Spam heading for higher costs

"Reprint rights to riches!" read the subject line of one of the many unsolicited bulk e-mail transmissions I've received recently.

Most such transmissions, known as spam, emanate from opportunists who use forged addresses that you can't reply to. Others come from legitimate advertisers. But this message appeared to come from a sterling source: myself. Its sender was listed as "Daniel Blum."

Worried that other users had also received spam that was supposedly from me, I complained to the ISP. I received the following response: "The spamming software used to send this uses the recipient's address as the sender's address. There is no telling who else this went to, but it will not appear that it came from you."

The sender's program had forged my address in order to avoid being filtered out by ISP spam-blocking services. My ISP offers a free "spaminator" service, which maintains a kill file of spam-sending domains and originators whose messages will be blocked.

Spam is a growing problem that has gradually escalated from merely annoying users to raising enterprise costs to ultimately threatening the openness and integrity of the Internet.

According to an Internet Mail Consortium (IMC) report on unsolicited bulk e-mail, "Spam costs money to every recipient, as if it was sent postage due." Many users spend connect time, long-distance call time, personal time and company time opening, identifying, sorting and deleting spam. Aggregated across 200 million e-mail users, these costs are very high, even before taking into account the bandwidth, help desks and filtering resources expended by enterprises and ISPs.

But perhaps the greatest cost of spam is the degrading effect it has on e-mail. You can no longer really be sure that the messages you receive are what they appear to be.

So what are we going to do about spam? The IMC report I mentioned analyses the effects of solutions that involve filtering, legislation and content labelling. But the report's authors aren't optimistic that any of these solutions -- taken alone -- can solve the problem.

At a minimum, we should make it illegal to forge e-mail sender addresses, but this is hard to do because the Internet does not belong to any one country. Enterprises should buy messaging software that maintains kill files at the firewall, but some spam will come in under the radar and some legitimate messages will inadvertently be deleted. ISPs should singly and as a group enforce acceptable-use policies, but dishonest spammers will find a way to evade them. Content labelling of unsolicited bulk e-mail is great, but it too can be evaded and must work in conjunction with filters.

What is clear is that everyone should use digital signatures, particularly if you are in upper management or deal with the public. In the short term, digital signatures at least make it much more difficult for someone to forge e-mail addresses so messages would appear to come from your company. In the long term, corporate messaging firewalls can validate that incoming messages are signed with a digital ID issued by an acceptable certifier -- one that doesn't do business with spammers.

In addition, you should make it a priority to deploy technologies such as Secure Multi-purpose Internet Mail Extensions secure messaging, Open PGP, Lightweight Directory Access Protocol directories and X.509 public-key certificate authorities across your intranet and among your extranet trading partners. This will provide accountability and reduce the risk of fraud. Go ahead and send me e-mail -- in your name only, please -- if you'd like advice or help on such a project.

(Blum is a principal at Rapport Communication, a US consultancy that provides enterprise messaging, directory and groupware consulting and information services. He can be reached at dblum@mind spring.com or www.rapport.com.)

Join the newsletter!

Or
Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?