Uncle Sam vs. Spam

The Latest Techniques to Fight Spam

Think you're deluged with spam? Your ISP or your employer likely already has some methods in place to prevent it from getting to you in the first place. But an array of newer techniques may prove more effective.

For years, the war on spam has been fought largely on the technology front. ISPs and individuals rely on blacklists that block e-mail from known spam sources, and on filters that examine each message for signs of spammishnessfor example, tip-off words and phrases. Spammers counter by using bogus addresses and by continually tweaking messages to fool the filters.

While many people have proposed new approaches to fighting spam, a true technological solution would likely entail making changes to the simple message transfer protocol (SMTP) on which most e-mail relies, such as including a way to indicate whether the user has agreed to receive commercial mail. But changing an essential Internet protocol like SMTP would be a monumental task requiring all ISPs and every user to change their software.

"If I could wave a magic wand and replace SMTP with a new protocol overnight, I could reduce the problem of spam to a level where most people wouldn't even notice it was there," says Steve Atkins, principal of Word to the Wise, an Internet consultancy. But replacing a protocol completely like that would take years, maybe decades.

In the short term, the industry is focusing on making better filters, to catch more spam and to reduce the number of so-called false positiveslegitimate bulk e-mail, such as opt-in newsletters, that gets trashed along with the junk. Last spring, e-mail technology company EPrivacy Group promulgated the Trusted E-mail Open Standard (TEOS), a way to identify e-mail senders so that software can filter messages more accurately. Such a system would entail, at minimum, identifying the source of the mail via DNS records (online databases that match Internet protocol addresses with domain names); and it might ultimately involve embedding information in each message about the type of advertisement it contained and whether the recipient asked for it.

"If you tell us who you are, the type of e-mail it is, and the type of permission you have, your mail will go through without a doubt," says Vincent Schiavone, CEO of EPrivacy Group.

Around the same time, the E-mail Service Providers Coalition proposed an initiative, dubbed Project Lumos, to establish a system that would work like a credit bureau for bulk mailers. Marketers would be rated (though by whom isn't very clear) on a series of objective criteria, such as how well they handle bounced messages or unsubscribe requests, and ISPs could choose to allow or block mail from them based on their rating on this list.

Another approach is Habeas's Sender Warranted E-mail (SWE), an e-mail verification system that allows the sender to insert trademarked material (a haiku) into an e-mail text header, where e-mail servers could read it but it would be invisible to most users. ISPs and enterprises can program their filters to look for the SWE warrant mark and let these messages through. Under U.S. trademark law (which permits much larger financial penalties than state spam laws do), Habeas can sue spammers who use the mark in violation of the rules.

For such solutions to work, they need to be broadly adopted by users and mailers alike. The TEOS proposal for identifying senders is still fairly new, though Microsoft chairman Bill Gates's endorsement of trusted-sender principles in testimony before Congress may boost support for the concept. For its part, Project Lumos faces questions as to how each mailer would be scored and who would do the scoring. Habeas CEO Anne Mitchell says her program is protecting 500 million in-boxes, including those at two of the top four ISPs, but few electronic marketers have signed up for the service.

Though these proposals may help legitimate e-mail messages reach the people who want them, we're unlikely to achieve a system where the only e-mail you'll ever receive is from trusted sources. Filters will always be necessary, says Jason Catlett, founder of the Internet advocacy group Junkbusters. But they are imperfect (and always will be).