Comment:
The Internet Engineering Task Force appears to be in a state of alarm over SPAM. That consternation is either amplified or actually caused by some competing proprietary proposals for a fix offered by various internet giants who see this is a 'King-maker'. There is a battle afoot to see who will control the anti-SPAM regime. Who will be "King" of Internet users' most favorite web activity?
Thus far, AOL™, Yahoo™ (Yahoo Mail) and Microsoft™ (Hotmail) have implemented various solutions including user-pay hierarchal mailbox-quality-improvement packages. No matter how much the consumer upgrades, no matter how many hits to their credit cards, the SPAM never ends, particularly from the host (AOL, Microsoft and Yahoo). They are now battling each other for the new crown.
It is our view that these three have been fooling the credulous internet user and taking their money in exchange for little in the way of delivered value and doing it at the expense of the quality and integrity of the internet infrastructure at large. They have also exploited and over-stressed the good will of the rest of the internet's providers and managers. (Can you imagine yourself being amused as the enterprise manager for 8,000 Unix servers the day Code Red exploited a gazillion out-of-the-box-dangerous Windows 2000 boxes as your routers and switches began failing over to handle huge junk bandwidth floods?) Why do we have to spend so much time and so many resources to fix problems created by AOL, Yahoo and Microsoft screwups? These three are very expensive neighbors on the internet. They are indeed bad neighbors. They are not to be relied upon to create internet-wide solutions. Their self interests obviate their right to dictate any solution except in their own house.
In fact, if AOL, Yahoo and Microsoft mail servers never again sent an Unsolicited Commercial Email (UCE), the rest of us could handle the SPAM problem using no more than the tools currently at hand!
Meanwhile, it is certainly true, the average computer user is absolutely ignorant, credulous, vulnerable and in a word, exploitable. Therein lies the power of these three, and the problem of a whole.
AOL has people in Canada paying $13.95 per month for the so-called AOL "Broadband Service" even though the customer is already paying their local cable-TV ISP for the service. Switching folks away from the deprecated AOL ISDN (Dial-Up service) with a valid speed-increase and price benefit argument were the local broadband or ADSL service providers. It was a panacea for local Cable TV operators. They obviously won over AOL's dial-up, being faster, local and more cost-effective on a per kbs (kilobits per second) basis.
But AOL has tricked a number of people we have spoken with. The customer acts in, and AOL encourages, the belief that AOL is providing their ISP services including mail, mail filtering, internet connection and so on. We have talked to local cable service operators who were near apoplectic in describing the phenomenon. The customer buys the local service for $25-$80 monthly, inserts the AOL CD which alters the DHCP settings and overlays facades to the operating system's components while installing the so-called AOL browser, email settings etc. All of this the customer has already bought and paid for redundantly either within their Microsoft or Mac operating system and from their local Cable (broadband) supplier. It is certainly true that everyone is getting their "cut" but the reality is that the consumer is getting 'screwed'.
If Microsoft, AOL and Yahoo get their way in the current anti-SPAM debate, the consumer will be compelled to upgrade to new software, upgrades and hotfixes, non of which initially will work, most of which will initially be a royal pain. Nothing. Absolutely nothing in the way of Microsoft software has functioned fully on first release.
It is our view that the service provider is responsible for cleaning up the Unsolicited Commercial Email problem. The service provider must do this without undue duress to the customer.
The internet began without this problem. Security was based on Unix's multi-user security model wherein many users operated namespaces and file spaces of their own on a hierarchal secure permission basis apart from and secure from all other users.
Along came Microsoft, AOL, Yahoo and many others with only one thought in mind. Exploiting everyone and everything to make money. Gobs of money. And if you have enough money you can buy enough advertising and tell enough lies to make people buy plain old rocks for half a "C" note and name them as pets.
Irresponsibly making money without one iota of care for the security implications of their efforts nor the cost to other internet users and providers, these three companies, plus a few others have earned the ire of many of their co-users/managers of the internet.
UCE (SPAM) from bogus and legitimate AOL, Yahoo and Hotmail accounts has for many periods in their history comprised the bulk of malicious and wasteful internet traffic and per se they are the primary contributor to the arterial sclerosis of the internet since their being.
These three companies cannot be assigned control over the solution to a problem they have authored. They must clean up their own act and be made accountable for doing that. None of these firms can be considered good corporate citizens of the internet until they have made recompense for the incredible amount of damage they have done to the internet out of pure green greed. What is needed soon is an open source solution which leverages the exisiting infrastructure for a firm SMTP host identification and communication regime. Hundreds of people are currently working toward that end and they must be heard.
Micheal J. O'Brien, President MPRM Group Limited
Toronto, Canada
SPF is a simple DNS implementation using the IN TXT entry in the DNS Zone record. It is a promising solution because it does not rely on any significant software changes on the client side nor does it inflict any hardship on the DNS infrastructure.
A significant majority of SPAM is forged. SPF allows your mail servers to easily distinguish forgeries from real mail. Importantly, SPF works before the message body is transmitted, saving you the bandwidth cost of downloading the message and the CPU cost of filtering it.
The Microsoft draft specification to address the widespread problem of domain spoofing. Domain spoofing refers specifically to the use of someone else's domain name when sending a message, and is part of the larger spoofing problem, the practice of forging the sender's address on e-mail messages.
If you have a mail account at Yahoo you can pay to have better SPAM filtering. For a range of prices from $29.99 to $59.99 per year you can purchase better SPAM removal services that come with other features like increased mail storage space.
Yahoo is also proposing to release software to MTA developers for inclusion in future software packages. They call it DomainKeys, a public/private key verification process.
If the public key is able to decrypt the private key embedded in the message, then the e-mail is considered authentic and can be delivered. If not, then the message is assumed not to be an authentic one from the sender and is blocked.
Some further reading about SPAM prevention:
[ Home | Spam List | Email Protocols | Home | Site Owner | AUP-Legal ]