Language Selection

English French German Italian Portuguese Spanish

Battle Against Spam Shifts to Containment

Filed under
Security

There's a new strategy in the spam battle: Call it containment. Filters for blocking junk e-mail from inboxes have improved to the point that doing much more will needlessly kill legitimate e-mail, said Carl Hutzler, America Online Inc.'s anti-spam coordinator. So e-mail gatekeepers are shifting gears.

Now they're getting more aggressive at keeping spam from leaving their systems in the first place.

EarthLink Inc., for instance, is phasing in a requirement that customers' mail programs submit passwords before it will send out their e-mail.

Like most Internet providers, EarthLink previously made sure only that a computer was associated with a legitimate account. Now that viruses can co-opt computers and use them to send spam, that's no longer secure enough.

So Earthlink sent out new software, made automated tools available for download and walked customers through manually changing their mail settings when they called tech support for other reasons. A year into the initiative, EarthLink has 80 percent of its customers converted.

"Any action can be a little daunting when you're trying to migrate millions of people," said Stephen Currie, EarthLink's director of communications products.

It also costs time and money - not insignificant considering that direct benefits don't necessarily go to EarthLink but to its competitors, whose customers might otherwise receive more spam.

But more than altruism was involved.

"If there's a lot of spam or abusive mail coming from a particular network, in the future you're going to see that e-mail having low rates of deliverability," Currie said.

In other words, other Internet service providers, or ISPs, might start blocking EarthLink e-mail if it doesn't adopt the outbound controls.

The pressure to improve outbound controls comes as viruses infect more and more home computers and convert them into spam-relayng "zombies."

These zombies allow spammers to pose as legitimate customers and get around blocks that Internet providers might have had in place.

Although antispam advocates say Internet providers can do more to stop spammers from signing up for accounts - sometimes fraudulently, but too often because they mean revenues and sales commissions - Hutzler blames zombies for 90 percent of the spam problem.

Traditional spam controls, the inbound filters, don't work as well with zombies because they can block mail from legitimate customers, too. Outbound controls can target specific zombies.

"The best place to stop spam is before it's sent," said John Reid, a volunteer with The Spamhaus Project anti-spam group. "If you can keep it in the bag, bottled up, that's where it's the least expensive."

Outbound controls aren't entirely new.

For years, anti-spam advocates have been pressuring Internet providers to configure mail servers so spammers can't use them to relay junk e-mail. The leading vendor of mail server software, Sendmail Inc., closed such relays by default in 1998, and most ISPs now have the newer software.

EarthLink and AOL also have long implemented a technique that forces customers to route e-mail through the providers' own mail servers, instead of sending messages directly to the Internet.

Other ISPs are starting to adopt it as well, giving them the ability to monitor outgoing mail, trace any problems to specific accounts and even block or place speed limits on e-mail that exceeds some hourly or daily threshold.

ISPs can also run the spam and virus filters on outbound mail.

And when users of Microsoft Corp.'s Hotmail try to send a large number of messages, they are prompted to type in random letters displayed on the screen. Presumably, spammers with automated tools wouldn't be able to do it.

If all ISPs were to implement outbound controls, spam wouldn't be such a headache.

But outbound measures are often difficult to justify because they don't directly pare down the junk in customers' inboxes as inbound filters do, said Anne Mitchell, who runs the Institute for Spam and Internet Public Policy, an antispam consultancy.

Mitchell said ISPs are businesses and "have to look at the bottom line and their profitability."

Besides implementation costs, outbound measures can hurt legitimate customers.

Businesses and some individuals might have a legitimate need to access third-party mail servers, and being forced to go through their providers' systems might cause their e-mail to be mistakenly tagged as spam by the recipient.

Anytime ISPs make changes, they will invariably discover a few customers who use their service in an unanticipated, but legitimate manner, said John Levine, co-author of "Fighting Spam for Dummies."

Martin Deen, manager of messaging engineering at Cox Communications Inc., likens outbound measures to vaccination. They may be good for the overall health of the Internet if all ISPs do it, Deen said, but individual ISPs take a personal risk.
ISPs sometimes grant exceptions for businesses and power users.

AOL has a few thousand customers, out of more than 28 million, who are exempt from caps on multiple mails.

Desert Express Internet Services, a small ISP serving California and Nevada, waived its restrictions for one of its business customers - but only if it agreed in writing to run spam filters on outgoing mail and meet other requirements.

Ultimately, ISPs may require customers with special needs to buy a premium service.

"We don't do that, (but) that would be a possibility certainly," EarthLink's Currie said. "EarthLink and other ISPs are just going to define their services, and certain things will be permitted and certain won't."

By ANICK JESDANUN, AP Internet Writer
Source.

