The Web    Google
Experts Question UN's Anti-Spam Plan

Experts Question UN's Anti-Spam Plan
July 8, 2004

Suggestions from the International Telecommunications Union (ITU) conference about how to fight spam has an anti-spam expert questioning whether spam can really be wiped out.

Matt Cain, META Group's senior vice president of content and collaboration strategies, said the underlying e-mail framework, Simple Mail Transfer Protocol , makes eradicating spam nearly impossible.

"It's highly unlikely, close to a pipe dream," he said of proposals that purport to eradicate spam. "I think it'll be a perennial problem, but I think organizations have to erect substantial defenses against spam using a variety of techniques. Spam will [be reduced] to a manageable level, but it will be a persistent menace."

Cain's comments followed reports from the ITU/World Summit on the Information Society's (WSIS) Thematic Meeting on Countering Spam, taking place in Geneva this week.

Robert Horton, the Australian Communications Authority (ACA) chairman, reportedly said a combination of international cooperation and technology could take care of the rising tide of spam "in short order."

The summit's goal is to build an international consensus on the dangers of e-mail, especially in its impact on business productivity, its role in the distribution of pornographic material and the spread of criminal activity.

According to its background paper on the subject, drawing from statistics from managed e-mail security vendor MessageLabs, spam accounts for 76 percent of the world's email and has an aggregate yearly cost of roughly $12 billion, or about $1,920 per employee in lost time.

Getting international consensus on the matter of spam is likely to be a thorny problem for ITU officials, however, despite the obvious cost benefits to every country involved. For example, some of the leading countries involved with the elimination of spam are also the biggest contributors to the spam problem. The United States is also the biggest haven for spam activities, followed by China, South Korea, Brazil and Canada, according to the ITU.

"What we're seeing is sort of the typical response to this problem, like any technology problem, where vendors like Postini work on a problem and now we're seeing the government entities and public entities get involved," said Andrew Lochart, director of product marketing at managed e-mail services provider Postini.

Lochart said the idea of ending spam in two years, comments which were widely reported in dispatches from the ITU spam summit, could have been taken out of context, or meant to convey the hope the spam would be battled enough to no longer rank as a problem anymore. Completely eliminating spam and spammers could happen 10 to 20 years down the road, after fundamentally changing the nature of the Internet and SMTP, which was created at a time when there weren't many people using e-mail to communicate.

Last week, the U.S. Federal Trade Commission (FTC), the United Kingdom's Office of Fair Trade (OFT) and the Australian Competition and Consumer Commission (ACCC) penned what could be a precursor to the ITU's goal of an international agreement on fighting spam. The memorandum of understanding (MOU) between the three countries allows for the sharing of evidence and information on spamming activities and the people causing the activities.

But META's Cain said he thinks it is much more likely that software and standard's solutions, notably Microsoft's (, ) authentication scheme, will do much to weed out the spam that comes from spoofed e-mail addresses.

Microsoft will send its technology specification -- a combination of its owner Caller ID technology and Meng Weng Wong's Sender Policy Framework -- to the Internet Engineering Task Force (IETF) for consideration as a standard when the standard's body gets together in August.

The technology's inclusion as a standard would have a snowball effect; the FTC reported in June that it would not support a registry because, in part, it's difficult to authenticate e-mail addresses.

The ITU remains convinced a government role is necessary for anti-spam efforts to take hold. In its background paper, officials conclude that commercial and self-government won't end spam.

"While [spammers] were quickly recognized as a problem, it has typically been considered beyond the realms of government interference," it reads. "It has been considered the role of the Internet community, not government, to regulate the Internet."

Lochart expects the commercial industry itself will have a lot to do with any success in removing unwanted e-mails from people's inboxes, and not just e-mail security providers like Postini. ISPs , those who host the spammers on their servers, play a key role in removing spam from the Internet.

"Here's why spam isn't going to go away in two years: there are a lot of ISPs who are naive, or negligent, maybe even criminal -- maybe these ISPs exist merely for the purpose of helping out spammers, I don't know," he said. "There are something like 3,000 to 5,000 small and independent ISPs in this country alone, so you look worldwide and the number of onramps to the Internet for a would-be spammer, and you start to see the size of the problem."

  • 3/24: Rbot-DP an IRC Backdoor Trojan
  • ActivCard Enhances Authentication for Remote Access Over Web
  • AntiOnline Spotlight: Network Security Made Easy?
  • Exploring Windows 2003 Security: IP Security
  • 1/12: Kobot-B Worm Uses 3 Windows Flaws
  • 4/22: CashGrab-A Hits Bank Customers
  • New Spam Scam Exploits Pope's Death
  • 2/28: Elitper-A Worm Uses MAPI
  • Plenty of IM Security Holes Left to Plug
  • 3/21: Sumon-C an IM and P2P Worm
  • Arbor Adds Support for Cisco Firewall to DoS Appliance
  • Discussion on Security Camera