On mySimon: Swiss Army Trekker Knife
BNET Business Network:
BNET
TechRepublic
ZDNet

January 30th, 2009

Spam: You just can't win

Posted by Larry Dignan @ 7:53 am

Categories: General, Security, Software Infrastructure, Web Technology

Tags: Cyberthreats, Spam, Security, Spam And Phishing, Larry Dignan

For anyone even slightly optimistic about thwarting the never-ending crush of spam I have two words: Don’t bother.

At the Information Security Best Practices conference at Wharton at the University of Pennsylvania I’ve learned the following from the first panel.

Comcast’s Gerard Lewis, senior counsel and chief privacy officer, noted that the CAN-SPAM act of 2003 “hasn’t done anything to curb spam,” but is “a well intentioned law.” Indeed, almost all email is classified as spam.

Lewis should know since Comcast moves millions of emails a day–450 million on average to be exact. Lewis walked through the evolution of spam and how defenses have moved from generic filtering to a more sophisticated model. The rub: The fancy stuff doesn’t work too well either. 

Lewis said that giving consumers more control and tools to prevent spam helps a bit. But plenty still fall for social engineering tricks. 

What’s the solution?

I haven’t heard one yet. Chris Marsden, a professor at the University of Essex, said there are a bevy of regulation schemes being cooked up across the pond. But it didn’t sound like there were any spam killers coming from the UK. 

Marsden said ISPs will likely see more regulation, but giving consumers more tools isn’t the answer per se. 

“ISPs have made it clear that consumers will not implement filters,” said Marsden. Australia has even sent CDs to citizens to prod them to implement filters. One outcome may be required filtering for spam and content on all PCs as a regulatory requirement. 

Think of these efforts as mandatory seat belt laws for Web surfing.

Update: In a followup conversation, Lewis said the biggest issue with laws like CAN-SPAM is that it doesn’t reach overseas where a huge chunk of the spam originates. Carol DiBattiste, senior vice president of privacy, security, compliance and government affairs at Lexis-Nexis, spoke about a different topic, but the solution sounds a lot like what the folks in the Talkbacks below are seeing. Lexis-Nexis as part of its security policy blocks international IP addresses.

Larry DignanLarry Dignan is Editor in Chief of ZDNet and Editorial Director of ZDNet sister site TechRepublic. See his full profile and disclosure of his industry affiliations.

For daily updates, follow Larry on Twitter.

Email Larry Dignan

Subscribe to Between the Lines via Email alerts or RSS.

  • Talkback
  • Most Recent of 38 Talkback(s)
RE: Spam: You just can
Yeah. Unfortunately, as you said, it's not used as much as it should be. We tried implementing it and ended up refusing most SPAM (probably about 99%) and about 95% of our legitimate email got blocked too because they didn't have an SPF file in their DNS. ... (Read the rest)
Posted by: mkleinpaste@... Posted on: 02/03/09 You are currently: a Guest | | Terms of Use
I have won!  Christian_<>< | 01/30/09
Doubt it  Necrolin | 01/31/09
Depends..  Necrolin | 01/31/09
I keep hearing that, BUT...  Dr. John | 02/02/09
Yes, you can win against SPAM.  JonathonDoe | 01/30/09
BLOCK - Eastern world problem solved...  Christian_<>< | 01/30/09
USA biggest source of spam  cfortune | 01/31/09
BLOCK HEAD  Marty R. Milette | 02/02/09
I have two bit bucket accounts  Dr. John | 02/02/09
RE: Spam: You just can  Stan57 | 01/30/09
i say go after the buyers  jan bLinQue | 01/31/09
clueless hello  SirLanse | 02/02/09
If they won't do as they're told, force them.  Anton Philidor | 01/30/09
RE: Spam: You just can  anogee | 01/30/09
RE: Spam: You just can  timmyjohnboy | 01/30/09
You can win. If you're willing to go to drastic measures.  CobraA1 | 01/30/09
Digital signatures will never catch on  Lerianis | 01/31/09
New protocols are like more gun laws  JJQ1000 | 02/03/09
You can win-EnterTo.com  Yumfy | 01/30/09
I have no problems with Spam  Roger Ramjet | 01/30/09
I have no problems with spam, either.  Grayson Peddie | 01/30/09
Two words (sorta)....  JoeMama_z | 01/30/09
re: Two words (sorta)....  none none | 01/30/09
RedCondor kicks SA butt....  JoeMama_z | 01/31/09
Mandate change to MIME/SMTP  no_zd_user_name | 01/30/09
Can you say Required DNSBL?  Ludovit | 01/31/09
Social engineering still exists even in snail mail  terry flores | 01/31/09
Poison credit cards  fazalmajid | 02/01/09
I don't seem to get it  AndyCee | 02/01/09
RE: Spam: You just can  merlins.cauldron@... | 02/02/09
Free program?  nosralr | 02/02/09
Route, not Source, is the problem  woodsy@... | 02/02/09
My lack of problems  nosralr | 02/02/09
Yes you can  mkleinpaste@... | 02/02/09
Caller ID or SPF would help.  Narg | 02/02/09
How about charging for e-mail  kgross | 02/02/09
It's been tried before...instead,...  Mihi Nomen Est | 02/02/09
RE: Spam: You just can  mkleinpaste@... | 02/03/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics Click Here

advertisement
Click Here

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here