Email spam and viruses: some pointers to the problem

The problem description:
- The SpamCon Foundation.
  "SpamCon Foundation's goal is to allow email users optimal control over the mail they receive." The web site includes discussions of the impacts of spam, and pointers to analytical papers.
- Keep an eye on global email threats from MessageLabs.
- The Spam Archive.
  "SpamArchive.org is a community resource that provides a database of known spam to be used for testing, developing, and benchmarking anti-spam tools."
Current mechanisms for addressing the problem:
- General:
  - D. Crocker et al., Technical Considerations for Spam Control Mechanisms, internet-draft, work in progress, June 2003.
    "This note discusses available points of control in the Internet mail architecture, considerations in using any of those points, and opportunities for creating Internet standards to aid in spam control efforts."
    - This draft uses "STD OPP" to indicate opportunities for technical standards.
  - S. Hambridge, DON'T SPEW: A Set of Guidelines for Mass Unsolicited Mailings and Postings (spam*), RFC 2635, June 1999.
    "This document ... gives a set of guidelines for dealing with unsolicited mail for users, for system administrators, news administrators, and mailing list managers."
- Filtering by the recipient:
  - Paul Graham, A Plan for Spam, August 2002, and Better Bayesian Filtering, January 2003.
  - Help for email recipients from the SpamCon Foundation.
- Sender authentication:
  - MTA Authorization Records in DNS (marid), IETF Working Group.
    "It would be useful for those maintaining domains and networks to be able to specify that individual hosts or nodes are authorized to act as MTAs for messages sent from those domains or networks. This working group will develop a DNS-based mechanism for storing and distributing information associated with that authorization."
  - Mitch Wagner, Major ISPs Look To Sender Authentication To Block Spam, INTERNETWEEK.com, June 22, 2004.
  - Sender ID, authentication of the sender's IP address, is a merger of Microsoft's Caller ID and Sender Policy Framework (SPF).
  - DomainKeys from Yahoo uses cryptographic authentication.
- Anti-spam practices for ISPs and sys-admins:
  - G. Lindberg, Anti-Spam Recommendations for SMTP MTAs, RFC 2505, February 1999.
  - Anti-spam practices for ISPs and sys-admins from the SpamCon Foundation.
- Legal action:
  - The SpamCon Foundation Law Center contains information about cases, texts of relevant laws, legislative news, and commentary and discussion.
  - The web site on Spam Laws.
  - Pamela Samuelsom, Unsolicited communications as trespass?, Communications of the ACM, October 2003.
  - ADMA applauds anti-spam law, September 19, 2003.
    "TOUGH new legislation introducing fines for unsolicited junk e-mail, known as "spam", brought applause from Australia's direct marketing industry, which called for similar measures on an international scale."
  - Saul Hansell, Dozens Charged in Push Against Spam and Scams, New York Times, Auguest 25, 2004.
    "Federal authorities have stepped up their efforts to crack down on junk e-mail messages, or spam, since Congress passed a law last December criminalizing fraudulent and deceptive e-mail practices."
Possibilities for the future:
- Overviews:
  - Vint Cerf, Spam, Spim, and Spit, Communications of the ACM, April 2005.
    "This brief article, though by no means comprehensive, seeks to provide some answers or at least some ideas for consideration."
- Technical:
  - The Anti-Spam Research Group is investigating frameworks that include consent expression, policy enforcement for this consent, and source tracking to identify senders that violate the consent policies. Related activities.
    "The purpose of the ASRG is to understand the problem and collectively propose and evaluate solutions."
  - Evan Harris, The Next Step in the Spam Control War: Greylisting, 2003.
    "The Greylisting method ... only looks at three pieces of information: 1. The IP address of the host attempting the delivery; 2. The envelope sender address; 3. The envelope recipient address."
  - Vernon Schryver, You Might Be An Anti-Spam Kook If...
    "you have discovered the Final Ultimate Solution to the Spam Problem (FUSSP)."
- Legal:
  - CAUCE, the Coalition Against Unsolicited Commercial Email.
    "CAUCE ... is an ad hoc, all volunteer organization, created by Netizens to advocate for a legislative solution to the problem of UCE (a/k/a "spam")."
- Economic:
  - Declan McCullagh, "Want to stop spammers? Charge 'em." May 5, 2003.
    "New laws and new filtering technologies aren't good enough: Spam can be canned only through economics."
  - Bala Krishnamurthy, SHRED: Spam Harassment Reduction via Economic Disincentives, viewgraphs.
Events:
- MIT Spam Conference looks beyond filters, InfoWorld, January 16, 2004.
  "While last year's event provided a forum for those championing the use of spam filters to stop unwanted e-mail solicitations, the 2004 Spam Conference was notable for discussions of a whole spectrum of spam-fighting tools, from the use of authentication to verify e-mail senders, to lawsuits that target individual spammers."
- NIST's SPAM Technology Workshop, February 17, 2004.
- ITU Activities on Countering Spam, July 2004.

Proposed additions to this page can be sent to Sally Floyd.
Thanks to Randy Bush for pointers to new items.
Last modified: April 2005. Links updated: April 2009.