Language Selection

English French German Italian Portuguese Spanish

Battle Against Spam Shifts to Containment

Filed under

There's a new strategy in the spam battle: Call it containment. Filters for blocking junk e-mail from inboxes have improved to the point that doing much more will needlessly kill legitimate e-mail, said Carl Hutzler, America Online Inc.'s anti-spam coordinator. So e-mail gatekeepers are shifting gears.

Now they're getting more aggressive at keeping spam from leaving their systems in the first place.

EarthLink Inc., for instance, is phasing in a requirement that customers' mail programs submit passwords before it will send out their e-mail.

Like most Internet providers, EarthLink previously made sure only that a computer was associated with a legitimate account. Now that viruses can co-opt computers and use them to send spam, that's no longer secure enough.

So Earthlink sent out new software, made automated tools available for download and walked customers through manually changing their mail settings when they called tech support for other reasons. A year into the initiative, EarthLink has 80 percent of its customers converted.

"Any action can be a little daunting when you're trying to migrate millions of people," said Stephen Currie, EarthLink's director of communications products.

It also costs time and money - not insignificant considering that direct benefits don't necessarily go to EarthLink but to its competitors, whose customers might otherwise receive more spam.

But more than altruism was involved.

"If there's a lot of spam or abusive mail coming from a particular network, in the future you're going to see that e-mail having low rates of deliverability," Currie said.

In other words, other Internet service providers, or ISPs, might start blocking EarthLink e-mail if it doesn't adopt the outbound controls.

The pressure to improve outbound controls comes as viruses infect more and more home computers and convert them into spam-relayng "zombies."

These zombies allow spammers to pose as legitimate customers and get around blocks that Internet providers might have had in place.

Although antispam advocates say Internet providers can do more to stop spammers from signing up for accounts - sometimes fraudulently, but too often because they mean revenues and sales commissions - Hutzler blames zombies for 90 percent of the spam problem.

Traditional spam controls, the inbound filters, don't work as well with zombies because they can block mail from legitimate customers, too. Outbound controls can target specific zombies.

"The best place to stop spam is before it's sent," said John Reid, a volunteer with The Spamhaus Project anti-spam group. "If you can keep it in the bag, bottled up, that's where it's the least expensive."

Outbound controls aren't entirely new.

For years, anti-spam advocates have been pressuring Internet providers to configure mail servers so spammers can't use them to relay junk e-mail. The leading vendor of mail server software, Sendmail Inc., closed such relays by default in 1998, and most ISPs now have the newer software.

EarthLink and AOL also have long implemented a technique that forces customers to route e-mail through the providers' own mail servers, instead of sending messages directly to the Internet.

Other ISPs are starting to adopt it as well, giving them the ability to monitor outgoing mail, trace any problems to specific accounts and even block or place speed limits on e-mail that exceeds some hourly or daily threshold.

ISPs can also run the spam and virus filters on outbound mail.

And when users of Microsoft Corp.'s Hotmail try to send a large number of messages, they are prompted to type in random letters displayed on the screen. Presumably, spammers with automated tools wouldn't be able to do it.

If all ISPs were to implement outbound controls, spam wouldn't be such a headache.

But outbound measures are often difficult to justify because they don't directly pare down the junk in customers' inboxes as inbound filters do, said Anne Mitchell, who runs the Institute for Spam and Internet Public Policy, an antispam consultancy.

Mitchell said ISPs are businesses and "have to look at the bottom line and their profitability."

Besides implementation costs, outbound measures can hurt legitimate customers.

Businesses and some individuals might have a legitimate need to access third-party mail servers, and being forced to go through their providers' systems might cause their e-mail to be mistakenly tagged as spam by the recipient.

Anytime ISPs make changes, they will invariably discover a few customers who use their service in an unanticipated, but legitimate manner, said John Levine, co-author of "Fighting Spam for Dummies."

Martin Deen, manager of messaging engineering at Cox Communications Inc., likens outbound measures to vaccination. They may be good for the overall health of the Internet if all ISPs do it, Deen said, but individual ISPs take a personal risk.
ISPs sometimes grant exceptions for businesses and power users.

AOL has a few thousand customers, out of more than 28 million, who are exempt from caps on multiple mails.

Desert Express Internet Services, a small ISP serving California and Nevada, waived its restrictions for one of its business customers - but only if it agreed in writing to run spam filters on outgoing mail and meet other requirements.

Ultimately, ISPs may require customers with special needs to buy a premium service.

"We don't do that, (but) that would be a possibility certainly," EarthLink's Currie said. "EarthLink and other ISPs are just going to define their services, and certain things will be permitted and certain won't."