More in Tux Machines

Google in Devices

  • Glow LEDs with Google Home
    For the part one, the custom commands were possible thanks to Google Actions Apis. I used API.AI for my purpose since they had good documentation. I wont go into detail explaining the form fields in Api.ai, they have done a good job with documentation and explaining part, I will just share my configurations screenshot for your quick reference and understanding. In Api.ai the conversations are broken into intents. I used one intent (Default Welcome Intent) and a followup intent (Default Welcome Intent – custom) for my application.
  • Google Assistant SDK preview brings voice agent to the Raspberry Pi
    Google has released a Python-based Google Assistant SDK that’s designed for prototyping voice agent technology on the Raspberry Pi 3. Google’s developer preview aims to bring Google Assistant voice agent applications to Linux developers. The Google Assistant SDK is initially designed for prototyping voice agent technology on the Raspberry Pi 3 using Python and Raspbian Linux, but it works with most Linux distributions. The SDK lets developers add voice control, natural language understanding, and Google AI services to a variety of devices.
  • Huawei, Google create a high-powered single board computer for Android
    The Raspberry Pi is very popular with DIY enthusiasts because of the seemingly endless possibilities of how you can design devices with it. Huawei and Google have created their own single board computer (SBC), but this will probably benefit Android developers more than DIY enthusiasts. The HiKey 960 is a very robust SBC aimed at creating an Android PC or a testing tool for Android apps.
  • Huawei’s $239 HiKey 960 wants to be a high-end alternative to Raspberry Pi
    12.5 million sales in five years – Linaro and Huawei have unveiled a high-end (read: expensive) rival.

Mobile, Tizen, and Android

Leftovers: OSS

  • Is The Open Source Software Movement A Technological Religion?
  • Experts weigh in on open source platforms, market
    In this Advisory Board, our experts discuss the pros and cons of open source virtualization and which platforms are giving proprietary vendors a run for their money.
  • Light a fire under Cassandra with Apache Ignite
    Apache Cassandra is a popular database for several reasons. The open source, distributed, NoSQL database has no single point of failure, so it’s well suited for high-availability applications. It supports multi-datacenter replication, allowing organizations to achieve greater resiliency by, for example, storing data across multiple Amazon Web Services availability zones. It also offers massive and linear scalability, so any number of nodes can easily be added to any Cassandra cluster in any datacenter. For these reasons, companies such as Netflix, eBay, Expedia, and several others have been using Cassandra for key parts of their businesses for many years.
  • Proprietary Election Systems: Summarily Disqualified
    Hello Open Source Software Community & U.S. Voters, I and the California Association of Voting Officials, represent a group of renowned computer scientists that have pioneered open source election systems, including, "one4all," New Hampshire’s Open Source Accessible Voting System (see attached). Today government organizations like NASA, the Department of Defense, and the U.S. Air Force rely on open source software for mission critical operations. I and CAVO believe voting and elections are indeed mission-critical to protect democracy and fulfill the promise of the United States of America as a representative republic. Since 2004, the open source community has advocated for transparent and secure—publicly owned—election systems to replace the insecure, proprietary systems most often deployed within communities. Open source options for elections systems can reduce the costs to taxpayers by as much as 50% compared to traditional proprietary options, which also eliminates vendor lock-in, or the inability of an elections office to migrate away from a solution as costs rise or quality decreases.
  • Microsoft SQL Server on Linux – YES, Linux! [Ed: Marketing and PR from IDG's "Microsoft Subnet"; This headline is a lie from Microsoft; something running on DrawBridge (proprietary Wine-like Windows layer) is not GNU/Linux]

Creative Commons News

  • Creative Commons Is Resurrecting Palmyra
    Creative Commons launched its 2017 Global Summit today with a rather moving surprise: a seven-foot-tall 3D printed replica of the Tetrapylon from Palmyra, Syria. For those who don't know the tragic situation, Palmyra is one of the most historic cities in the world — but it is being steadily destroyed by ISIS, robbing the world of countless irreplaceable artifacts and murdering those who have tried to protect them (the folks at Extra History have a pair of good summary videos discussing the history and the current situation in the city). Among ISIS's human targets was Bassel Khartabil, who launched Syria's CC community several years ago and began a project to take 3D scans of the city, which CC has been gathering and releasing under a CC0 Public Domain license. He was captured and imprisoned, and for the past five years his whereabouts and status have been unknown. As the #FreeBassel campaign continues, Creative Commons is now working to bring his invaluable scans to life in the form of 3D-printed replicas, starting with today's unveiling of the Tetrapylon — which was destroyed in January along with part of a Roman theatre after ISIS captured the city for a second time.
  • Creative Commons: 1.2 billion strong and growing
    "The state of the commons is strong." The 2016 State of the Commons report, issued by Creative Commons this morning, does not begin with those words, but it could. The report shows an increase in adoption for the suite of licenses, but that is not the whole story.