Updates on Email "Authentication" and "Accreditation"
Yahoo! and Cisco announced recently that both companies are combining their two separate authentication proposals into a new specification called DomainKeys Identified Mail, or DKIM. This is to promote a cryptographic approach for authenticating email in the fight against fraud on the Internet and spam. The two companies are proposing this approach as a web standard.
This merger, according to reports, will combine DomainKeys’ method of verifying a sender at the level of the Internet’s DNS (Domain Name System) with the Identified Internet Mail specification’s approach for maintaining the consistency of header signatures in messages as they move across networks.
Meanwhile, Microsoft said in an announcement that it would add a negative user interface message to the Hotmail and MSN email dashboards. How this works? When an email is not authenticated with Sender ID, a negative message will appear. Thus, with this proposal, legitimate email marketers will be compelled to adopt Sender ID so as not to be tagged with a negative message.
The Internet Engineering Task Force (IETF) has not declared yet this proposed Sender ID as an official web standard.
Despite all these developments, most anti-spam crusaders and experts agree that email authentication and accreditation are never the silver bullets in eliminating spam. In theory, such authentication system would make it harder for spammers to disguise their identities and locations to avoid being tracked down, or worse, prosecuted.
Furthermore, these sender-authentication schemes are conceived to ensure that all senders – including businesses, Internet service providers and, most importantly, spammers – are held responsible for the messages they send.
The problem now is that Internet criminals are already steps ahead to counter the very possibility of the industry adopting these authentication and accreditation schemes. What makes it worse is that the industry itself is struggling to figure out how these anti-spam schemes will be applied into the system and how to make this adoption work.
And so, when the schemes are ready for widespread adoption on the web, what must the actual legitimate email senders and receivers do to ensure they are prepared and protected?
|
 |
|
Proposal to Enable Consumers to Get Back at Spammers
Unlike CAN-SPAM, where only government officials can sue spammers, sometimes with the cooperation of Internet Service Providers (ISPs), a proposed law in Israel seeks to enable consumers to get back at spammers.
According to a Haaretz.com report, Israel’s Knesset Economics Committee chair MK Amnon Cohen filed a bill that will compensate anyone who receives unsolicited advertising via fax or cellular phone, without having to prove “damages.” Moreover, a proposed clause will be added to expand this bill’s scope to cover advertising distributed via email.
Over in Israel, they must have realized that a law allowing only government agencies or officials to sue spammers has been ineffective, so they’re empowering spam recipients by giving them the ability to sue spammers themselves.
Dina Ivri-Omer of the Communications Ministry legal department told Haaretz that the “police don't enforce the current prohibition on spam advertising so it was decided to add mechanisms to facilitate civil suits against advertisers.”
Ivri-Omer added that the ministry is mulling over imposing fines on anyone who sends advertising without the recipient's consent.
Back to top
South Florida Identified as World's Spam Capital
More than 25% of about 180 hardcore spammers tracked by a spam watchdog group are based in Florida, The Associated Press reports. And most of these spammers are operating within the tri-country of Broward, Palm Beach and Miami-Dade.
The AP report adds that the city with the most spammers in the world is Boca Raton, with eleven spammers suspected to be based there, while about a dozen more are said to be spamming at least part-time.
According to some spammers and anti-spam experts, South Florida lends a perfect setting for a spammer’s business. Some of the reasons cited in the report include South Florida’s lenient bankruptcy laws, proximity to Internet data centers, a history of telemarketing and email marketing, and the state’s reputation as “a good place to do dirty business.”
Legislator Introduces Bill for "Do Not Email" List
State Rep. Joseph Markosek, a Monroeville Democrat, introduced House Bill 1616, which will call for the development of a “Do Not Email” list, which will be similar to the “Do Not Call” telephone registry, Patti Dobranski reported for the Tribune Review.
This legislation will allow residents to sign up for a “Do Not Email” registry through the state Attorney General’s Office, the report says. This will allow the user to opt in for specific emails from vendors while blocking out unwanted emails.
Emails sent to the user who opted in for emails from a vendor, must carry “ADV” – to mean advertisement -- in the subject line, while “ADV-adult” should be in the subject line for emails a vendor sent to users who opted in to receive pornography.
"If there are any violations, they could forward the email to the Attorney General's Office," Buterbaugh said.
Back to top
Euro Consumer Watchdog Heedless to Spam?
The European Consumers’ Organization (BEUC) has been criticized for having done nothing to stamp out spam, The Register reports. When it is supposed to be rallying behind consumers to lobby governments to address the spam problem, the group has failed to take its stand against spam.
BEUC is an outspoken Europe-wide federation made up of independent national consumer organizations. Its mission is to "influence, in the consumer interest, the development of EU (European Union) policy and to promote and defend the interests of all European consumers."
According to a BEUC insider, the group doesn’t have a detailed position yet on spam. The spam issue still needs to be discussed among its 29 members.
