Security threats Toolkit

International coalition hits back at spam

Tags:
Guidelines,
Recommendations,
Fight,
BT

Stefanie Olsen CNET News

Published: 23 Jun 2004 08:50 BST

A coalition of top Internet service providers on Tuesday advocated a set of technical guidelines designed to stem the tide of spam.

Yahoo, Microsoft, EarthLink, America Online, British Telecom and Comcast announced a proposal of best practices for filtering and sending email. Among the recommendations are technical methods for authenticating email senders by Internet Protocol address or with digital content signatures. That way, ISPs and email providers could help prevent email fraud, one of the chief frustrations for anti-spam fighters.

In addition, the group advocated that ISPs detect and shut off Internet traffic from "zombie" machines, hijacked consumer PCs on their networks used to send millions of unwanted email messages every day.

"Our aim with this proposal is to help lay out a clear framework for the industry as we continue to work together to end the spam business and put our customers back in control of their inboxes once again," Ryan Hamlin, general manager of Microsoft's Anti-Spam Technology and Strategy Group, said in a statement.

The effort is the latest from the Anti-Spam Technical Alliance, or ASTA, a group formed in April 2003 by the four major ISPs -- Yahoo, Microsoft, EarthLink and AOL. Since its founding, the coalition has not publicly announced many joint projects, but individually, the parties have laboured over technical and legal efforts to thwart spammers.

On the technical front, each company in the last year has publicly backed a different system for authenticating email and quashing mail forgeries, or domain spoofing. Yahoo has backed a system known as DomainKeys for verifying the identity of an email sender with digital signatures, or two-key encryption. AOL has been testing a DNS-based system, formerly known as Sender Permitted From and recently renamed Sender Policy Framework, or SPF. Microsoft, too, has developed its own system for identifying the origin of email, called Caller ID for Email. It recently proposed a merger of Caller ID with SPF.

On Thursday, the coalition endorsed the underlying technical methods of each system, without specifying a standard. The group is examining both DNS-based and encryption-based systems and believes that the two standards are complementary.

ASTA's proposal also said that ISPs should implement rate limits on outbound email traffic, control automated registration of accounts and close all open relays, which are a big source for email. They also urged ISPs to block or limit email on Port 25, the main thoroughfare for email communications. For consumers, they recommended that all PC users install virus protection and security systems.

Earlier this year, ASTA launched its first joint legal assault against spammers. The suits claim that hundreds of unnamed defendants sent messages using false email addresses -- a violation of the newly enacted federal Can-Spam Act.