Messaging Pipeline | Weapons Of Spam Destruction
Free Newsletter GlossaryContact UsAbout Us
One To One Collaboration Servers & Security Business

June 24, 2004

Weapons Of Spam Destruction

Sender authentication will not stop spam, but other weapons proposed by ASTA might do a lot, and quickly.

Messaging Pipeline

Just in case you get the wrong impression, it's not that I'm not a fan of sender authentication schemes -- I actually think it's important that when you receive an e-mail you should have some certainty about who sent it. The SMTP protocol we now use does not provide for that, and the various schemes proposed by the Anti-Spam Technical Alliance (ASTA) should fix that problem.

But that will not fix spam. Spammers are smart, they will figure out a way around or through sender authentication schemes, and will find their way through the various sender accreditation and reputation schemes being bandied about the industry. They are also not very nice people, and in simple fact are criminals who are financially very motivated to practice the fine art of spamming.

Less well known is that ASTA went beyond sender authentication and made several important proposals for best practices that ISPs should follow in the fight against spam. These have a better shot at stemming the tide of unwanted junk e-mail than sender authentication -- much better, and they would work more quickly as well.

The most important one is the proposal to block Port 25, the tag that SMTP uses for sending unsecured e-mail from a server. When a home computer is turned into a spambot zombie by a viral attack, such as the Bagel virus, it sends a torrent of e-mail using Port 25. If that were blocked, the spam-bearing e-mail could not get out, but of course normal e-mail could not get out either. It would be a reasonably simple chore for ISPs to educate their customers to change their mail programs to use Port 587 for secure mail. ISPs are reluctant to do this because of this tech support requirement, but that seems a small price to pay in the interests of protecting the wider community from spam.

A simpler proposal is for ISPs to construct a tar pit that would notice torrential streams of e-mail and stop them cold, or at least slow them down long enough to ascertain whether the stream contains spam or legitimate e-mail. Plug-in appliance products exist that will do this, and it is beyond me why ISPs haven't taken advantage of them.

The bottom line here is that the ISPs can play a significant role in stemming the tide of spam without changing e-mail protocols and DNS records, something that sender authentication requires. And the practices that ASTA proposes for ISPs might actually help solve the biggest problem to plague the Internet since the first major virus attack hit 15 years ago.

E-mail This Story
Print This Story

Get the latest Messaging news, product info, and trends every week.

Related Content

  Right-click and choose Copy to extract RSS Feed URL  Messaging Pipeline's Main RSS Feed
  Right-click and choose Copy to extract RSS Feed URL  Messaging Pipeline's Blog RSS Feed

Editorial and vendor perspectives

Editor's Picks
The Six Flavors Of Windows Vista
Microsoft plans to release a full six-pack of Vista versions, one for every taste. Which Vista will be right for you?

Hope is Not Enough When It Comes To Compliance

Three Ways To Authenticate E-Mail And Stop Spam

Wikis In The Workplace

Review: Google Desktop 3

Vendors are now talking about how collaboration can be improved by integrating video with messaging applications. They're even talking about adding live TV to mobile phones. How far do you go before it becomes a bandwidth and business productivity drain?
Video is a great idea
Video is fine but there needs to be size limits
It's never used for anything really productive
I draw the line at live TV

In search of messaging products? Check out our brand new Product Finder for a directory of groupware and collaboration tools, security products, archiving solutions, and more.


Digital Warehouse buys, sells, & rents used Cisco networking hardware such as routers & switches, as well as Juniper, Extreme & Foundry at 50-80% off list price. One year warrantee and fast delivery.

Roaring Penguin's CanIt-PRO anti-spam solution offers customizable spam and virus control for enterprises, campuses and ISPs. Designed for the mail server, CanIt-PRO lets you stop spam on YOUR terms. Click for free price quote for your organization.

Use your Intranet to manage Software Licenses, plan for Windows XP/2000 upgrades, do Security Audits and more. Click to try and ask for our white paper - PC Management for the Internet Age.

Analysts at the Tolly Group put a leading Branch Office IT services solution to the test, measuring performance, security and data reliability. Download the results, detailed in this free report, now.

Whether you need temporary or permanent access to remote PCs, LogMeIn has your solution: LogMeIn IT Reach for automatic maintenance of remote and mobile systems, and LogMeIn Rescue for instant, web-based remote access without pre-installing software.

Sponsored Links:      
 |   |   |   |   |   | 
 |   |   |   | 
 |   |   |   |   | 
Messaging Pipeline  |   |   |   | 
 |   |   |   |   | 
© 2006 | MESSAGING PIPELINE All rights reserved. | |