By ANICK JESDANUN, AP Internet Writer

More in Tux Machines

Leftovers: Software

  • Desktop Gmail App WMail Scores a Sizeable Update
    There's a new stable release of WMail, the app that describes itself as "the missing desktop client for Gmail".
  • 2 free desktop recording tools to try: SimpleScreenRecorder and Kazam
    A picture might be worth a thousand words, but a video demonstration can save a lot of talking. I'm a visual learner, so seeing how to do something has been very helpful in my education. I've found that students benefit from seeing exactly how an application is configured or how a code snippet is written. Desktop screen recorders are great tools for creating instructional videos. In this article, I'll look at two free, open source desktop screen recorders: SimpleScreenRecorder and Kazam.
  • Nightfall on Linux
    I've looked at general astronomy programs in the past that are helpful for many tasks you might need to do in your stargazing career. But, several specific jobs are more complicated and require specialized software to make relevant calculations, so here, let's take a look at Nightfall. Nightfall is a program that can handle calculations involving binary star systems. It can animate binary star systems, taking into account not only orbital speeds but also rotational motion and the changing shape of stars due to their close positions. You can model what it would look like and what kind of light curves you would register when observing a binary system. You even can take a set of actual observational data and find a best-fit model for the system you are studying.
  • Nmap 7.31 Security Scanner Updates Npcap with Raw 802.11 Wi-Fi Capture Support
    The first point release of the popular, open-source, and cross-platform Nmap 7.30 free security scanner and network mapper arrived, versioned 7.31, adding several important stability improvements, and bug fixes. New features in Nmap 7.31 include Npcap 0.10r9, which has been upgraded from version 0.10r2 bundled in Nmap 7.30 to add raw 802.11 Wi-Fi capture support, updated Zenmap graphical interface to indicate that better display of hostname is attached to Topology page's address, and IPv6 fingerprint submission improvements. "To increase the number of IPv6 fingerprint submissions, a prompt for submission will be shown with some random chance for successful matches of OS classes that are based on only a few submissions. Previously, only unsuccessful matches produced such a prompt," read the release notes for Nmap 7.31.
  • Shotwell 0.25.0 Image Viewer Supports ACDSee Tags, Improves Piwigo Support
    A new stable release of the popular Shotwell open-source image viewer and organizer arrived for users of Linux-based operating systems, version 0.25.0, bringing lots of important changes. As usual, we've managed to get our hands on the internal changelog, which we've also attached at the end of the story for your reading pleasure, and we'd like to tell you that Shotwell 0.25.0 now supports the tags written by the commercial ACDSee photo manipulation software. The application now makes use of Unicode characters, supports recent Vala compiler releases, improves the Piwigo upload support by implementing an option to override the SSL (Secure Sockets Layer) certificate handling, and another one to display the SSL certificate, along with better creation of new albums.
  • xfce4-panel 4.12.1 Released, Xfce 4.14 Still A Long Ways Out
    Xfce4-panel 4.12.1 has been released as a "long overdue maintenance release" while Xfce 4.14 is still in its infancy. Xfce4-panel 4.12.1 has translation updates, support for xfpanel-switch in the preferences, and just some basic fixes. This comes a few weeks after the quiet bug-fix releases of xfce4-settings 4.12.1 and also joined by the xfconf 4.12.1 release this week.
  • Video Call Improvements Land in Skype for Linux Alpha 1.11
  • Dual-GPU integration in GNOME
    Thanks to the work of Hans de Goede and many others, dual-GPU (aka NVidia Optimus or AMD Hybrid Graphics) support works better than ever in Fedora 25. On my side, I picked up some work I originally did for Fedora 24, but ended up being blocked by hardware support. This brings better integration into GNOME.
  • ‘GNOME To Do’ App Picks Up New Features
    GNOME To Do is one of those apps you’ve probably heard of, but do not use. And with a bunch of rivals task managers and to-do list apps available on Linux — from Simplenote to Remember the Milk — and online, the little app that might has its work cutout.

today's howtos

More Games for GNU/Linux

  • Humble Gems Bundle Goes Live, Offers Chroma Squad For Peanuts
    Wallets at the ready as Humble Gems Bundle is now live, a pay-what-you-can-be-bothered-to-palooza offering a selection of hitherto undiscovered indie gaming marvels. Alright, they’re all games that you’ve probably heard of before, certainly if you’re an active fan of the indie gaming scene.
  • Civilization 6 Linux Release Teased By Aspyr?
    Recently, Aspyr Media confirmed that they’ll be doing a Civilization 6 Linux release soon. Currently, Civilization 6 is live on both PC and Mac. Will Aspyr Media release concrete details about the Civilization 6 Linux release in the next few days?
  • Playstation 4 Linux Hack May Show 4.01 Vulnerability
    A new video about a Playstation 4 Linux hack may have shown a vulnerability in the 4.01 firmware update that came out for the Playstation 4 a few weeks ago. The hacking news came from a video at the GeekPwn 2016 convention in Shanghai, China, where the hacking was shown via a live demo. In this demo, a pair of Chinese computer users use a Linux computer and the Webkit browser, which is used to inject a certain exploit into the Playstation 4. One cut later, and a command line prompt appears that is then used to play Super Mario Bros. While the first use for it in the live demo is innocuous, the fact that this is even possible points once again to possible holes in the Playstation’s security.
  • PlayStation 4 hack enables Linux on recent Sony firmware
    A showcase event at this week’s GeekPwn conference in Shanghai suggests that Sony’s PlayStation 4 has been hacked, as a recently released video shows the console running an unsanctioned Linux build courtesy of a web browser exploit. While details regarding the hack are not yet known, a browser-based security issue in PS4 firmware version 4.01 could potentially allow users to root the upcoming PlayStation 4 Pro console in order to run unlicensed applications and games.

Red Hat News