A survey of IT security professionals conducted at the Infosecurity show in London this week revealed that more than 80 percent of people do not think that Bill Gates' pledge to eliminate spam within two years is realistic.
In June 2003, the Microsoft chairman called for cooperation between government and corporations to fight the spammers. But Gates was branded hypocritical by anti-spam organisations because they said that Microsoft was only focusing on reducing the amount of spam received, rather than the spam sent by its users and servers.
John Cheney, chief executive of email security firm BlackSpider Technologies, which conducted the survey, said the results show that the industry doesn't perceive Microsoft as a security authority, despite its chairman's enthusiasm for the task: "Spam isn't going to go away overnight and people don't think that Bill Gates is the right man to make it happen. It is going to take a combination of technology, legislation and a change in working practices," he said.
The survey also found that 38 percent of respondents didn't believe that the EU anti-spam directive would have any success in reducing unwanted emails. This is not a surprise because research has shown that the majority of spam comes from outside the EU and most countries have yet to implement the legislation.
Cheney said he was surprised that almost 40 percent of people thought the law, which bars unsolicited emails from being sent to only consumer email addresses, would make a difference: "Spammers don't see any difference between a business email addresses or a consumer email addresses," he said.
Additionally, service providers and technology companies have been working together with Microsoft during the past year to try and develop a universal Caller ID system for email messages. At the RSA security conference in February, Hans-Peter Brondmo, co-chairman of anti-spam organisation the Email Service Provider Coalition (ESPC)'s technology working group, said a small upgrade to the email infrastructure would allow emails to "prove" their origin, making it much easier to identify "spoofed" messages.
"What we are talking about here is an upgrade to the email infrastructure, but it is a minor upgrade. Caller ID/SPF simply means that when an IP address sends email, you can ask if the domain it represents is legitimate. It uses the DNS infrastructure that is already there, so it links the sending domain with the sending IP address," he said.