Spam blight may prompt big changes

The war against spam is heating up. In recent weeks, companies from across the technology sector have come forward with proposals to end — or at least curtail — the blight of unwanted e-mail messages.

Recent announcements, including an agreement on industrywide best practices for e-mail providers, promise new anti-spam tools and technology from Microsoft Chairman and Chief Software Architect Bill Gates and a new secure e-mail service from VeriSign, which could be evidence of wholesale changes in the way e-mail is sent and received on the Internet.

Leading the charge is the Anti-Spam Technical Alliance (ASTA), an industry group representing e-mail providers and ISPs such as America Online, EarthLink, Microsoft, and Yahoo.

The alliance released a statement of intent in June with suggestions and best practices recommendations for ISPs, e-mail service providers, governments, corporations, and bulk e-mail providers. The group advised ISPs to shut down e-mail servers that allow parties who do not own the mail server to relay mail through them. ASTA also suggested that ISPs crack down on virus- and worm-infected computers on their networks.

But a best practices approach to fighting spam may not be enough, said John Levine, a member of the Internet Research Task Force’s Anti-Spam Research Group.

In June, Microsoft submitted a draft technical specification of an e-mail authentication system it calls Sender ID to the IETF for consideration as an industrywide standard. Sender ID requires organizations to publish the addresses of their outgoing e-mail servers in the DNS. Organizations receiving e-mail can then verify incoming e-mail messages by checking source information in the message envelope and body.

Microsoft is working on technology that requires e-mail senders to “qualify” e-mail messages they send by performing certain computations that would be transparent to most senders but would bog down high-volume spammers.

For large businesses that rely on e-mail to communicate with customers, Microsoft’s Gates backed the idea of third-party e-mail accreditation systems that are capable of certifying the identity and probity of e-mail senders. That idea also appeals to executives at VeriSign, said Chad Kinzelberg, a company vice president.

VeriSign backs a plan to couple sender authentication with a domain reputation assessment system. Not surprisingly, Kinzelberg thinks VeriSign, which has completed background checks on more than 400,000 companies for which it has issued digital certificates, is a natural fit to manage any such reputation system.

VeriSign also unveiled its Email Security Service, a managed e-mail service that intercepts, scans, and filters e-mail traffic before passing it to customer e-mail servers.