Welcome Guest. | Log In| Register | Membership Benefits
  • Email this page E-mail this page
  • |  Print Print this page
  • |   Bookmark and Share
  • icon

Weapons Of Spam Destruction


Sender authentication will not stop spam, but other weapons proposed by ASTA might do a lot, and quickly.

By John Dickinson
Messaging Pipeline
June 24, 2004 02:00 PM

Just in case you get the wrong impression, it's not that I'm not a fan of sender authentication schemes -- I actually think it's important that when you receive an e-mail you should have some certainty about who sent it. The SMTP protocol we now use does not provide for that, and the various schemes proposed by the Anti-Spam Technical Alliance (ASTA) should fix that problem.

But that will not fix spam. Spammers are smart, they will figure out a way around or through sender authentication schemes, and will find their way through the various sender accreditation and reputation schemes being bandied about the industry. They are also not very nice people, and in simple fact are criminals who are financially very motivated to practice the fine art of spamming.

Less well known is that ASTA went beyond sender authentication and made several important proposals for best practices that ISPs should follow in the fight against spam. These have a better shot at stemming the tide of unwanted junk e-mail than sender authentication -- much better, and they would work more quickly as well.

The most important one is the proposal to block Port 25, the tag that SMTP uses for sending unsecured e-mail from a server. When a home computer is turned into a spambot zombie by a viral attack, such as the Bagel virus, it sends a torrent of e-mail using Port 25. If that were blocked, the spam-bearing e-mail could not get out, but of course normal e-mail could not get out either. It would be a reasonably simple chore for ISPs to educate their customers to change their mail programs to use Port 587 for secure mail. ISPs are reluctant to do this because of this tech support requirement, but that seems a small price to pay in the interests of protecting the wider community from spam.

A simpler proposal is for ISPs to construct a tar pit that would notice torrential streams of e-mail and stop them cold, or at least slow them down long enough to ascertain whether the stream contains spam or legitimate e-mail. Plug-in appliance products exist that will do this, and it is beyond me why ISPs haven't taken advantage of them.

The bottom line here is that the ISPs can play a significant role in stemming the tide of spam without changing e-mail protocols and DNS records, something that sender authentication requires. And the practices that ASTA proposes for ISPs might actually help solve the biggest problem to plague the Internet since the first major virus attack hit 15 years ago.


Subscribe to RSS


Advertisement

CAREER CENTER
Ready to take that job and shove it?



TechCareers

SEARCH
Function:

Keyword(s):

State:
SPONSOR
RECENT JOB POSTINGS
CAREER NEWS
10 Search Engines You Don't Know About
Go beyond Google and get vertical. These specialized search sites will help you find the business information you need -- fast.

Yahoo Profits Fall 23%, Cuts 1,000 Jobs
Ari Balogh was named to the post of chief technology officer as the companys for a "realignment" of employees.

More articles from our career center





Subscription Info
Apply for a free 52-week subscription to InformationWeek (a $199 value)

Last Name:

First Name:

Title:

Company Name:

City:

Business Address:

Zip:

State:

Email Address:

NOTE: Offer valid for U.S., U.S. possessions, & Canada only

            

Join economist Chris Cornell and 3 CIOs in an Exclusive Online Exchange for Senior IT Executives: Using IT to Drive Value in a Turbulent Economy. November 5th only.