Home / World Business
Fri, Aug 27, 2004 - Page 12 News List

Anti-spam efforts in UK, EU seen as partial remedy

DIGITAL COCKROACHES Internet service providers have agreed on new rules to close down spammers' sites, but critics say the impact will be minimal


As gatekeepers of the world wide web, internet service providers (ISPs) play a vital role in reducing spam, but lack of consensus over how to tackle the problem has led to a variety of strategies against it.

However, that is set to change with a "get tough" policy adopted at a meeting of the London Internet Exchange (LINX), which handles 90 percent of the UK traffic between ISPs.

Under the new policy, 150 ISPs have agreed to shut down Web sites run by spammers. These include content sites referred to in spam e-mails or sites that sell spamming tools, such as CD-ROMs containing millions of illegally collected e-mail addresses.

LINX regulation officer Malcolm Hutty said the policy represents part of an ongoing strategy against spammers. "It won't be the end of spam, obviously, but it will make life more difficult for them."

But the policy also requires getting ISPs to face up to the legal issues around closing spammers' sites. According to LINX, this will encourage ISPs to rewrite contracts with customers to include clauses that will allow them to close down sites supporting spam.

LINX has had some success with a policy it released five years ago. The following year it was endorsed by RIPE (Reseaux IP European), an international forum that manages the internet. As a result of the policy, ISPs tightened up the ways their mail servers could be illegally used by spam-mers via "open relays."

LINX estimates that only about 1 percent of spam originates in the UK, and although many spammers are based in the US, they use mail servers in other countries.

LINX is pinning its hopes on the new anti-spam task force set up by the OECD (Organization for Economic Cooperation and Development), which will take input from governments and meet for a second time on Sept. 9 in Korea.

But many in the security industry remain concerned that spammers are always one step ahead. "This is encouraging, but unfortunately spammers are like cockroaches and it will only slow them down for so long. They will re-host their sites and find new ways to get their spam out," said James Cowper, a senior technology consultant at Mirapoint, a messaging security vendor.

"This won't prove in any way effective unless they can persuade their European and global counterparts to follow suit," said Nick Scales CEO of managed e-mail service provider Avec-ho.com.

A scheme to make it harder for spammers to forge e-mail addresses is gathering pace. Known as Sender Policy Framework (SPF), it has been endorsed by Microsoft Hotmail, Yahoo and Google's Gmail. SPF works by ensuring that incoming e-mail is identified against new Domain Name Server databases. In essence, it is as if your ISP is telling other ISPs that if they receive e-mail from you from any other server than its own, it is a fake.

Many agree that widespread adoption of SPF could make it easier to identify spam, worms, viruses and "phishing" scams, in which spammers simulate e-mails from banks to gather password or credit card data.

The beauty for users is that there is no work to do, since the databases are created by ISPs and domains share data on acceptable users.

In addition, 80 members of the US-based E-mail Service Providers Coalition recently gathered at Microsoft's headquarters near Seattle for a summit on Sender ID, an authentication system that combines Microsoft's Caller-ID e-mail technology with SPF.

This story has been viewed 3649 times.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top