Spam heading for higher costs

"Reprint rights to riches!" read the subject line of one of the many unsolicited bulk e-mail transmissions I've received recently.

Most such transmissions, known as spam, emanate from opportunists who use forged addresses that you can't reply to. Others come from legitimate advertisers. But this message appeared to come from a sterling source: myself. Its sender was listed as "Daniel Blum."

Worried that other users had also received spam that was supposedly from me, I complained to the ISP. I received the following response: "The spamming software used to send this uses the recipient's address as the sender's address. There is no telling who else this went to, but it will not appear that it came from you."

The sender's program had forged my address in order to avoid being filtered out by ISP spam-blocking services. My ISP offers a free "spaminator" service, which maintains a kill file of spam-sending domains and originators whose messages will be blocked.

Spam is a growing problem that has gradually escalated from merely annoying users to raising enterprise costs to ultimately threatening the openness and integrity of the Internet.

According to an Internet Mail Consortium (IMC) report on unsolicited bulk e-mail, "Spam costs money to every recipient, as if it was sent postage due." Many users spend connect time, long-distance call time, personal time and company time opening, identifying, sorting and deleting spam. Aggregated across 200 million e-mail users, these costs are very high, even before taking into account the bandwidth, help desks and filtering resources expended by enterprises and ISPs.

But perhaps the greatest cost of spam is the degrading effect it has on e-mail. You can no longer really be sure that the messages you receive are what they appear to be.

So what are we going to do about spam? The IMC report I mentioned analyses the effects of solutions that involve filtering, legislation and content labelling. But the report's authors aren't optimistic that any of these solutions -- taken alone -- can solve the problem.

At a minimum, we should make it illegal to forge e-mail sender addresses, but this is hard to do because the Internet does not belong to any one country. Enterprises should buy messaging software that maintains kill files at the firewall, but some spam will come in under the radar and some legitimate messages will inadvertently be deleted. ISPs should singly and as a group enforce acceptable-use policies, but dishonest spammers will find a way to evade them. Content labelling of unsolicited bulk e-mail is great, but it too can be evaded and must work in conjunction with filters.

What is clear is that everyone should use digital signatures, particularly if you are in upper management or deal with the public. In the short term, digital signatures at least make it much more difficult for someone to forge e-mail addresses so messages would appear to come from your company. In the long term, corporate messaging firewalls can validate that incoming messages are signed with a digital ID issued by an acceptable certifier -- one that doesn't do business with spammers.

In addition, you should make it a priority to deploy technologies such as Secure Multi-purpose Internet Mail Extensions secure messaging, Open PGP, Lightweight Directory Access Protocol directories and X.509 public-key certificate authorities across your intranet and among your extranet trading partners. This will provide accountability and reduce the risk of fraud. Go ahead and send me e-mail -- in your name only, please -- if you'd like advice or help on such a project.

(Blum is a principal at Rapport Communication, a US consultancy that provides enterprise messaging, directory and groupware consulting and information services. He can be reached at dblum@mind spring.com or www.rapport.com.)

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Show Comments

Cool Tech

Bang and Olufsen Beosound Stage - Dolby Atmos Soundbar

Learn more >

Toys for Boys

ASUS ROG, ACRONYM partner for Special Edition Zephyrus G14

Learn more >

Nakamichi Delta 100 3-Way Hi Fi Speaker System

Learn more >

Sony WF-1000XM3 Wireless Noise Cancelling Headphones

Learn more >

Family Friendly

Mario Kart Live: Home Circuit for Nintendo Switch

Learn more >

Philips Sonicare Diamond Clean 9000 Toothbrush

Learn more >

Stocking Stuffer

Teac 7 inch Swivel Screen Portable DVD Player

Learn more >

SunnyBunny Snowflakes 20 LED Solar Powered Fairy String

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?