Why Microsoft's spam ploy is no solution

Why Microsoft's spam ploy is no solution

Summary: Microsoft's ploy to drum up business for its spam-filtering technology will probably be successful! That said, from my experience, the number of people depending upon e-mail forwarding must be considerable -- from an e-mail volume standpoint, perhaps staggering!

SHARE:
TOPICS: Tech Industry
12

Microsoft's ploy to drum up business for its spam-filtering technology will probably be successful!

That said, from my experience, the number of people depending upon e-mail forwarding must be considerable -- from an e-mail volume standpoint, perhaps staggering!

Being an alumnus of two universities, having a primary e-mail address at work, a wireless e-mail address, and an e-mail address required by my broadband provider -- all of which forward to the same Exchange inbox, I expect that Microsoft's actions will result in a dramatic drop in the reliability of the existing spam detection technology -- especially for the mobile professional who also subscribes to a large number of listservs which might also be impacted.

It took months for my employer's spam filters (which send me a quarantined list of two-dozen every day -- for my review) to mature to the point that the number of false positives are down to about three per week! If successful, Microsoft's plan will likely introduce large numbers of false positives to the workplace e-mail environment without significantly improving the spam problem for hundreds of millions of casual users of e-mail.

Spam really represents two distinct problems. One is the "legitimate" mass market operation who used to send you "junk mail" until they discovered that sending e-mail was cheaper than bulk-rate postage. These folks, while a considerable annoyance, do at least have a legitimate reason for contacting you. They want to tell you why their product is better than the next guy's product. The other is the unscrupulous e-mailer who wants to steal your identity, sell you porn, or get you to buy some fake product (be it a pharmaceutical or a sexual aid).

There are laws to protect you from both of these types of unwanted e-mail. The problem is that we don't know who the sender really is -- or what jurisdiction governs their activities. One more anti-spam tool which generates false positives will not solve this problem!

The solution can only be an underlying redesign of Internet e-mail, developed under the auspices of a sanctioning body (such as IEEE), which guarantees that sender are who they say they are and that the jurisdictions of  senders can be determined with certainty.

[Editor's note: David Berlind looks at the slow progress toward an anti-spam standard.]

Topic: Tech Industry

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

12 comments
Log in or register to join the discussion
  • A suggestion for you.

    If you don't like it, don't use it. See how simple that is?
    No_Ax_to_Grind
    • yeah

      I wonder does he use hotmail? Does anyone? With all the spam that comes from hotmail addresses (spoofed or not) I usually filter everything with a hotmail.com in it to the trash directly. Sorry to continue the rant I just get peeved by uneducated and poorly formulated editorials that have wide distribution.
      thomasgal@...
      • Editorial SPEWS?

        Blackhole Lists Are Your Friends.

        You can get a lot of milage out of simply blackholing whole countries. It's been quite a while since I got any spam from Argentina, for instance, since ar.blackholes.us went into my reject filter.

        Of course, the Mother of All Blackholes is SPEWS. Works wonderfully, esp. combined with DUL.
        Yagotta B. Kidding
        • And you can...

          Also block them all by using greylisting and spamassassin together.

