Spam heading for higher costs

"Reprint rights to riches!" read the subject line of one of the many unsolicited bulk e-mail transmissions I've received recently.

Most such transmissions, known as spam, emanate from opportunists who use forged addresses that you can't reply to. Others come from legitimate advertisers. But this message appeared to come from a sterling source: myself. Its sender was listed as "Daniel Blum."

Worried that other users had also received spam that was supposedly from me, I complained to the ISP. I received the following response: "The spamming software used to send this uses the recipient's address as the sender's address. There is no telling who else this went to, but it will not appear that it came from you."

The sender's program had forged my address in order to avoid being filtered out by ISP spam-blocking services. My ISP offers a free "spaminator" service, which maintains a kill file of spam-sending domains and originators whose messages will be blocked.

Spam is a growing problem that has gradually escalated from merely annoying users to raising enterprise costs to ultimately threatening the openness and integrity of the Internet.

According to an Internet Mail Consortium (IMC) report on unsolicited bulk e-mail, "Spam costs money to every recipient, as if it was sent postage due." Many users spend connect time, long-distance call time, personal time and company time opening, identifying, sorting and deleting spam. Aggregated across 200 million e-mail users, these costs are very high, even before taking into account the bandwidth, help desks and filtering resources expended by enterprises and ISPs.

But perhaps the greatest cost of spam is the degrading effect it has on e-mail. You can no longer really be sure that the messages you receive are what they appear to be.

So what are we going to do about spam? The IMC report I mentioned analyses the effects of solutions that involve filtering, legislation and content labelling. But the report's authors aren't optimistic that any of these solutions -- taken alone -- can solve the problem.

At a minimum, we should make it illegal to forge e-mail sender addresses, but this is hard to do because the Internet does not belong to any one country. Enterprises should buy messaging software that maintains kill files at the firewall, but some spam will come in under the radar and some legitimate messages will inadvertently be deleted. ISPs should singly and as a group enforce acceptable-use policies, but dishonest spammers will find a way to evade them. Content labelling of unsolicited bulk e-mail is great, but it too can be evaded and must work in conjunction with filters.

What is clear is that everyone should use digital signatures, particularly if you are in upper management or deal with the public. In the short term, digital signatures at least make it much more difficult for someone to forge e-mail addresses so messages would appear to come from your company. In the long term, corporate messaging firewalls can validate that incoming messages are signed with a digital ID issued by an acceptable certifier -- one that doesn't do business with spammers.

In addition, you should make it a priority to deploy technologies such as Secure Multi-purpose Internet Mail Extensions secure messaging, Open PGP, Lightweight Directory Access Protocol directories and X.509 public-key certificate authorities across your intranet and among your extranet trading partners. This will provide accountability and reduce the risk of fraud. Go ahead and send me e-mail -- in your name only, please -- if you'd like advice or help on such a project.

(Blum is a principal at Rapport Communication, a US consultancy that provides enterprise messaging, directory and groupware consulting and information services. He can be reached at dblum@mind spring.com or www.rapport.com.)

Join the PC World newsletter!

Error: Please check your email address.

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?