Experts say spam fight needs to be more strategic
- 04 November, 2004 08:18
The fight against spam to date has been too tactical and not strategic enough, according to experts at the Next Generation Networks conference.
"There's too much of the thinking, 'I've got a problem. How do I stop it from hurting me?'" principal scientist at VeriSign, Phillip Hallam-Baker, said. The thinking ought to be how to stop spam in general, he said.
"It's a public health problem. We have to look for ways to stop the infection from spreading to others," Hallam-Baker said.
Three approaches could work CTO of CipherTrust, Paul Judge, said. Filter spam so it never reached desktops; Train users to recognise and kill spam without responding to it; Outlaw spam and set up stiff penalties as a deterrent.
Spam could be limited by setting thresholds for cutting off email from a single source address when more than a certain amount was sent per set time period, CEO of Barracuda Networks, Dean Drako, said.
Similarly, if a machine has been infected to generate spam, it can be cut off if it sends more than a certain amount in a given time period.
About half of the machines used to spam were hijacked, Hallam-Baker said. Filters could also weed out spam based on key words.
Phishers, whose emails sought to trick credit card and other financial information out of victims, use sets of commandeered machines to send their emails, Judge said. CipherTrust found that phishers used about 1000 such zombie machines per day, then switch to another battery of machines the next day.
These zombie batallions ranged up to 15,000 in number, he said.
Hallam-Baker suggested ISPs stripping off all executables from their customers' emails to prevent creation of zombie computers. "It's a completely irrelevant capability that is only dangerous," he said.
Laws against spam threw potential legal hassles in front of spammers as well as the threat of financial penalties and the result of having all their email blocked, Hallam-Baker said.
The downside is that anti-spam laws have had little effect. California passed an anti-spam law last year, Barracuda Networks CEO Dean Drako said.
"There was no significant impact on spam being sent on the Internet," he said.
Hallam-Baker suggested a three-tiered registration system to stop spammers. Creating bonded senders could help by establishing a group of bulk e-mail senders who are likely not spammers. They would post a bond they would forfeit if they are caught spamming.
Senders would be authenticated via a light-weight DNS mechanism that would link the sender address to a small set of e-mail servers. If the address was lifted to send mail from a different server, it would be dropped.
Domain names would be authenticated at the owners expense to be certified as being linked to a legitimate business, giving ISPs and businesses another way of determining whether email was from a spammer or not, he said.
A library of notorious spammers could be made public to enable spam hunters to further choose what emails to block, Hallam-Baker said.
Regardless of how successful the spam fight is, it won't be any more successful than any other battle against an evolving foe. "We've been fighting viruses for 15 to 20 years, and that cat-and-mouse game is still going on," CipherTrust's Paul Judge said.