Language Selection

English French German Italian Portuguese Spanish

Battle Against Spam Shifts to Containment

Filed under
Security

There's a new strategy in the spam battle: Call it containment. Filters for blocking junk e-mail from inboxes have improved to the point that doing much more will needlessly kill legitimate e-mail, said Carl Hutzler, America Online Inc.'s anti-spam coordinator. So e-mail gatekeepers are shifting gears.

Now they're getting more aggressive at keeping spam from leaving their systems in the first place.

EarthLink Inc., for instance, is phasing in a requirement that customers' mail programs submit passwords before it will send out their e-mail.

Like most Internet providers, EarthLink previously made sure only that a computer was associated with a legitimate account. Now that viruses can co-opt computers and use them to send spam, that's no longer secure enough.

So Earthlink sent out new software, made automated tools available for download and walked customers through manually changing their mail settings when they called tech support for other reasons. A year into the initiative, EarthLink has 80 percent of its customers converted.

"Any action can be a little daunting when you're trying to migrate millions of people," said Stephen Currie, EarthLink's director of communications products.

It also costs time and money - not insignificant considering that direct benefits don't necessarily go to EarthLink but to its competitors, whose customers might otherwise receive more spam.

But more than altruism was involved.

"If there's a lot of spam or abusive mail coming from a particular network, in the future you're going to see that e-mail having low rates of deliverability," Currie said.

In other words, other Internet service providers, or ISPs, might start blocking EarthLink e-mail if it doesn't adopt the outbound controls.

The pressure to improve outbound controls comes as viruses infect more and more home computers and convert them into spam-relayng "zombies."

These zombies allow spammers to pose as legitimate customers and get around blocks that Internet providers might have had in place.

Although antispam advocates say Internet providers can do more to stop spammers from signing up for accounts - sometimes fraudulently, but too often because they mean revenues and sales commissions - Hutzler blames zombies for 90 percent of the spam problem.

Traditional spam controls, the inbound filters, don't work as well with zombies because they can block mail from legitimate customers, too. Outbound controls can target specific zombies.

"The best place to stop spam is before it's sent," said John Reid, a volunteer with The Spamhaus Project anti-spam group. "If you can keep it in the bag, bottled up, that's where it's the least expensive."

Outbound controls aren't entirely new.

For years, anti-spam advocates have been pressuring Internet providers to configure mail servers so spammers can't use them to relay junk e-mail. The leading vendor of mail server software, Sendmail Inc., closed such relays by default in 1998, and most ISPs now have the newer software.

EarthLink and AOL also have long implemented a technique that forces customers to route e-mail through the providers' own mail servers, instead of sending messages directly to the Internet.

Other ISPs are starting to adopt it as well, giving them the ability to monitor outgoing mail, trace any problems to specific accounts and even block or place speed limits on e-mail that exceeds some hourly or daily threshold.

ISPs can also run the spam and virus filters on outbound mail.

And when users of Microsoft Corp.'s Hotmail try to send a large number of messages, they are prompted to type in random letters displayed on the screen. Presumably, spammers with automated tools wouldn't be able to do it.

If all ISPs were to implement outbound controls, spam wouldn't be such a headache.

But outbound measures are often difficult to justify because they don't directly pare down the junk in customers' inboxes as inbound filters do, said Anne Mitchell, who runs the Institute for Spam and Internet Public Policy, an antispam consultancy.

Mitchell said ISPs are businesses and "have to look at the bottom line and their profitability."

Besides implementation costs, outbound measures can hurt legitimate customers.

Businesses and some individuals might have a legitimate need to access third-party mail servers, and being forced to go through their providers' systems might cause their e-mail to be mistakenly tagged as spam by the recipient.

Anytime ISPs make changes, they will invariably discover a few customers who use their service in an unanticipated, but legitimate manner, said John Levine, co-author of "Fighting Spam for Dummies."