“Disagreement over the approach to take means that some consumer bodies have no policy relating to unsolicited email; the result is that the interests of ordinary Net users have not been truly represented,” The Register report says.
“This small - but fundamental - difference has effectively rendered BEUC impotent on this whole issue and thanks to this impasse consumer groups have been left in limbo,” the report adds. “Since its members can't decide which approach to adopt, BEUC claims it has no policy on junk email. And because it has failed to draw up a single policy it has failed to lobby governments so that consumers are protected from this invasive and costly form of direct marketing.”
13 European Countries Agree on Spam-Fighting Measures
Thirteen European countries recently agreed on measures to combat spam across borders, a report posted on ITU.int says. The agreement will call for cooperation among anti-spam enforcement authorities in all the 13 countries in “investigating complaints about crossborder spam from anywhere within the European Union.”
A common procedure in handling crossborder spam complaints will have to be followed under this agreement. This initiative, the report says, will make it easier for the concerned agencies to identify and prosecute spammers anywhere within Europe.
Among the participating European countries are Austria, Belgium, the Czech Republic, Ireland, Italy, Lithuania, the Netherlands, and Spain.
UK Laws Fail to Deter Spam
Anti-spam organization Spamhaus identified some loopholes in UK laws that failed to stop spammers, BBC News reported in its website. These loopholes have allowed spammers in UK to go scot-free.
Over a year after the law came into effect, no UK spammer has ever been fined or prosecuted, the report says.
Steve Linfor of Spamhaus was quoted as saying, “British law allows spammers to spam business addresses and it is up to spammers to determine whether an address is a private one or a business one. Apparently the Department of Trade and Industry was told that British businesses wanted spam, although we have never heard of any.”
2% of total junk email on the Net is said to originate from UK.
Back to top
Aussie Gov't Calls on Asian Neighbors to Combat Spam
Australian Communications Minister Helen Coonan has called on Asia-Pacific neighbors to join forces in tackling the overwhelming spam and online fraud problems, AAP reports.
At the Asia Pacific Economic Cooperation (APEC) telecommunications forum in Peru, Senator. Coonan said, “Closer cooperation between such bodies as APEC, the OECD and the ITU (International Telecommunications Union) will also help to develop a strategy to address the threats that spam poses to the integrity and security of the APEC region's communications infrastructure.”
Senator Coonan deemed an APEC-wide cooperation as very crucial in addressing the serious impact that spam and spyware have on the confidence of Internet users.
Malaysia Holds Anti-Spam Workshop
The Malaysian Communications and Multimedia Commission (MCMC) organized last month a 3-day workshop on anti-spam. The workshop was conducted in relation to the last ASEAN Telecommunications Regulatory Council (ATRC) meeting in Vientiane, Laos (July 2004) where the ATRC had agreed to the setting up of a Working Group to work on anti-spam measures led by the MCMC.
Entitled “Anti-spam Strategies – the Way Forward for the ATRC,” the workshop was conducted to: i) stock-take on where ATRC is on anti-Spam measures; ii) build capacity among ATRC members; and iii) to raise the level of cooperation amongst ATRC members in moving forward.”
The invited speakers were from regulatory organizations such as the Australian Communications Authority (ACA); Australian Department of Communications, IT and Arts; Authority for Info-Communications Industry of Brunei; the Ministry of Internal Affairs and Communications of Japan; the Infocomm Development Authority of Singapore (IDA); the US Federal Trade Commission; International Telecommunication Union (ITU) and the Organization for Economic Co-Operation and Development (OECD).
Three AP Countries Ink Anti-Spam Pact
The Malaysian Communications and Multimedia Commission has recently entered into a memorandum of understanding (MOU) with the Australian Communications Authority (ACA) and the Korean Information Security Agency (KISA) on cooperation in countering spam.
The agreement among the agencies would assist with cooperation at an operational level.
The MOU is focused on sharing knowledge, information and intelligence about known sources of spam, network vulnerabilities, methods of spam propagation, and technical, educational and policy solutions to the spam problem. It will also focus on putting anti-spam solutions and strategies into action.
Back to top
Spam Hurts More in Developing Nations, Report Says
Junk email or spam poses more problems for underdeveloped countries, says a “groundbreaking” report by anti-spam expert Suresh Ramasubramanian. This report was undertaken for the Organization for Economic Cooperation and Development (OECD).
The paper, entitled “Spam Issues in Developing Countries,” argues that the adverse effects of spam are more magnified in developing countries owing to lack of funding, outmoded technologies, and inadequate knowledge and awareness about the dangers of spam.
“A more mature infrastructure and advanced filtering has reduced spam to the nuisance level for most of the developed world,” said Mr. Ramasubramanian. “But spam hits harder and hurts more in underdeveloped regions which are overwhelmed by the egregious levels of unsolicited email.”
The OECD report proposed a number of legislative, educational and technical measures, such as:
• Filtering spam at the ISP level in addition to any desktop-based measures.
• Creation of emergency response teams to combat surges in spam and to address security issues that contribute to the unimpeded spread of spam.