          Works beautifully... and hey.. it's free!
          FreeBSD
  • Seems Uneducated

    First of all everything causes false positives, and Microsoft is being very clear that publishing your SPF/Sender-ID information in DNS will only help your situation. Much like most spam filters if it's not there it will just be one of many indicators so prophesizing doom is pretty worthless and scaring people when it comes to microsoft gives the appearence of bandwagon editorialism.
    Finally you may not know it but IEEE is the Institute of Electrical and Electronics Engineers (of which I am a member) and has nothing to do with email in any way. Perhaps if you did your research you would know that it is the IETF (Internet Engineering Task Force) who would likely be in charge of specifications in this area. In fact SPF(pobox), Sender ID(MS), Authenticated Internet Mail(Cisco), Domain Keys(Yahoo), and other specifications have all been submitted to the IETF for standards process review. Sender ID however got bogged down in the working group (which I participated in) mostly because the open source folks wanted to impose "their" licensing terms on Microsofts technology and neither side would yield. I'm no Microsoft Afficionado but the stubborness on the part of the open source community on this issue which likely is paramount to all others was disappointing. This whole spam problem is a big chicken and egg problem with people refusing to adopt a technology that depends on everyone using it to work. At least Microsoft is taking the step of requiring SenderID information to encourage adoption(SPF records happen to be effective in this case as well), much like Gmail already uses SPF and Domain Keys and many other providers have started adding the newer technologies. It was also wonderful to see Microsoft and people from pobox, yahoo, and others getting along at the FTC anti-spam summit held in D.C. in December like you wouldn't believe. I remember the Microsoft speaker one day saying that Bill Gates came to him and said "I don't care how, but this spam problem needs to be solved" and for once I believe it. There's not a single intelligent individual who likes spam, and along the path to a final solution will come intermediate solutions that need to be implemented and vetted. The last thing we need is uninformed editorials making blanket statments about technological and socialogical challenges. Enough good reasons exist to bash Microsoft out there if that's what your into without sowing Fear Uncertainty and Doubt without technical basis. The reality is that buy forcing acception of SenderID MS is probably encouraging widespread deployment more than an IETF standard or anything could have done. Certianly it's not perfect, and your forwarding services may need a little tweaking, but it sure is better than complaining about what's out there and not offering a thing more.
    thomasgal@...
    • oh yeah

      For a good summary of current Anti-Spam techniquies of today and how they work along with their weaknesses(yes they all have flaws):

      http://spf.pobox.com/whitepaper.pdf

      -Tom
      thomasgal@...
    • Outstanding post!

      Well put!!!
      No_Ax_to_Grind
  • 185 days left

    Don't worry, Microsoft has promised to eliminate
    spam by the end of 2005. 185 days left until the
    world is freed of spam entirely. I'm sure they
    have some secret plan because nothing they've
    announced so far will even come close.

    I'm getting almost 500 spams a day but I'm quite
    happy to wait just a few more months to have this
    problem completely solved for me. For now,
    spamassassin is a little over 99% accurate with
    virtually no false positives.
    cthompson
    • 500 spams..

      Implement greylisting and that number will be close to 0.
      FreeBSD
  • It's not spam-filtering

    Dang, I'm gettin tired of repeating this.

    "Sender ID" doesn't do anything regarding spam, because it only checks to see if the sending server is who it claims to be. Right now, the majority of "Sender-ID" compliant mail servers are -- you guessed it -- spammers.

    Well, you say, but SPF or "Sender-ID" allow us to verify that the sending server is allowed to send mail for the domain, right? If we get spam from EarthLink, we can block their servers.

    Great idea. Guess who has the largest output of spam on the Net right now? You got it: MSN. Lots of zombies shipping mail through MSN servers, all (naturally) backed by "Sender-ID."

    Next plan, Bill?
    Yagotta B. Kidding
    • Not invented here

      Microsoft apparently is never going to indorse anything that they
      cannot claim as their own, or anything they have not added a
      hook to that they can use to 1. make money and 2. fight open
      source. If they were serious they could release it under the BSD
      license. They sure aren't shy about using BSD licensed software
      in Windows, etc.

      Fortunately for this situation, hotmail.com and msn.com
      produce so much spam that getting on their bad side will have
      absolutely no effect on businesses, IMO.

      At the moment we give all mail from either hotmail.com or
      msn.com two points in our spam filter, and toss any mail with
      3.5 points into the users Spam folder. So, for example, an html
      email message from either site, from a sender whose name ends
      with a number, goes straight into the bit bucket. And in 20
      months of using this filter we have received zero false positives.

      So, what difference does it make if a site that you consider a
      spammer labels the mail you send as "possible spam"
      Otto_Delete
    • Of course it's not spam-filtering

      It is however, a technology that can help make spam-filtering more reliable.

      Certainly it does something "regarding spam", that is the whole idea.

      From http://spf.pobox.com/howworks.html:

      "And as a user, SPF can help you sort the good from the bad. Reject mail that fails an SPF check. Use it to help your spam filters make a decision."

      Perhaps if you clarify your message you won't find yourself repeating it so often?
      sagec