|
According to the majority of the testimony at this month’s “Spam Summit,” held by the U.S. Federal Trade Commission (FTC), the state of the fight against spam is pretty much the same as it has been for the last several years.
The two days of presentations can largely be boiled down to the following bullets:
• Spam volumes continue to increase, being driven by the growth of “botnets”—networks of hijacked computers run by hackers and rented out to spammers.
• Spam is one of many high-tech tools being used by organized crime, international terrorist organizations, and can be expected to play a major role in future conflicts between nations.
• Anti-spam technologies are improving, but deployment of sophisticated technologies such as cryptographic-based email authentication is sorely lacking.
Oh, and the spam wars are a lot less exciting than they used to be. Case in point: unlike last time, there were no fist-fights at this year’s shindig.
As the federal government’s premiere consumer protection regulatory agency, the FTC has been keeping an eye on the issue of unsolicited commercial email since 1997, when they held the first ever governmental hearings on the topic.
I was honored to have been invited as a participant on two of the spam discussion panels at that event in 1997, and as I look back across those ten years, it all seems so quaint.
On that first panel, my fellow panelists and I spent half the time explaining to the regulators and the audience what spam was, why it was bad, and why they should care about something that was so seemingly insignificant.
In those days, spam was a very novel concept, because email itself was still pretty novel for the average user. Several members of the FTC admitted to having email accounts, but given the number of blank stares, the experience of receiving any email—much less spam—was pretty daunting for most of that august assemblage.
The FTC revisited the issue of spam again in 2003, where things got so heated that then-Commissioner Orson Swindle (a former Marine and “Hanoi Hilton” survivor) had to physically separate two attendees who nearly came to blows.
The tensions that were so evident in 2003 were no where to be seen in 2007. Even the appearance of the notorious Scott Richter, who once famously described himself in an interview on The Daily Show with Jon Stewart as a not a spammer but rather a “high volume email deployer,” was met with yawns. What became quite clear during the course of the two-day event was that not a lot of progress has been made in the intervening four years since the last spam event. Proposals for increasing the security of email against forgeries and phishing, some of which were first debuted in 2003 (and at a subsequent event devoted to email authentication issues in 2004) are still being hotly debated instead of deployed.
Indeed, if there was any point of tension and conflict at the event, it was that advocates for one particular method of email authentication have been lobbying hard to get law makers and regulators to urge its adoption over other competing solutions.
The pressure seems to be enough that one representative of a major Internet service provider felt compelled to note publicly that those pressures were actually getting in the way of progress on improving email security.
While it was good to see a lot of old friends, colleagues, and all the other “usual suspects” from these anti-spam community functions, I came away from Washington D.C. scratching my head and wondering what it would take to make another Spam Summit worthwhile.
The sad truth is that I just don’t see the need for another high-level spam confab unless and until some major changes are made in how email is sent and received. As was made clear by many of the conference’s presenters, if we are to see any major progress in the fight, it will come from changing the ways in which legitimate email senders will be able to meaningfully differentiate their messages from the ever-growing floods of fraudulent and deceptive junk.
This article was originally published at Jupitermedia’s internetnews.com.
Sponsored byVerisign
Sponsored byRadix
Sponsored byCSC
Sponsored byWhoisXML API
Sponsored byDNIB.com
Sponsored byIPv4.Global
Sponsored byVerisign
Waiting for some major changes in how email is sent and received is what keeps people debating rather than deploying existing solutions. In addition, the IETF itself has proven its political inadequacy in the MARID case.
Meanwhile, monitoring IP abuses for spam delivery is becoming a prime time activity. TrendMicro has recently added such service to its Email Reputation Services, flanking Project Honey Pot, CAUCE, and possibly more leading implementors of full-blown black listing technology. That trend suggests that implement-on-demand is a key feature in anti-spam methods. By contrast, SPF and DKIM, like most major changes, require a critical mass of users before they can start being effective.
As in 1997, even if spam is neatly perceivable nowadays, people are not really interested in its eradication. Much like mafia extortions, paying a fee is easier than fighting for freedom.