It's time to stop spam. The percentage of spam has grown from 7 percent of all e-mail in 2001 to 45 percent now, and in another year or two, it could be high enough to make e-mail unusable. Perhaps we can never stop spam completely, but we must stem the flood before it's too late.
There are signs of progress. Microsoft has just followed AOL's lead in launching 15 lawsuits against spammers, including two in the UK The EU has already taken the most significant decision: from Oct. 31, users must "opt in" to receive unsolicited e-mail adverts, rather than "opt out" of them. The US government is considering several anti-spam bills, and some of them will allow spammers to be jailed. The 30 countries in the Organization for Economic Cooperation and Development (OECD) have just agreed a set of guidelines "for international cooperation to protect consumers against the growing problem of cross-border fraud, particularly on the Internet." The Internet Engineering Task Force (IETF) has set up an Anti-Spam Research Group. More and more Internet service providers (ISPs) -- including BT Openworld and MSN -- and mail users are installing software to block spams. And so on.
In the UK, the All Party Parliamentary Internet Group (APIG) is hosting a spam summit in Westminster on July 1, and the House of Commons will hold its first public hearing on spam on July 3. The British government has always seemed confused about the opt in/opt out issue, so it is time to make sure it's got the message.
Malcolm Hutty, regulation officer for Linx, the London Internet Exchange, says: "Opt in/opt out matters very much indeed. It should be opt in: we don't like opt out at all. Unless you have opted in to receive something, it's spam."
Does government action matter? Linx connects about 140 British ISPs to one another and to the Internet, and its recommended practices are much tougher than any regulations the government will adopt. However, Hutty welcomes them. "The regulations are going to be important because they will allow someone to bring a prosecution against spammers, including the ones inside the UK who are using machines outside the UK We'd very much like the information commissioner to go after them with a big stick."
British ISPs act against spammers by cancelling their accounts. However, Hutty says this isn't much help against the "persistent bad guys, because they just set up a succession of accounts."
But it can adversely affect ordinary users because, as Hutty says, "one of the major methods of sending spam is by hacking into other people's machines."
Jean-Philippe Courtois, chief executive of Microsoft in Europe, the Middle East and Africa, also supports tough penalties.
"You need to make the pain of sending spam high enough to make them think twice before spamming anyone. They'll go into other businesses, which also won't be so nice, but it will reduce the spam problem," he said.
Use common sense, he said. Don't post your address on the Internet, use an ISP that offers spam filtering, only deal with trusted vendors, don't respond to spam and don't open e-mails from people you don't know.
A lot of spam seems to come from free services such as Hotmail, but Courtois says Microsoft is trying to reduce it. It now prevents Hotmail users from sending more than 100 e-mails a day, and -- s like PayPal and Yahoo! -- is adopting Human Interactive Proofs (HIPs).
These include a security challenge that humans can do easily but machines cannot, such as read the text of a distorted image.
"That makes sure real people are creating accounts, not machines running scripts," Courtois says.
While all of these approaches are useful, there are two fundamental problems. The first is that the Internet's e-mail system, SMTP (Simple Mail Transport Protocol), is badly designed. The second is that HTML -- the language intended for marking up Web pages -- is a terrible way to do "rich text" e-mail including different type faces and illustrations.
SMTP and HTML are simple, obvious, cheap, open and standard, which is why they have been hugely successful. They are also hopelessly insecure, if not positively dangerous. They might have been fine for a trusted network of academic researchers, but if they had been offered commercially, they would have been laughed at.
Scott Welch, co-founder of the company that developed the FirstClass e-mail system, which is now owned by Open Text, says: "SMTP was never designed to be a robust messaging system: it will accept anything.
"It assumes that the sender identifies themselves correctly, so I can send you e-mail from george.bush@whitehouse.gov and there is nothing you can do, as the recipient, to verify that it was not sent by George Bush at the White House. It's not a Band-Aid problem: that's the way SMTP is," he said.
The lack of checking means you don't even need an e-mail account to send millions of spams, you just have to find a misconfigured mail server -- one with an "open relay" (see www. ordb.org).
The problem grew much worse when the Web browser became the front end to the Internet, and Netscape and Microsoft added e-mail to the browser.
