by Gail Perry
It has been estimated that more than 80 percent of today’s e-mail messages are spam — unrequested and unwanted mail that is clogging the world’s computers.
And while the precise definition of spam may be unique to each e-mail recipient, the unsolicited messages share the trait of being electronic mail sent to mass mailing lists, typically including hundreds, thousands, or even millions of e-mail users.
Accounting firms are feeling their way through various possible options for dealing with e-mail spam. Rick Patrick, information technology manager for Indianapolis-based Blue & Co. LLC, said that in a recent phone conference with a dozen accounting firms discussing methods for combating spam, “There were a dozen separate solutions.”
Blue & Co. confronts e-mail spam in-house, by incorporating an Internet DNS blacklist into their e-mail server. “Basically, it denies e-mail if it’s coming from known spam originators. It’s catching thousands of messages,” Patrick said. The firm also uses a product provided by Symantec, which filters messages for viruses and also has some spam-filtering capabilities. Patrick estimates that about two-thirds of the spam coming into the firm is rejected using this system.
But the spam war is an ongoing battle. “I expect before the end of the year we’re going to be reviewing what’s out there and augmenting those two tools with something new,” he said.
Madison, Wis.-based Virchow Krause & Co. uses a third-party program to filter e-mail. “About a year-and-a-half ago we implemented a system called Postini,” explained Allen Smith, chief information officer for the super-regional firm. “Before that, we did nothing. Now, all of the firm’s e-mail goes to Postini,” a California company that is in the business of providing e-mail security.
What you can do today Sophos, an anti-spam software provider, recommended that e-mail users apply the following methods to combating unwanted messages:
|
“The benefit of going with that particular solution is that the spam never comes into my network and I’m not paying for that bandwidth,” explained Smith, who estimated that about 70 percent of unwanted messages are filtered out before they ever reach the firm. Periodically the deleted messages are checked to make sure nothing that was supposed to be delivered was accidentally deleted.According to information on Postini’s Web site, the firm processes over 5 billion e-mail messages per month, and 10 of every 13 messages are spam.
A worldwide solution?
In July, Internet regulators from around the world met in Geneva at a conference hosted by the International Telecommunication Union, an arm of the United Nations. The World Summit on the Information Society was convened specifically to address the issue of containing and reducing worldwide spam.
Conference participants agreed that worldwide, unified legislation designed to combat spam would be required if the undesirable e-mail is to be contained. “We have to move forward on a global basis to attack spam and abuse of the Internet,” said meeting chairman Robert Horton in a statement. Horton is acting chairman of the Australian Communications Authority, the organization responsible for regulating telecommunications and radio communications down under. Australia’s aggressive stance on penalizing spam perpetrators, including fines of up to AU$1 million per day for repeat offenders, has resulted in a mass exodus of spammers from that country.
However, until there is a worldwide agreement on regulating spam, running a spammer out of one country only sends the mass mailer to another country where the laws are more lenient. Currently, about 35 countries have anti-spam laws in place. Most of the countries that have anti-spam legislation in place are English-speaking, developed nations.
To help developing nations implement anti-spam legislation, the conference attendees, who included delegates from 60 countries, agreed to help the ITU draft model legislation that can be used worldwide, and to establish a methodology for implementing such legislation once it is available. The ITU’s goal is to have a global anti-spam agreement in place within two years.
The two-year time frame actually came from a suggestion by Microsoft Corp. chairman Bill Gates. Gates has set 2006 as a cutoff for incorporating spam filters and other security features into Microsoft’s e-mail technology. “Two years from now, spam will be solved,” Gates said earlier this year at the World Economic Forum.
Microsoft is in the process of incorporating a sender ID screening feature into its Hotmail, MSN and Microsoft.com e-mail accounts. If the feature is successful, it could become a worldwide standard for screening senders of unwanted e-mail.
Participants at the ITU conference voiced particular concerns about pornographic e-mail messages, especially those being sent to minors, and the relatively new practice of “phishing.”
Phishing involves sending an e-mail message falsely claiming to be from an established legitimate enterprise and requesting personal information such as Social Security numbers, bank account numbers, PIN numbers and passwords. Banking organizations around the world have fallen victim to phishing scams wherein senders create an e-mail message that mimics logos from existing organizations and provides a link that sends message recipients to a site purporting to be operated by the legitimate organization.
Banks and credit card issuers estimate that businesses and consumers are currently losing more than $25 billion per year as a direct result of phishing. That amount “could easily reach into the trillions if it destroys the Internet methods of the banking industry,” said Horton. The online auctioneer eBay has also been a frequent victim of phishing attacks.
Sen. Patrick Leahy, D-Vt., recently introduced legislation called the Anti-Phishing Act of 2004 that would categorize the act of phishing as a federal crime and provide for federal prosecution of both the senders of the bogus e-mail messages and the creators of the non-legitimate Web sites.
Last year, Congress passed legislation known as the CAN-SPAM Act of 2003, designed to regulate spam by requiring that messages include opt-out clauses and assessing fines if the individual message recipients incurred losses exceeding $5,000. Critics of the legislation claim that, rather than stemming the tide of spam, the CAN-SPAM Act served to legitimize spam.
Spamhaus, a United Kingdom-based clearinghouse for monitoring spam, described the CAN-SPAM Act as an attempt to regulate rather than ban spam. “We believe this is a serious mistake, and that CAN-SPAM will succeed only in increasing spam volumes and the numbers of spammers,” stated the organization. Spamhaus takes the position that the act establishes the United States as a haven for spammers looking for a base for their operations.
And while companies and governments scramble to protect the desktop, be warned: Cell phones that are equipped to receive text messages are thought to be the next major spam target. Horton claims that nine out of every 10 spam messages in Japan are directed to cellular phones as text messages.
