcome may be required filtering for spam and content on all PCs as a regulatory requirement.

Think of these efforts as mandatory seat belt laws for Web surfing.

Update: In a follow-up conversation, Lewis said the biggest issue with laws like Can-Spam is that it doesn't reach overseas where a huge chunk of the spam originates. Carol DiBattiste, senior vice president of privacy, security, compliance and government affairs at Lexis-Nexis, spoke about a different topic, but the solution sounds a lot like what the folks in Talkbacks to this post are seeing. Lexis-Nexis as part of its security policy blocks international IP addresses.

Tags:
Security
About the author

    Larry Dignan is editor in chief of ZDNet and editorial director of CNET's TechRepublic. He has covered the technology and financial-services industries since 1995.

     

    ARTICLE DISCUSSION

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    Hot on CNET

    CNET's giving away a 3D printer

    Enter for a chance to win* the MakerBot Replicator 3D Printer and all the supplies you need to get started.