Home / Blogs

Friction-Free Commerce, Spam-Free Future

I’m sitting here at the Inbox conference on e-mail, and listening to an encouraging, plays-nicely-with-other-children talk from Ryan Hamlin, GM of anti-spam technology and strategy at Microsoft. Over the past couple of months, with evidence abounding at this conference, a number of big industry players have been getting together to fight spam. Most significantly, Microsoft, Yahoo! and AOL - plus a bunch of (other) ISPs are getting together behind a single standard for “Sender ID ” - (actually, server authentication) name not yet determined.

Overall here, e-mail = anti-spam; there’s little else being discussed. Everyone is stressing that there’s no single answer, and in some way the market looks totally confused - but actually it’s vigorous and healthy. It’s a distributed problem and will require distributed, diverse solutions. It has become almost boring in some way… there’s a lot to do for implementation, roll-out, enforcement, etc. but the problem is now recognized and countermeasures are developing and evolving and will continue to evolve. People know there’s a BIG problem and they are finally pulling together to solve it. The suspense is over (strains of Fukuyama’s end of history, but history always comes up with *new* surprises).

Only two points to make: The industry is all pulling together, but the real challenge will be to get the MIS departments of the world moving. What can we do to get the CEOs to start pushing their CIOs to put sender authentication in place?

I asked this question during the session and was assured that the industry is on the case. But now I’m sitting in a panel of CIOs and I asked the same question: “are you prepared to implement Sender ID?” Excuse me, but they didn’t even understand the question. One started talking about how he wants a personal spam filter. Another said yeah, we’re a PR firm and we really are careful about what we send out.

So, guys, we have a big education challenge ahead of us!

And second, I can’ t resist this notion that BillG propounded long ago of “friction-free commerce.” In fact, we *need* friction…. and I’m glad MS is helping to provide it.

By Esther Dyson, Chairman of EDventure Holdings

Filed Under

Comments

Tal Golan  –  Jun 11, 2004 10:21 PM

I am thrilled to see that at least one industry writer/analyst, Ester Dyson, is brave enough to not only realize, but actually put into writing an acknowledgment that the solution to the global spam problem is SENDER AUTHENTICATION. At Sendio (http://www.sendio.com) we began offering a Sender Authentication anti-spam network appliance in 2003 and have been fighting an up-hill battle for recognition that the problem of spam is an Identity Management problem which is best addressed through Sender Authentication. Artificial Intelligence (a.k.a. filters) are great for some applications, unfortunately, fighting spam is not an area where this type of bleeding edge technology (filtering) is best suited.

For more information on the world’s only licensed Sender Authentication based network appliance, please visit our web site at http://www.sendio.com or contact me, Tal Golan (.(JavaScript must be enabled to view this email address)), directly.

Thank you, Ester, for telling it like it is.

Rob  –  Jun 17, 2004 2:43 PM

I read, with interest, both the article and the encouraging response from Mr. Golan.

As the CIO for a mid-sized organization suffering under the weight of SPAM.  All the obvious was true at this site.  The burden of SPAM was increasing, the claims of effective filtering were proven false irrespective of the time and money committed to the solution.

As technical people we were embarrassed at failing to provide effective answers to our users and made aware of the failures before our Senior Management who were highly motivated to be past the problem and intolerant of our claims that there was no real answer.

These were the obvious facts.  What we all hear little of are other real truths.  To wit:

1. That the labour cost of clearing the debris brought by SPAM is staggering. 10 minutes/day spent in mailbox clean up in an organization of 1500 equates to millions of dollars annually.  Recurring.

2. That the cost of expanding capacity on mail-servers (ie, Exchange) relates to bearing the burden of unsolicited commercial emails.

3. And this, for us was a killer, that the ability to daily backup our mail-server (typically done in the off-shift) was becoming impossible due to the shear size of the files and a fixed window to perform the task.  The reaction, short of finding a solution for SPAM was to invest in high cost (faster, automated) backup devices which would NOT be required conventionally.  Frustrating.

