Spam Slayer: Spam Weapons of Tomorrow
Tip of the MonthKeep Your Numbers Private. Think twice before submitting your mobile phone number to a contest or sweepstakes. Marketing firms are now targeting mobile phones with text-messaging advertisements. By dangling discounts and prizes, firms hope you'll give them your cell phone number so they can spam you there as well. The fine print in Sweepstakes Online's marketing message says it will send "event reminder messages, coupons, and other incentives." That's spam!
ISPs are on a mission: They're trying to craft the online equivalent of caller ID so they can figure out who is sending spam to their customers and more easily block junk e-mail and prosecute spammers.
Right now, spammers can easily shield their identities to get through your ISP's front door and clutter your in-box. The recently enacted Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) law is supposed to address the spam problem. But ISPs and law enforcement are having a hard time figuring out whom to prosecute.
America Online, Microsoft, and Yahoo are all working on technologies that would enable an ISP to verify that an incoming e-mail message was actually sent from the domain in its return address--and if not, reveal the real source. In addition to helping authorities track down offenders, these technologies would give ISPs the power to block e-mail with forged source information.
The e-mail authentication systems these companies are developing would keep spammers from covering their tracks by hacking into e-mail servers and unprotected computers on the Internet and falsifying data in a message's sender field. Today, half of all spam is routed through computers that mask the sender's identity, according to e-mail security firm MessageLabs.
Research in Progress
America Online is testing technology called Sender Permitted From, which can verify that an e-mail with an AOL return address originated from an AOL user. (AOL hasn't yet broadened it to cover other ISPs). SPF works by verifying domain name system records with a service provider's IP addresses.
For example, if a spammer faked a return e-mail address as being from firstname.lastname@example.org, an ISP could tell if the message didn't originate from a matching IP address used by AOL. Any ISPs that adopt the SPF technology could easily trace AOL e-mail back to AOL. Currently, no automated process can do this.
Yahoo's DomainKeys plan would place a digital key, which could not be forged, on outbound Yahoo e-mail. When the message reaches its destination, the recipient's e-mail server would check the Yahoo key and deliver only messages that are verified as coming from Yahoo.
Last week, Microsoft proposed a spam weapon in the form of an open industry standard described in the draft specification titled "Caller ID for E-Mail: The Next Step to Deterring Spam." Like AOL's and Yahoo's proposals, Microsoft's approach looks to revamp the way all e-mail is sent and require messages to have the correct return e-mail address.
The difference among these proposals involve the type of format used to embed data in an e-mail message header, and how an ISP would use that information.
Another antispam approach builds on the fact that spammers have no financial incentive to pare their lists. There's no extra cost in sending as many e-mail pitches as possible. If a price is put on bulk e-mail, the volume of junk e-mail sent might subside.
Microsoft's approach is called Penny Black. The technology would delay delivery of incoming e-mail until the sender's computer solves a complicated math equation that would tie up that PC for about 10 seconds. The presumption is that spammers who send millions of messages would need a supercomputer to stay in business. But it's a solution for the future; the Penny Black technology would need to be built into PCs or operating systems.
Microsoft and other organizations are also exploring technologies that would force spammers to pay a small charge to either ISPs or to a central authority for each piece of unsolicited e-mail, thereby motivating them to trim their mailing lists.
Goodmail Systems is developing an e-mail postage technology that would do just that. Its electronic stamps would be free to individual users and available at a reduced price to nonprofits. Richard Gingras, Goodmail's president and CEO, says this would not only cut spam but also enable ISPs to generate revenue from spammers--which they could then use to fight spam.
Goodmail's solutions wouldn't cut off unsolicited e-mail entirely. But advertisers would have to pay an ISP to ensure their commercial e-mail message hits customer in-boxes. Any bulk e-mail message lacking a paid electronic stamp would be subject to the ISP's spam filters, with no guarantee of the message's delivery. Theoretically, spam filters could be much more restrictive if they could identify e-mail that comes from a trusted source. Personal e-mail with an e-stamp would never be blocked by accident, and an advertiser's e-mail with an e-stamp would have to identify itself.
"Every spam-fighting option is on the table for consideration right now," says Dale Malik, director of product management at BellSouth. He estimates that spam costs ISPs like BellSouth about $3 per in-box yearly. The costs come from paying for filtering technology, e-mail storage for customer in-boxes, and the network bandwidth that spam uses.
Despite these varied antispam efforts in progress, don't ditch your desktop spam filter quite yet. All of these technologies are still only being researched and undergoing limited testing.
Q. My e-mail messages to AOL members are not being delivered--they're ending up in the bit bucket. I find it inappropriate that AOL notifies neither senders nor AOL members who are being blocked of this. I have never sent "spam" to anybody.
What can I do to correct this problem? Is there any hope here?
A. Regularly I hear from people regarding similar problems with legitimate e-mail getting blocked by spam filters. If an ISP is blocking your e-mail, it's likely because your messages look like spam. Here are a few things you can do to increase the chances your e-mail gets through:
- Avoid using excessive profanity and words typically found in junk e-mail. For example, too many instances of the words "free" or "mortgage" and the phrase "one-time offer" might trigger a spam filter to block your message.
- Send e-mail to multiple recipients in smaller batches. Messages sent to groups of people at the same time may look like spam to your provider and to a recipient's ISP. Also, contact your ISP about its bulk e-mail policies.
- Contact the ISP's postmaster about your e-mail being blocked. The AOL postmaster hotline is 888/212-5537. For other ISPs, try sending an e-mail to postmaster@nameofISP.com and request clearance. You might also want to visit the main Web site for the ISP in question and look for a postmaster telephone hotline.