Martin Deen, manager of messaging engineering at Cox Communications Inc., likens outbound measures to vaccination. They may be good for the overall health of the Internet if all ISPs do it, Deen said, but individual ISPs take a personal risk.
ISPs sometimes grant exceptions for businesses and power users.

AOL has a few thousand customers, out of more than 28 million, who are exempt from caps on multiple mails.

Desert Express Internet Services, a small ISP serving California and Nevada, waived its restrictions for one of its business customers - but only if it agreed in writing to run spam filters on outgoing mail and meet other requirements.

Ultimately, ISPs may require customers with special needs to buy a premium service.

"We don't do that, (but) that would be a possibility certainly," EarthLink's Currie said. "EarthLink and other ISPs are just going to define their services, and certain things will be permitted and certain won't."

By ANICK JESDANUN, AP Internet Writer
Source.

More in Tux Machines

Leftovers: OSS and Sharing

  • 4 tips for teaching kids how to build electronics
    Kids are naturally curious about how things work, and with a new trend in hardware companies creating open source hardware products, it's a great time to teach kids about electronics. But modern technology can seem too complex to even begin to understand. So where do you start?
  • Oil companies joining open source world by sharing data [Ed: No, oil companies, sharing data is open data and not open source. More openwashing, like greenwashing]
    The oil and gas industry has long collected huge volumes of data, but it hasn’t always known quite what to do with it all. Often, the terabytes aren’t even stored on computer systems that readily talk to each other. Industry insiders are used to it, said Michael Jones, senior director of strategy at the oil and gas software maker Landmark. But it’s not OK, he said. So, about a year ago, Jones and some of his oil industry colleagues set about to fix it. This week, at Landmark’s Innovation Forum & Expo at the Westin hotel in northwest Houston, the company unveiled the beginnings of a collaborative its members called groundbreaking. In a move to drive technology further, faster — and, perhaps, take a bigger piece of the burgeoning big-data market — Landmark is pushing its main computing platform into the cloud, for all to use.
  • Interactive, open source visualizations of nocturnal bird migrations in near real-time
    New flow visualizations using data from weather radar networks depict nocturnal bird migrations, according to a study published August 24, 2016 in the open-access journal PLOS ONE by Judy Shamoun-Baranes from University of Amsterdam, the Netherlands, and colleagues.
  • Go! Speed Racer Go!
    I finally reached a point where I could start running the go version of sm-photo-tool. I finished the option validation for the list command. While I was testing it I noticed how much faster the Go version felt. Here are the python vs Go versions of the commands.
  • Semantic Interoperability for European Public Services will be presented at the SEMANTiCS 2016 conference
    The revision of the European Interoperability Framework and the importance of data and information standardisation for promoting semantic interoperability for European Public Services will be presented by Dr. Vassilios Peristeras, DG Informatics, ISA unit at the SEMANTiCS 2016 conference which takes place in Leipzig on September 13th and 14th 2016. The title of the presentation is “Promoting Semantic Interoperability for European Public Services: the European Commission ISA2 Programme” (slideset to appear here soon).

Linux at 25: How Linux changed the world

I walked into an apartment in Boston on a sunny day in June 1995. It was small and bohemian, with the normal detritus a pair of young men would scatter here and there. On the kitchen table was a 15-inch CRT display married to a fat, coverless PC case sitting on its side, network cables streaking back to a hub in the living room. The screen displayed a mess of data, the contents of some logfile, and sitting at the bottom was a Bash root prompt decorated in red and blue, the cursor blinking lazily. I was no stranger to Unix, having spent plenty of time on commercial Unix systems like OSF/1, HP-UX, SunOS, and the newly christened Sun Solaris. But this was different. Read more