Let's suppose an HTML e-mail arrives in your mailbox. HTML can contain links to pictures, which can be fetched from a remote Web server. That server now knows that your mailbox received the e-mail, when you opened it and which kinds of spam e-mail you are most likely to open. HTML e-mail can also contain "Web bugs" (www.bugnosis.org) or "beacons" (www.network advertising.org/Statement.pdf), which collect and pass on information, and scripts that can, in insecure systems, read your address book and perform other evil actions, just like a virus.
"The clever spammers put code in their messages that send out a beacon, so you can guarantee that if you run Outlook Express, you are going to get more spam," Welch said.
If the spammers are not that clever, they can use Vertical Response's iBuilder (www.verticalresponse.com/product/reporting.html) or Ad-Tracking (http://profits.cc/tracking. html) or a similar programme.
Welch points to three problems with Outlook Express -- all the result of what he regards as bad choices.
"The first was that they chose to display messages without any input from the user, in the Preview Pane," he said. "The second was to use, as the engine for the display, a scriptable Web browser. The third was to store your address book, unencrypted, on the same machine."
"A spam is a message, not something that is inherently evil," Hutty said. "Messaging is good. The problem with spam is that one person sends it to a million people regardless of whether they want it, and I don't think layers and layers of authentication are going to stop that."
The IETF research group is working on a draft Designated Senders Protocol "to identify hosts authorized to send SMTP traffic" and, ironically, so are the direct marketers whose e-mail messages are being filtered out as spam. Under Project Lumos, the American Email Service Provider Coalition (ESPC) is planning to set up a registry to certify the people who send legitimate bulk e-mail. They will be required to provide secure proof of their identity in the SMTP header.
Jim Nail, a senior analyst at Forrester Research in Boston, agrees "that's the direction we need to go."
If the mail most at risk -- circulars, newsletters, special offers, etc -- had its own authenticated "passport," while all mail that falsifies its origin was filtered out, most spam could be eliminated.
"There will always be some spam," Nail said, "but two to three years out, I think the volume will diminish. I'm an optimist."
On May 7, 1971, Henry Kissinger planned his first, ultra-secret mission to China and pondered whether it would be better to meet his Chinese interlocutors “in Pakistan where the Pakistanis would tape the meeting — or in China where the Chinese would do the taping.” After a flicker of thought, he decided to have the Chinese do all the tape recording, translating and transcribing. Fortuitously, historians have several thousand pages of verbatim texts of Dr. Kissinger’s negotiations with his Chinese counterparts. Paradoxically, behind the scenes, Chinese stenographers prepared verbatim English language typescripts faster than they could translate and type them
More than 30 years ago when I immigrated to the US, applied for citizenship and took the 100-question civics test, the one part of the naturalization process that left the deepest impression on me was one question on the N-400 form, which asked: “Have you ever been a member of, involved in or in any way associated with any communist or totalitarian party anywhere in the world?” Answering “yes” could lead to the rejection of your application. Some people might try their luck and lie, but if exposed, the consequences could be much worse — a person could be fined,
Xiaomi Corp founder Lei Jun (雷軍) on May 22 made a high-profile announcement, giving online viewers a sneak peek at the company’s first 3-nanometer mobile processor — the Xring O1 chip — and saying it is a breakthrough in China’s chip design history. Although Xiaomi might be capable of designing chips, it lacks the ability to manufacture them. No matter how beautifully planned the blueprints are, if they cannot be mass-produced, they are nothing more than drawings on paper. The truth is that China’s chipmaking efforts are still heavily reliant on the free world — particularly on Taiwan Semiconductor Manufacturing
On May 13, the Legislative Yuan passed an amendment to Article 6 of the Nuclear Reactor Facilities Regulation Act (核子反應器設施管制法) that would extend the life of nuclear reactors from 40 to 60 years, thereby providing a legal basis for the extension or reactivation of nuclear power plants. On May 20, Chinese Nationalist Party (KMT) and Taiwan People’s Party (TPP) legislators used their numerical advantage to pass the TPP caucus’ proposal for a public referendum that would determine whether the Ma-anshan Nuclear Power Plant should resume operations, provided it is deemed safe by the authorities. The Central Election Commission (CEC) has
RSS