Spam Fighters Compare Notes

CAMBRIDGE, MASSACHUSETTS -- Leading researchers into unsolicited e-mail, along with some of its victims, compared notes on a spectrum of spam-fighting tools and lawsuits against spammers.

On Friday they were gathered here on the campus of the Massachusetts Institute of Technology for the second annual MIT Spam Conference.

Filters Reconsidered

Last year's event provided a forum for those championing the use of spam filters to stop unwanted e-mail solicitations. This year's conference was more about weapons, from litigation to the use of authentication to verify e-mail senders.

Bayesian filters, which identify spam by assigning statistical probabilities to message content, were another focus of discussion. Filters make it much harder for spammers to push through their messages, but have not stemmed the tide, say conference attendees.

Despite the wide use of spam filters, 70 percent of the e-mail messages received by Microsoft's Hotmail Web-based e-mail service are spam, according to Geoff Hulten, a spam researcher for Microsoft.

"The Bayesian solution is useful, but it just sweeps the spam problem under the rug. The spam is still there clogging up your system," says Keith Ivey of Smokescreen Consulting in Washington, D.C.

Researchers discussed ways to improve the performance and accuracy of Bayesian filters, such as deploying them on servers rather than on e-mail clients.

However, just as much discussion was given to other techniques that could be used in conjunction with filters, or in place of them.

Legal Remedies

Of suing spammers, John Praed of the Internet Law Group says spam-filter writers needed to work with law enforcement to build cases and bring legal action against spammers.

E-mail providers and law enforcement must also be more savvy about using existing laws to stop activities that support spammers, such as e-mail harvesting from Web pages, says Matthew Prince, cofounder of UnSpam.

E-mail providers can put language on Web pages that disallows address harvesting and other activities, Prince says. Such technologically simple steps would help cast such spammer activities in terms that courts understand, such as "breach of contract," he adds.

Providers could even use provisions of the Digital Millennium Copyright Act to fight spammers by declaring e-mail addresses trade secrets, Prince suggests, drawing groans from many in the audience.

More than one speaker touched on the need to better secure e-mail exchanges, making it harder for spammers to use faked (or "spoofed") e-mail addresses to circumvent antispam technology.

ISPs Gang Up

Yahoo representatives spoke about the company's support for user authentication to fight spam.

"If you know with certainty who the sender is, you know for certain whether the message is spam," says Laura Yecies, Yahoo senior director of mail products.

Yahoo champions the use of "domain keys," which use public key encryption technology at the domain level, to verify a message's sender.

Using domain keys, ISPs can allow authenticated e-mail messages to bypass spam filters, freeing resources to interrogate unauthenticated messages, she says. Unlike similar services offered by certificate authorities such as VeriSign, domain key technology would be free and available to even small online businesses, Yecies adds.

However, for domain keys to be effective, they must be widely adopted. Yahoo is working with the top six ISPs on a proposal to implement an authentication system, she says.

Bulk Mailers Listen

Despite the wealth of legal and technological tools at the disposal of spam fighters, including a new federal antispam law, most at the 2004 Spam Conference agreed that it was unlikely spam would be wiped out anytime soon.

Spammers can easily move their operations offshore to avoid legal problems and use networks of loosely protected home computers to disguise the source of spam e-mail, Praed says.

However, there is a growing sense that antispam efforts are taking a toll on spammers. For one thing the cost of doing business is increasing because of the lawsuits, precise filtering, and other campaigns.

The evidence of that success may be found in attendance by representatives of online mailing lists and direct marketing companies, which are the target of spam filters and antispammers.

"I'm here listening and absorbing," says Rob Edwards, director of information technology at Royall, a direct marketing company. The firm works on behalf of around 150 universities to reach college-bound high school students using "high volume e-mail," he says.

Edwards sees the 2004 Spam Conference as a way to "stay in touch with all segments of the industry." He says Royall is interested in staying on the "right side" of the spam issue.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon