It's time to stop spam. The percentage of spam has grown from 7 percent of all e-mail in 2001 to 45 percent now, and in another year or two, it could be high enough to make e-mail unusable. Perhaps we can never stop spam completely, but we must stem the flood before it's too late.
There are signs of progress. Microsoft has just followed AOL's lead in launching 15 lawsuits against spammers, including two in the UK The EU has already taken the most significant decision: from Oct. 31, users must "opt in" to receive unsolicited e-mail adverts, rather than "opt out" of them. The US government is considering several anti-spam bills, and some of them will allow spammers to be jailed. The 30 countries in the Organization for Economic Cooperation and Development (OECD) have just agreed a set of guidelines "for international cooperation to protect consumers against the growing problem of cross-border fraud, particularly on the Internet." The Internet Engineering Task Force (IETF) has set up an Anti-Spam Research Group. More and more Internet service providers (ISPs) -- including BT Openworld and MSN -- and mail users are installing software to block spams. And so on.
In the UK, the All Party Parliamentary Internet Group (APIG) is hosting a spam summit in Westminster on July 1, and the House of Commons will hold its first public hearing on spam on July 3. The British government has always seemed confused about the opt in/opt out issue, so it is time to make sure it's got the message.
Malcolm Hutty, regulation officer for Linx, the London Internet Exchange, says: "Opt in/opt out matters very much indeed. It should be opt in: we don't like opt out at all. Unless you have opted in to receive something, it's spam."
Does government action matter? Linx connects about 140 British ISPs to one another and to the Internet, and its recommended practices are much tougher than any regulations the government will adopt. However, Hutty welcomes them. "The regulations are going to be important because they will allow someone to bring a prosecution against spammers, including the ones inside the UK who are using machines outside the UK We'd very much like the information commissioner to go after them with a big stick."
British ISPs act against spammers by cancelling their accounts. However, Hutty says this isn't much help against the "persistent bad guys, because they just set up a succession of accounts."
But it can adversely affect ordinary users because, as Hutty says, "one of the major methods of sending spam is by hacking into other people's machines."
Jean-Philippe Courtois, chief executive of Microsoft in Europe, the Middle East and Africa, also supports tough penalties.
"You need to make the pain of sending spam high enough to make them think twice before spamming anyone. They'll go into other businesses, which also won't be so nice, but it will reduce the spam problem," he said.
Use common sense, he said. Don't post your address on the Internet, use an ISP that offers spam filtering, only deal with trusted vendors, don't respond to spam and don't open e-mails from people you don't know.
A lot of spam seems to come from free services such as Hotmail, but Courtois says Microsoft is trying to reduce it. It now prevents Hotmail users from sending more than 100 e-mails a day, and -- s like PayPal and Yahoo! -- is adopting Human Interactive Proofs (HIPs).
These include a security challenge that humans can do easily but machines cannot, such as read the text of a distorted image.
"That makes sure real people are creating accounts, not machines running scripts," Courtois says.
While all of these approaches are useful, there are two fundamental problems. The first is that the Internet's e-mail system, SMTP (Simple Mail Transport Protocol), is badly designed. The second is that HTML -- the language intended for marking up Web pages -- is a terrible way to do "rich text" e-mail including different type faces and illustrations.
SMTP and HTML are simple, obvious, cheap, open and standard, which is why they have been hugely successful. They are also hopelessly insecure, if not positively dangerous. They might have been fine for a trusted network of academic researchers, but if they had been offered commercially, they would have been laughed at.
Scott Welch, co-founder of the company that developed the FirstClass e-mail system, which is now owned by Open Text, says: "SMTP was never designed to be a robust messaging system: it will accept anything.
"It assumes that the sender identifies themselves correctly, so I can send you e-mail from george.bush@whitehouse.gov and there is nothing you can do, as the recipient, to verify that it was not sent by George Bush at the White House. It's not a Band-Aid problem: that's the way SMTP is," he said.
The lack of checking means you don't even need an e-mail account to send millions of spams, you just have to find a misconfigured mail server -- one with an "open relay" (see www. ordb.org).
The problem grew much worse when the Web browser became the front end to the Internet, and Netscape and Microsoft added e-mail to the browser.
