ActioNews: SPAM Control: Stemming the Flow

Spam or Unsolicited Commercial Email (UCE) has been growing so fast that, based on recent statistics, it may soon account for half of all U.S. Email traffic. The spam epidemic, with its often offensive content, not only creates hair-pulling annoyance for individuals, but also costs corporations heavily in terms of lost productivity and dedicated resources for stopping it.

While certain anti-spam legislation has been passed, it is questionable how effective the legislation of any given government against spam can be when the spam can be sent from anywhere in the world. The real solution to the spam should be technical not legislative.

The technology to stop spam can be largely divided into two categories: content-based filtering and sender ID based filtering. Content-based filtering analyzes the email content and rejects it as spam if it fits into some predetermined spam profiles. Sender ID based filtering filters out spam based on the identity of the sender. If the sender is not valid based on some predetermined policy, the email will be rejected as spam.

Simple content-based filtering filters out spam using predefined keywords. This method requires constantly updating the keyword list and may treat legitimate emails as spam. More advanced solutions use Bayesian spam filtering. Unlike simple content-based filters, Bayesian spam filtering can constantly learn from spam and from good mail, resulting in a very robust, adaptive and efficient anti-spam approach.

One of the sender ID based filtering technologies is the Real-time Block List (RBL). RBL maintains information about known spam sources and provides query capability to other email servers. To decide whether or not reject an email, the receiver can query the IP address of the sender again a RBL. If the query result indicates that the IP address belongs to a known spam source, the email will then be rejected. There are at least two problems with RBL: 1) The Sender IP address can be spoofed to hide the real identify of the sender; 2) Spammers can use viruses to hijack other computers to send out spam.

There are two other sender ID based filtering technologies in development. One is Microsoft’s Sender ID Framework and Yahoo’s DomainKeys System. Sender ID requires organizations to publish their e-mail sending policies, including the types and identities of servers they use, in the Domain Name System (DNS). Before accepting incoming e-mail, receiving server would check the source of the e-mail against the information registered in DNS. DomainKeys is being designed around the use of public/private key technology. The sender creates a digital signature of every email message it sends out using its private key. By using the sender’s public key, the receiver verifies that the signature is indeed created by the sender. If it is not, the receiver will simply reject the email. Sender ID can be deployed quickly, while DomainKeys requires public/private keys and takes longer to deploy.

Implementing an effective sender ID based filtering requires the agreement on a common industry standard. Both the Sender ID Framework and DomainKeys System have been submitted to the Internet Engineering Task Force (IETF) for consideration as an industry wide standard. The sooner we agree on a standard, the better a position we are in to fight the spam.