What is the solution?  By experience Sender Authentication.  Spam traffic was stemmed at the front door.  Exchange is then able to handle the ‘normal’ email traffic without burden.  Backing up returned to normal routines and well within the capacity of existing devices.  Labour, otherwise spent in nonsense work was again available to the organization. No more false positives nor, in particular, alarming warnings such as “[Suspected Spam]....” generating more support questions and exhausting time.  User satisfaction and confidence is on the return.  Yes… once lost it is difficult to recover.  Perhaps I’ll find an equally elegant solution for this problem too.

I support the views of the article and the response from Mr. Golan.  The key to progress is the first step.  The moment when our foot is in the air is the moment we we are most vulnerable. The choice to lift the foot and move it forward is fraught with fears of other times when we’ve been knocked over.  But, when the direction is clear, and the reasons to proceed are compelling, we must. On SPAM, we must. Knowing the direction to face is key.  I say, on this topic, Sender Authentication.

I thank you both for your thoughts.

Suresh Ramasubramanian  –  Jun 21, 2004 9:48 AM

Esther, I guess the problem with the inboxevent sessions you attended was that there’s a whole lot of feel good morale boosting support for spf + caller id, domainkeys and other MARID proposals, which are all really good .. except that as you point out,

It is not a single cure all / magic bullet solution.  You definitely need a whole lot of education, but you also need a combination of

* good legislation (like, for example, the australian antispam law .. and definitely not like CAN-SPAM)

* good ISP policy enforcement around the world - with spammers hosting in China, spamming from Costa Rica and having payment gateways in the bahamas ... you definitely need that.  Education, definitely - start with ISPs policymakers, ISP sysadmins, give them the tools and the knowledge of how best to react to spam issues on their network.

* technical solutions - better blocklists, better whitelists, MARID .. only, keep in mind that these proposals address forgery, they don’t directly address spam - there’s a LOT more to spam than forgery as even Meng Wong and others on the IETF marid group will point out. Getting a whole bunch of people to publish spf records is going to be staggeringly difficult, even with the threat of large ISPs rejecting their mail if they don’t publish.  Heck, I know a whole bunch of people who continue to use long dead blocklists like monkeys.com, that closed down ages back and were set up to return a positive to each and every query.  I wonder .. people don’t seem to learn even if they don’t see any email at all coming into their systems :(  It’s that old cliche’ about taking horses to water, or perhaps the one about teaching pigs to sing.

The APCAUCE conferences I’ve organized in the past (the most recent in feb 2004 at Kuala Lumpur, with Dave Crocker as keynote - program at http://icauce.org/Program.htm ...) and the upcoming WSIS antispam meet at Geneva - http://www.itu.int/osg/spu/spam/meeting7-9-04/index.html (where I’ll be chairing a track on technical measures) focus exclusively on spam, and as far as I can see, do see a much broader picture than what you describe.

[Editor’s Note: Portions of comment removed as per CircleID COC]

Rob  –  Jun 25, 2004 12:13 PM

I read, with interest, the comments from Mr.Ramasubramanian.  I have not had the pleasure of meeting Mr.Ramasubramanian but align with some of his thoughts expressed.  I would only encourage the continued healthy presentation of views while yielding the floor for the flora and value of others thoughts, experiences and wisdom.

I wonder, however, if this forum is the best place to make personal comments about views of individuals who take the time to offer thier encouragement to the writer.  In the end, it would heartening to consider that we are all against spam and that any alignment against the foe is worthy of respect.

If one had personal issue with anything that I write I would invite a personal response.  If one had a contrary view, without it becoming a personal attack, I would welcome same as healthy debate.  Perhaps this would be polite. Either option is available in this forum.

I’m sure Mr.Ramasubramanian is a learned man and far from me to offer a correction.

The CircleID Code of Conduct.
1. Members shall not attack or judge anyone personally.
 
2. Members shall avoid obscene, irrelevant, or needless inflammatory remarks.
 
3. Members shall respect other fellow members’ time by keeping all posts intelligent, constructive, informative, and original.

<snip>

Warm regards to all who find spam as offensive as I.


Rob

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

DNS

Sponsored byDNIB.com

Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

Brand Protection

Sponsored byCSC

New TLDs

Sponsored byRadix

Cybersecurity

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API