Let's suppose an HTML e-mail arrives in your mailbox. HTML can contain links to pictures, which can be fetched from a remote Web server. That server now knows that your mailbox received the e-mail, when you opened it and which kinds of spam e-mail you are most likely to open. HTML e-mail can also contain "Web bugs" (www.bugnosis.org) or "beacons" (www.network advertising.org/Statement.pdf), which collect and pass on information, and scripts that can, in insecure systems, read your address book and perform other evil actions, just like a virus.
"The clever spammers put code in their messages that send out a beacon, so you can guarantee that if you run Outlook Express, you are going to get more spam," Welch said.
If the spammers are not that clever, they can use Vertical Response's iBuilder (www.verticalresponse.com/product/reporting.html) or Ad-Tracking (http://profits.cc/tracking. html) or a similar programme.
Welch points to three problems with Outlook Express -- all the result of what he regards as bad choices.
"The first was that they chose to display messages without any input from the user, in the Preview Pane," he said. "The second was to use, as the engine for the display, a scriptable Web browser. The third was to store your address book, unencrypted, on the same machine."
"A spam is a message, not something that is inherently evil," Hutty said. "Messaging is good. The problem with spam is that one person sends it to a million people regardless of whether they want it, and I don't think layers and layers of authentication are going to stop that."
The IETF research group is working on a draft Designated Senders Protocol "to identify hosts authorized to send SMTP traffic" and, ironically, so are the direct marketers whose e-mail messages are being filtered out as spam. Under Project Lumos, the American Email Service Provider Coalition (ESPC) is planning to set up a registry to certify the people who send legitimate bulk e-mail. They will be required to provide secure proof of their identity in the SMTP header.
Jim Nail, a senior analyst at Forrester Research in Boston, agrees "that's the direction we need to go."
If the mail most at risk -- circulars, newsletters, special offers, etc -- had its own authenticated "passport," while all mail that falsifies its origin was filtered out, most spam could be eliminated.
"There will always be some spam," Nail said, "but two to three years out, I think the volume will diminish. I'm an optimist."
Because much of what former US president Donald Trump says is unhinged and histrionic, it is tempting to dismiss all of it as bunk. Yet the potential future president has a populist knack for sounding alarums that resonate with the zeitgeist — for example, with growing anxiety about World War III and nuclear Armageddon. “We’re a failing nation,” Trump ranted during his US presidential debate against US Vice President Kamala Harris in one particularly meandering answer (the one that also recycled urban myths about immigrants eating cats). “And what, what’s going on here, you’re going to end up in World War
Earlier this month in Newsweek, President William Lai (賴清德) challenged the People’s Republic of China (PRC) to retake the territories lost to Russia in the 19th century rather than invade Taiwan. He stated: “If it is for the sake of territorial integrity, why doesn’t [the PRC] take back the lands occupied by Russia that were signed over in the treaty of Aigun?” This was a brilliant political move to finally state openly what many Chinese in both China and Taiwan have long been thinking about the lost territories in the Russian far east: The Russian far east should be “theirs.” Granted, Lai issued
On Tuesday, President William Lai (賴清德) met with a delegation from the Hoover Institution, a think tank based at Stanford University in California, to discuss strengthening US-Taiwan relations and enhancing peace and stability in the region. The delegation was led by James Ellis Jr, co-chair of the institution’s Taiwan in the Indo-Pacific Region project and former commander of the US Strategic Command. It also included former Australian minister for foreign affairs Marise Payne, influential US academics and other former policymakers. Think tank diplomacy is an important component of Taiwan’s efforts to maintain high-level dialogue with other nations with which it does
On Sept. 2, Elbridge Colby, former deputy assistant secretary of defense for strategy and force development, wrote an article for the Wall Street Journal called “The US and Taiwan Must Change Course” that defends his position that the US and Taiwan are not doing enough to deter the People’s Republic of China (PRC) from taking Taiwan. Colby is correct, of course: the US and Taiwan need to do a lot more or the PRC will invade Taiwan like Russia did against Ukraine. The US and Taiwan have failed to prepare properly to deter war. The blame must fall on politicians and policymakers