Sophos: Spam won't be gone in two years

The security vendor's co-founder Jan Hruska tells why only legislation backed by timely prosecution, as well as preventive software, will be effective against spam.
Written by Vivian Yeo, Contributor

The world will not see the end of spam anytime soon, but a combination of legislation and antispam tools could help manage the problem, says a veteran in the security industry.

"In two years' time, we're definitely not going to see the end of spam," said Jan Hruska, co-founder of Sophos, in an interview with ZDNet Asia last week. The security vendor's former co-CEO was making a reference to Microsoft Chairman Bill Gates' prediction that spam would be eradicated in 2006.

Hruska pointed out that "every single tactic that has been tried so far [to stop the spam scourge] has had very limited success". Mail authentication for one, "hasn't helped" in practice, and will not have much impact--at least not in the short term, he said.

"People who have tools to authenticate an e-mail are in fact spammers," he noted. "They start sending out spam [to e-mail] that has been authenticated."

Other initiatives such as charging for e-mail and providing an e-mail registry, have also not been successful, according to Hruska. Fee-based e-mail has not taken off mainly because people "are not used to paying for e-mail", he said, adding that an e-mail registry is also not feasible as people who do not register are automatically considered spammers.

"Only two things really have worked--legislation followed by prosecution, which discourages spammers, and second, the use of antispam software," Hruska said, stressing that the laws must be complemented with "the willingness and capability of the judiciary to catch and prosecute [spammers]".

"Legislation is the enabler of the prosecution, but the effect is not going to be seen until there are a number of successful prosecutions," he said.

Prosecution, Hruska added, should be followed up fairly quickly after the legislation is passed. Cases should be publicized to give them a higher profile, he said.

One country that has vowed to put in place tougher legislation against spam is China, which is catching up with the United States in terms of spam contribution.

Hruska also highlighted partnership of some countries worldwide to fight spam, but cautioned that these initiatives are limited in their impact.

"We mustn't forget that the spam problem is very much an international problem--there might be legislation in some countries, but there are still going to be places around the world where there is going to be little or no legislation, and it is only natural that spammers will gravitate toward those jurisdictions," he explained.

"The government can put in place legislation to deter spam, and also prosecute spammers, but from the point of view of users and companies affected by spam, the best thing people can do is just use antispam software," he said.

Editorial standards