• Formation of regulatory frameworks to deal with spam and associated computer security issues.
• User education initiatives to create awareness of the security hazards unsolicited email can pose. |
Back to top
 |
Opinions From Inspector Mails
| Inspector Mails is the AI entity for Bigfoot's Anti-Spam Solution. He will be giving regular updates and opinions on current anti-spam trends. |
|
More Tips on Spam Management
Our news stories in this issue show that we’re truly making progress in our global efforts to fight spam. Governments across the globe now even recognize how this spam menace affects – and is affecting – consumers, industries (and for that matter, the global economy) and the Internet’s livability in more adverse ways. So, thus, are forged international cooperation (to tackle crossborder spamming), localized legislation, while industry-initiated anti-spam schemes are gaining momentum by the day.
But then, the debates never seem to cease.
While all these are happening, though, not too many spammers are being prosecuted and only a handful of them (considering the growing number of spammers and scammers currently in operation worldwide) is going behind bars. Spammers are also getting more and more sophisticated. In fact, in our reports, the industry acknowledges the fact that spammers are becoming so advanced that they are prepared to counter whatever moves or steps we take to combat spam.
But, this is no time to give up the fight. We may not be able to totally eliminate spam, at this point, but we can do ways to reduce it substantially. A reliable and effective anti-spam product, like your Bigfoot Anti-Spam Solution, is certainly a big help. And most of all, you do your part as well, especially in managing your emails.
Clarence Cho, a member of CNETAsia's SMB Advisory Board, suggests a few useful tips to fight spam before it hits your inbox:
1. "Don't post your email address online more than you need to. You can try to disguise your email address if you post in such places. Instead of jane-doe@something.com, you could type jane-doe(at sign)something(dot)com.
2. "Don't give out your email address unless you know how it will be used. Read the Web site's privacy policy - if they don't have a privacy statement, you probably shouldn't trust them with your email.
3. "Never, ever buy anything advertised in spam. Even if you happen to be looking for a lower mortgage rate, don't look for it in junk email. The services advertised are often bogus anyway. Respected suppliers don't randomly flood inboxes.
4. "Never use an "unsubscribe" option on a spam email. These are usually just ways to verify your email address."
Back to top
Reader Reacts to "Are We Getting Used to Spam Already?" Story
I’ve been thinking about this article (“Are We Getting Used to Spam Already?” which appeared on our newsletter’s April 2005 Edition - Ed) for a while and finally thought to respond.
The proposition that we are “getting used to” spam and using the analogy “the more you have rain, the less you mind it” is misleading.
Every day I get tons of unsolicited junk mail in my snail mail inbox. I no longer count the things I pull out of my mailbox addressed to Resident or Neighbor, if they’re addressed at all. That’s not counting the flyers, newsletters, etc. showing up in and around my mailbox. I just throw them away unopened.
Because I no longer write my congressperson about it or scream at the postman, does that mean I’m happy about it? Does that mean that I’m complacent? Does it mean I’m prepared to accept it like taxes?
NO! It means that I haven’t found any effective and lawful means to deter those mailings. The postman has to deliver it. It’s either legal or there is no political will to make it illegal, no less enforce existing laws.
I’m in the same predicament with spam. I’m not getting used to it -- I’m helpless to stop it.
Oh, I’m not talking about spam filters, being careful which sites I visit or where I leave my email address. We would all be appalled at the thought of having to put locks on our refrigerators to prevent strangers from throwing out all our crème de menthe ice cream, 20 lbs. of eye of round steaks, real butter and beer and fill it with fresh strawberries and oranges, Romaine salad (with lemon juice) and bottled water.
The idea would not be to keep them out, the solution would be to string up these annoying entities by their [choose your favorite anatomical part(s)].
Brutus
(Email address withheld.)
|
Thanks for writing us. We are so delighted to receive reactions, especially from avid readers like you, to issues concerning spam, and particularly to articles we have published in this newsletter.
However, in reaction to your letter, we say the Editor’s Note article you pointed out didn’t intend to mislead you, our readers. The reason we used a question mark on the headline, because it was more of a question (directed largely at Internet users like us) than a conclusive statement. Neither it was a proposition.
The article primarily exposed various experts’ opinions on survey results conducted among Internet users regarding their attitude towards spam. It was a report based on “facts and figures,” which, we thought, were still refutable.
Besides, 67% disgruntled customers, as the article revealed, remains to be the overwhelming majority.
Like we always say, it ain’t over till it’s over. And we will not waver in our fight against spam. |
We appreciate all of the comments and responses we have received about the newsletter. We will be addressing your concerns in the next issue. You may send your comments to antispam.review@bigfoot.com. Since we print some of the comments we receive, please advise us if you want your complete name and email address withheld. You may provide us with a first name, city and state, as an alternative.
Back to top
 |
The following message was sent to you as a subscriber of Bigfoot.com. We will continue to bring you valuable offers on the products and services that interest you most. If you wish to unsubscribe, click here. |
|
