There is a war being waged every day around the world. A war that
affects everyone, spanning from computer to computer, over a battlefield
called the Internet. It is a war on spam, a dirty little four-letter word
that sends us all into a fit of anger and frustration. And as of today,
spammers are winning this battle, but not for long.
A paradigm shift in how we combat unsolicited e-mail is the next logical
and necessary step in the evolution of our war on spam. Current methods of
combating spam, such as commercially available spam blocking software, and
enterprise level rules based spam filtration systems for Internet Service
Providers, are too far below par to be of any real effect. This we all
know to be true despite the loud rumblings of ISPs and their new and
improved spam killing system of the month. All we have to do is open our
inbox and see the numerous ads for all those annoying items.
The inability of the ISPs to recognize the inherent faults in using
filtration as the main system of spam prevention has given birth to a new
and serious problem of false positives. False positives are legitimate
e-mails sent by legitimate companies to people who want to receive them,
but are recognized as spam by the ISP's filtration system and therefore
not delivered. Oftentimes these false positives will be e-mails such as
newsletters from Web sites people have opted into, and other times they
are of much greater importance, such as receipts for online purchases, or
even confirmation e-mails which -- if not received and acted upon by the
consumer they are intended for -- will not allow access to them. So here
it is, you and I pay for something online, and because of the new
“heightened alert” status of the ISP's filtration system, we may not be
allowed to have access to these products or services.
Not only are we the consumers affected by the false positive phenomenon,
but marketers are being blocked from entire systems such as America On
Line, as Web-hosting company C I Host found out, simply because their
e-mails trigger an incorrect response with the ISP's filtration system.
This creates a whole new level of liability for service providers. Not
only can they have legal problems due to e-mails they let into or out of
their system, but now due to false positives, they are liable for e-mails
they don’t allow into their systems.
Spammers have evolved their attack, staying one step ahead of us all,
modifying subject headings as they slip by the filtration systems with
clever little titles like “Where have you been?” and “Why haven’t you
e-mailed me back?” They send spam out through open proxy servers so they
can’t be traced, and even use e-mail viruses to send out spam through our
own personal PCs. This costs consumers precious time and energy to have to
go through numerous unwanted and often offensive e-mails. It also costs
unbelievable amounts of money for the ISPs, having to buy, implement and
monitor their filtration systems.
So what can be done to stop these unwanted attacks? The answer is actually
quite simple, but first we need to understand the nature of this thing we
call spam. Think of cause and effect. Spam is the effect, so what is the
cause? Spammers wouldn’t bombard us with ads for penis enlargement, Viagra
and other such nonsense, if they weren’t receiving some sort of
compensation for it. Generally, companies don’t get into the business of
spamming themselves. They hire spammers to get the job done, and believe
it or not, spam e-mail in a lot of cases works -- spammers get paid
because some people actually really do buy the products, products which we
find humorous and oftentimes offensive. And to compound matters even more,
the Web sites which sell their trash often reside on what are called
“Bulletproof Hosts.” These hosting companies guarantee that no matter what
or how many complaints are filed with them, the provider will not bring
down the Web site for any reason. This creates a serious dilemma.
So what does all this data tell us? It seems to me that we’re simply
focusing our efforts on the effect of the problem, and not the actual
cause of the problem. What we actually need to do is go after the sites
which are paying the spammers to e-mail their marketing junk. So how do we
get through the Bulletproof Hosts? By working with a company that has
created a single point of presence for spam reporting and black listing.
When a site is blacklisted, all routes to and from the site are removed
from ISP routers. This eliminates the paths we use to arrive at the site
the spammers are marketing. If and when the site which employs the
spammers can’t do business, then they can’t pay spammers, ultimately
removing their source of income and choking the life out of them.
If we report our silent intruders to a single location, we amass a wealth
of incriminating information. This information is then recorded,
calculated and tracked. This process allows us a number of abilities. Not
only will we be able to shut down the sites which are the source of
revenue for spammers, we have a reporting system which follows these sites
from ISP to ISP. We will have now created a reporting system much like a
credit report, or driving record, allowing ISPs to be able to check on a
domains history of activity prior to signing them up with their company,
giving the ISP the ability to reject access to their hosting network to
unscrupulous marketers. Once this is achieved, these unscrupulous
marketers will no longer have the ability to simply move from one provider
to another as they do now, but will be forced to deal with their improper
actions. Their only course of action in the end will be to become a
legitimate marketing company, following proper industry rules and
regulations.
Spam costs service providers millions of dollars. Currently, service
providers eagerly sign up unscrupulous Web sites without the knowledge of
the problems that can cause, for both us and themselves. Liability for
legal action has increased tremendously over the last several months, with
groundbreaking new cases such as the one against America Online last
month. The shift from filtration to global blacklisting with the ability
to show evidence and/or justification as to why, can and will reduce this
liability from ISPs greatly.
The most difficult aspect of this transition will not be a technical one.
It will be in the global consensus of the service provider community to
use the same data, the single source of reference to acquire information
on who is to be blacklisted, and who is not. Currently with the numerous
amount of blacklists available on the Internet, no two service providers
seem to use the same lists, therefore a spammer who may be shut out of one
location, will have access to another. The use of the global blacklist
will prevent this from ever happening again. With a unified spam reporting
system, service providers could run a check on these domains and avoid
future problems. The ability to have a unified spam reporting system will
produce the results we are all waiting for in what seems to be a
never-ending fight against spam.
Igor Barash is CIO of Network Dynamics. Consumers can report spam
complaints to National Do Not
Email, using its Unified Spam Reporting System. Fill out the Report
Spam page, NDNE processes the complaints and notifies the ISP. |
INDUSTRIES
Activate Email 
