Email spam and viruses: some pointers to the problem
- The problem description:
- Current mechanisms for addressing the problem:
- General:
- D. Crocker et al.,
Technical Considerations for Spam Control Mechanisms,
internet-draft, work in progress, June 2003.
"This note discusses available points of control in the Internet
mail architecture, considerations in using any of those points, and
opportunities for creating Internet standards to aid in spam control
efforts."
- This draft uses "STD OPP" to indicate opportunities
for technical standards.
- S. Hambridge,
DON'T SPEW: A Set of Guidelines for Mass Unsolicited Mailings and Postings
(spam*), RFC 2635, June 1999.
"This document ... gives a set of
guidelines for dealing with unsolicited mail for users, for system
administrators, news administrators, and mailing list managers."
- Filtering by the recipient:
- Sender authentication:
-
MTA Authorization Records in DNS (marid),
IETF Working Group.
"It would be useful for those maintaining domains and networks
to be able to specify that individual hosts or nodes are authorized
to act as MTAs for messages sent from those domains or networks.
This working group will develop a DNS-based mechanism for
storing and distributing information associated with that
authorization."
- Mitch Wagner,
Major ISPs Look To Sender Authentication To Block Spam,
INTERNETWEEK.com, June 22, 2004.
- Sender ID, authentication of the sender's IP address,
is a merger of Microsoft's Caller ID and
Sender Policy Framework (SPF).
- DomainKeys from Yahoo uses cryptographic authentication.
- Anti-spam practices for ISPs and sys-admins:
- Legal action:
- The
SpamCon Foundation Law Center contains information about cases,
texts of relevant laws, legislative news, and commentary and discussion.
-
The web site on Spam Laws.
-
Pamela Samuelsom,
Unsolicited communications as trespass?,
Communications of the ACM, October 2003.
-
ADMA applauds anti-spam law, September 19, 2003.
"TOUGH new legislation introducing fines for unsolicited junk e-mail,
known as "spam", brought applause from Australia's direct marketing
industry, which called for similar measures on an international scale."
-
Saul Hansell,
Dozens Charged in Push Against Spam and Scams,
New York Times, Auguest 25, 2004.
"Federal authorities have stepped up their efforts to crack down on junk
e-mail messages, or spam, since Congress passed a law last December
criminalizing fraudulent and deceptive e-mail practices."
- Possibilities for the future:
- Overviews:
-
Vint Cerf, Spam, Spim, and Spit,
Communications of the ACM, April 2005.
"This brief article, though by no means comprehensive, seeks to
provide some answers or at least some ideas for consideration."
- Technical:
- The
Anti-Spam Research Group is investigating frameworks
that include consent expression, policy enforcement for this consent, and
source tracking to identify senders that violate the consent policies.
"The purpose of the ASRG is to understand the problem and collectively
propose and evaluate solutions."
-
Evan Harris,
The Next Step in the Spam Control War: Greylisting, 2003.
"The Greylisting method ... only looks at three pieces of information:
1. The IP address of the host attempting the delivery;
2. The envelope sender address;
3. The envelope recipient address."
-
Vernon Schryver,
You Might Be An Anti-Spam Kook If...
"you have discovered the Final Ultimate Solution to the Spam Problem
(FUSSP)."
- Legal:
-
CAUCE, the Coalition Against Unsolicited Commercial Email.
"CAUCE ... is an ad hoc, all volunteer organization, created by Netizens
to advocate for a legislative solution to the problem of UCE (a/k/a
"spam")."
- Economic:
- Events:
-
MIT Spam Conference looks beyond filters,
InfoWorld, January 16, 2004.
"While last year's event provided a forum for those championing the
use of spam filters to stop unwanted e-mail solicitations, the 2004 Spam
Conference was notable for discussions of a whole spectrum of
spam-fighting tools, from the use of authentication to verify e-mail
senders, to lawsuits that target individual spammers."
- NIST's SPAM Technology
Workshop, February 17, 2004.
-
ITU Activities on Countering Spam,
July 2004.
Proposed additions to this page can be sent to
Sally Floyd.
Thanks to Randy Bush for pointers to new items.
Last modified: April 2005