The high-tech approaches of fighting spam vary widely. The most sophisticated anti-virus, antispyware and anti-spam software programs employ algorithms that attack spam from a broad, structural perspective, using complex, self-learning programs that treat all species of electronic threats - viruses, spyware, malware, etc. - as a single genus and then indifferently battle those threats until they are deleted, quarantined or otherwise conquered. This approach eliminates the necessity of having to update the anti-spam software with a list of new spyware, virus and malware threats on a daily (or hourly) basis.

Email validation software, such as that provided by Microsoft's Sender ID Framework, Yahoo's DomainKeys and Iconix by ICONIX, Inc., uses an RSA public/private key encryption method to identify the true sender's Internet domain address and compare it with the one in the "from" line in every email received in a user's inbox. If the two do not match, the message is labeled "spam" and dealt with accordingly. This system can allow receiving entities to drop or quarantine unsigned emails that originate from domains that always sign their emails with DomainKeys, thereby defending against spam attacks.

Moreover, by validating the sender domain, the system enables ISPs to build reputation databases that can be distributed within the ISP community to help create spam policy. Yahoo contends that since spammers don't want to be traced, they will be forced to spam only companies that aren't using verification solutions.

Users also can fight spam on an enterprise level by attacking the problem at the server and network gateway levels and installing integrated hardware and software solutions designed to defend email servers from virus, spoofing, phishing, spyware and other spam attacks. Two examples of this approach include programs, like Barracuda, Inc., that leverage "12 comprehensive defense layers" in order to protect enterprises at the email server or gateway level or the use of the Mail Abuse Prevention System (MAPS) that involves the compiling, upkeep and updating of a real-time blackhole list (RBL) that contains an immense number of Internet addresses from which the authors of the list believe that spam has sprung. When combined with the passage of intelligent laws, these two methods working in combination with international police forces, such as Interpol, could enable individuals and organizations to successfully combat most, if not all, of the spam that is sent their way by Internet rapscallions.

Unfortunately, the previously mentioned technological approaches to fighting spam can cause a lot of damage to innocent parties in a number of ways. For example, Professor Tom Field of the Franklin Pierce Law Center became the chance victim of an RBL when a spammer "bounced" messages off of his organization's website. It is not an easy task to get reinstated by the RBL once it decides to boycott your site. In Field's case, it took three days - a time span that would add up to crisis-level interruption of service for any corporation.

Indeed, every form of spam defense has its own particular downside. What they all share in common is the danger of false positives. However, companies should continue to develop high-tech solutions to the problem of spam because if they do, a solution will inevitably evolve in a natural, Darwinian way - one that will no doubt occasionally take its toll on innocent parties. We must accept, however, that this natural growth eventually solves whatever problems it creates for the good of the Internet and its netizens as a whole.

ARTHUR GINGRANDE [arthur@imergeconsult.com], ICP, is co-founder and partner of IMERGE Consulting, a document-centric management consulting firm. Mr. Gingrande holds a Juris Doctor degree from the Massachusetts School of Law.


Most Read  

This section does not contain Content.
0