spam, spam, spam,  privacy, security & spam

FTC hosted copy of the Trusted Email Open Standard.

Microsoft tests Trusted Sender, January, 2002.

Symantec acquires anti-spam router, now the Symantec Brightmail Traffic Shaper.

10 things companies should do about spam

3 steps to saving corporate online identity and email

Phishing examples, quotes, predictions,
click here

More about the power of squelching spam with TurnTide

See the difference between filtering and squelching spam (pdf)

Why it's okay to say EMAIL CAN BE SPAM but it's dumb to say email can be SPAM

For lots of statistics about the spam problem, click.

 

Stephen Cobb on Spam

About 10 years ago I started working with like-minded thought leaders in the Internet, e-commerce, and infosec communities to develop practical solutions to the problem of spam. The following are some of my notes on this effort including links to the Trusted Sender and SpamSquelcher projects.

Much of the content here, and many of the links, are from around 2001 to 2005, some even earlier. However, I updated the main narrative in this column in April, 2010. As time permits I will be adding some fresh links about the slow but still ongoing struggle to abolish spam.

The Spam Problem
Each person seems to have a different perception of the spam problem. That was true in 2000 and it is true today. Depending on the network or service through which you get your email you might, as an email user, consider spam to be a serious annoyance or a minor inconvenience. Even as a network or system administrator your view of spam could be anything from irritant to curse.

The main variables in spam perception among recipients of email seem to be how long they have used a particular email address, how careful they have been to protect that address, and how well their ISP is managing spam for them. The main variables for sysadmins are the extent to which their networks are targeted and the effectiveness of the defensive measures they have afforded to defend them.

What we can say for sure is that while spam continues to constitute up to 90 percent of all email traffic it will inevitably mean more far resources are spent managing an organization's email than if people would just stop spamming.

One area where spam really hurts is if you send a lot of email that is not spam, maybe as an online retailer sending out weekly coupon offers to customers, or a charity communicating with donors, or a bank emailing electronic statement notices. If you are in this boat then you know the pain that spam causes for legitimate amilers. Your view of spam and spammers is likely to loathing or worse.

That Was When?
Do you have a spam-free mailbox? Are you comfortable with spam's carbon footprint? Do you know how many power-hungry servers are working overtime to keep spam out of your mailbox? Answer "No" to any of these questions and you will likely agree that Bill Gates got it very wrong when, in early 2004, he stated: "Two years from now, spam will be solved” (address to World Economic Forum participants on January 24, 2004, CBS News) .

The sad truth is, repeated efforts to persuade the major Internet service providers to cooperate on a universal spam solution have not yet succeeded. Despite numerous announcements by major Internet service providers pledging to cooperate to end spam. the problem is still as bad as ever. (When I updated this page in May, 2009, some 90% of all email traffic was spam; and when I checked Symantec's State of Spam & Phishing Report for April, 2010 it said spam made up 89.34 percent of all messages in March 2010, compared with 89.99 percent in February, 2010.)

Missed Opportunities?
If the major Internet service providers had acted together back in 2002, which is when ePrivacy Group—an organization of which I was a founder—pushed for such actiion, most spam could have been choked off long before Mr. Gates made his "solved by 2006" prediction. Indeed, 2006 could have dawned "spam-free" if people had heeded our advice. (Some of that advice can be found in the Trusted Email Open Standard document hosted by the Federal Trade Commission.)

2002 was more than a missed opportunity for ISPs to alleviate spam's drain on the Internet economy; it actually left the door open to a new breed of email abuse, phishing scams. There was virtually no phishing activity in 2002, relatively little in 2003, but loads in 2004.

Phishing is an extension of spam techniques and could have been squelched, along with the rest of spam, if the industry had chosen to cooperate to end spam rather than compete for customers based on promises of "better anti-spam than the other guys."

One notable success in the anti-spam effort, something which helps sysadmins protect their networks against spam, was the SpamSquelcher—later TurnTide—anti-spam technology, acquired by Symantec in 2004. Other solutions that I worked on, like Trusted Sender, a clever technology to verify email senders, did not fare so well. But make no mistake, I would love Bill to have been right. I don't mind who gets the credit as long as a universal solution is achieved.

I would have been delighted to see spam disappear in 2005 or 2006 or even 2009. I'd cheerfully eat a can of SPAM to celebrate, but history does not provide many hopeful signs. Speaking of history, the following links document some of the spam fighting efforts with which we were involved from 2001 to 2004.

Time to Stop Spam
Article by Stephen in Network World Security Newsletter, 8/19/03. Explains concepts behind spam "squelching," a strategy now embodied in the TurnTide™ Anti-spam Router.

Spam and Network Resource Theft Prevention
A whitepaper co-authored by Stephen (Acrobat pdf format). Explains how spammers steal IT resources and how new technology can prevent this.

Why Spam Filters Only Make Things Worse
A whitepaper by David Brussin and Tobias DiPasquale of ePrivacy Group (pdf format). Explains why filtering doesn't really stop spam, and why 'squelching' really does.

Trusted Email Open Standard
TEOS is a practical roadmap to a spam-free future. Co-authored by Stephen and colleagues at ePrivacy Group, endorsed by several consumer groups, TEOS offers enormous benefits for everyone who uses email. Find out why your ISP should back TEOS today (TEOS has been viewed 18,000 times since it was placed on the 'net at the beginning of May, 2003).

Trusted Sender
Using patent-pending technology that is available today, Trusted Sender is one thing every company can implement right now to fight back against spam, email fraud, and corporate identity spoofing. It could even help government agencies such as Homeland Security protect against cyber-terrorism tactics like an email disinformation campaign aimed at hampering first responders. Read the Microsoft press release about their Trusted Sender beta test.

The Multi-Billion Dollar Corporate Spam Threat
(and we are not talking about the cost of filtering)
Spammers regularly take the identities of leading companies in vain and perpetrate fraud in their name. Unless company executives take steps to help consumers distinguish legitimate email from fraudulent spam, they could face some tough consequences.

Press release on the New York spam verdict: 1/24/03
Stephen Cobb's reaction to a potentially landmark decision in a spam case in New York.

Cobb on the economics of spam: February, 2003
Until the "parasitic economics" of spam are reversed, spam will continue to grow (it is currently growing at 15 percent per month, at least) to the point where it overwhelms legitimate email. Understanding spam-e-nomics is the first step to solving the problem and reversing the trend.

More information about Trusted Sender technology.

More information about Spam Squelcher technology.

More information about Trusted Email Open Standard.

Google
 

Updated April, 2010, by webbloke at cobbsblog.com © Stephen Cobb, 1996-2010