Linux Kernel News and Microsoft Breaks PowerShell

  • Coherent Accelerators, FPGAs, and PLD Microconference Accepted into 2016 Linux Plumbers Conference
    It has been more than a decade since CPU core clock frequencies stopped doubling every 18 months, which has shifted the search for performance from the "hardware free lunch" to concurrency and, more recently, hardware accelerators. Beyond accelerating computational offload, field-programmable gate arrays (FPGAs) and programmable logic devices (PLDs) have long been used in the embedded space to provide ways to offload I/O or to implement timing-sensitive algorithms as close as possible to the pin.
  • Linux's brilliant career, in pictures
    Aug. 25 marks the 25th anniversary of Linux, the free and open source operating system that's used around the globe in smarphones, tablets, desktop PCs, servers, supercomputers, and more. Though its beginnings were humble, Linux has become the world’s largest and most pervasive open source software project in history. How did it get here? Read on for a look at some of the notable events along the way.
  • Quarter Century of Innovation – aka Happy Birthday Linux!
    Happy birthday Linux. You’ve defined how we should be using and adoption technology. You’ve disrupted and continue to disrupt, industries all over the place. You’ve helped define what it means to share ideas openly and freely. You’ve shown what happens when we collaborate and work together. Free and Open Source is a win-win for all and Linux is the Gold Standard of that.
  • Microsoft Open Source Czar Takes Spotlight at LinuxCon [Ed: Microsoft paid for this]
  • Windows Update borks PowerShell – Microsoft won't fix it for a week
    You'd be forgiven for thinking Microsoft is actively trying to stop people using Windows 10 Anniversary Edition. A patch this week broke one of the key features of the OS: PowerShell.

Android Leftovers

  • Xiaomi Redmi Note 4 unveiled in China, priced at $135
    Xiaomi took the wraps off their latest smartphone offering, the Redmi Note 4, earlier today, and as is expected from the budget-friendly Redmi series, the device offers a premium look, specifications, and features, and more importantly, an ultra-affordable price tag. The Redmi Note 4 retains the premium full metal unibody construction that was introduced with its predecessor, but now comes with a brushed metal finish and chamfered edges that looks and feels even better. The design language is quite similar as well, with the Redmi Note 4 also coming with a fingerprint scanner on the back. Under the hood, the Redmi Note 4 comes with a 5.5-inch Full HD display that is covered with a 2.5D curved glass panel. The phone is powered by a MediaTek Helio X20 processor, that is backed by the Mali-T880MP4 GPU and 2 GB or 3 GB of RAM. 16 GB or 64 GB are the on-board storage options available, which also dictates how much RAM you get, and you also get expandable storage via microSD card to cover all your needs. Keeping everything running is a huge 4,100 mAh battery.
  • New study finds iPhones fail far more often than Android phones
    Apple customers are generally a shockingly loyal bunch. The company’s high repeat customer rate can be attributed to a combination of factors that concern iPhones themselves as well as Apple’s industry-leading customer service. Dealing with Apple’s customer care department has always been a pleasure compared to dealing with rival companies, and iPhones themselves have historically been very reliable, offering a consistently smooth user experience that people love.
  • Relax, Spire can now connect to Android phones
    Spire, the wearable that promises to help you with healthy breathing and mindfulness, was previously only available for iOS devices. But that should change with an update rolling out now.
  • Android 7.0 Nougat: Small changes that make a big difference in UX
    The seventh iteration of Android (Nougat) has finally been released by the mighty Google. If you happen to be the owner of a Nexus device, you might see this update very soon. Everyone else...you know the drill. So after an extended period of waiting for the update to trickle through your carrier and onto your device, what can you expect to happen to your Android device once its center has become a creamier shade of Nougat?
  • Two Nokia Android smartphones show up in benchmark
    Nokia is definitely coming out with a few Android smartphones later this year, but today's Nokia has little in common with the company that ruled the mobile phone industry for years. For starters, the devices that will be released this year, or the next, will be made by a third-party company. Nokia won't be manufacturing phones anymore and most likely it won't manage the way they are sold through retailers and authorized resellers.
  • Proxima bae, Instagram scams, Android goes full crypto: ICYMI
  • PayPal adds proper Nexus Imprint fingerprint login support on Android
  • Google Duo has been downloaded 5 million times on Android since its release