Spam heading for higher costs

"Reprint rights to riches!" read the subject line of one of the many unsolicited bulk e-mail transmissions I've received recently.

Most such transmissions, known as spam, emanate from opportunists who use forged addresses that you can't reply to. Others come from legitimate advertisers. But this message appeared to come from a sterling source: myself. Its sender was listed as "Daniel Blum."

Worried that other users had also received spam that was supposedly from me, I complained to the ISP. I received the following response: "The spamming software used to send this uses the recipient's address as the sender's address. There is no telling who else this went to, but it will not appear that it came from you."

The sender's program had forged my address in order to avoid being filtered out by ISP spam-blocking services. My ISP offers a free "spaminator" service, which maintains a kill file of spam-sending domains and originators whose messages will be blocked.

Spam is a growing problem that has gradually escalated from merely annoying users to raising enterprise costs to ultimately threatening the openness and integrity of the Internet.

According to an Internet Mail Consortium (IMC) report on unsolicited bulk e-mail, "Spam costs money to every recipient, as if it was sent postage due." Many users spend connect time, long-distance call time, personal time and company time opening, identifying, sorting and deleting spam. Aggregated across 200 million e-mail users, these costs are very high, even before taking into account the bandwidth, help desks and filtering resources expended by enterprises and ISPs.

But perhaps the greatest cost of spam is the degrading effect it has on e-mail. You can no longer really be sure that the messages you receive are what they appear to be.

So what are we going to do about spam? The IMC report I mentioned analyses the effects of solutions that involve filtering, legislation and content labelling. But the report's authors aren't optimistic that any of these solutions -- taken alone -- can solve the problem.

At a minimum, we should make it illegal to forge e-mail sender addresses, but this is hard to do because the Internet does not belong to any one country. Enterprises should buy messaging software that maintains kill files at the firewall, but some spam will come in under the radar and some legitimate messages will inadvertently be deleted. ISPs should singly and as a group enforce acceptable-use policies, but dishonest spammers will find a way to evade them. Content labelling of unsolicited bulk e-mail is great, but it too can be evaded and must work in conjunction with filters.

What is clear is that everyone should use digital signatures, particularly if you are in upper management or deal with the public. In the short term, digital signatures at least make it much more difficult for someone to forge e-mail addresses so messages would appear to come from your company. In the long term, corporate messaging firewalls can validate that incoming messages are signed with a digital ID issued by an acceptable certifier -- one that doesn't do business with spammers.

In addition, you should make it a priority to deploy technologies such as Secure Multi-purpose Internet Mail Extensions secure messaging, Open PGP, Lightweight Directory Access Protocol directories and X.509 public-key certificate authorities across your intranet and among your extranet trading partners. This will provide accountability and reduce the risk of fraud. Go ahead and send me e-mail -- in your name only, please -- if you'd like advice or help on such a project.

(Blum is a principal at Rapport Communication, a US consultancy that provides enterprise messaging, directory and groupware consulting and information services. He can be reached at dblum@mind spring.com or www.rapport.com.)

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?