Search goes on for ways to stop spam

Computerworld - ARLINGTON, Va. -- The words and phrases used to described spam by people at a Global Internet Project conference today were a lot like the subject lines of pushy e-mails: stark and attention-getting.
Spam "imperils the Internet," is "out of control," and is running in volumes that are "staggering." Spam is a burden on businesses, "the pain is real."
Or as U.S. Federal Trade Commissioner Orson Swindle said, spam "keeps getting bigger, even as we increase our efforts to try to curtail it." Swindle warned that this rapid e-mail proliferation could "be an impediment to true realization of the potential of e-commerce."
The other fear about spam, and one that has typically brought protests from the senior IT executives who make up the Arlington, Va.-based Global Internet Project, is government regulation.
"I think we would all agree that regulation on the Internet is not a good idea," said John Patrick, a recently retired vice president of Internet technology at IBM. But political leaders, acting out of frustration, might adopt regulations that are "very costly," he said. "I would say the potential [for regulation] is high at this point."
Regulation may already be a foregone conclusion. Eighteen states have adopted antispam laws, and there are several bills pending in Congress. Moreover, the European parliament last month approved a law making it illegal to send unsolicited e-mail.
Whether any of these laws will accomplish anything is another question. Internet service providers are playing an ongoing Whack-a-Mole game with spammers, who continually attempt, with some success, to circumvent efforts to curtail them.
"We're aggressively trying to stop the spam" from clients, which include Internet service providers, said Robert Rigby, a senior manager at WorldCom Inc.'s security operations center. "However, the spam community is just as innovative and just as technically savvy as we are."
One problem that network administrators face is that the spammers, or the "black hats," will readily share techniques among themselves, but corporations won't, Rigby said. "The black hat community has nothing to lose by sharing these technologies," he said.
Enterprises, however, are in the best position to protect their end users because of their ability to use a "multilayered approach" that can examine incoming e-mails by content, behavior, addresses and other criteria, said Randy Shoup, chief architect at Tumbleweed Communications Corp., a Redwood City, Calif.-based security vendor.
Regulation is another way to address spam, but Paul Misener, the vice president for global public policy at Seattle-based Amazon.com Inc., warned of one problem created by the leading antispam bill in Congress offered by Sens. Conrad Burns (R-Mont.) and Ron Wyden (D-Ore.)
That legislation, which would require working return addresses on e-mail, may penalize "inadvertent transgressors," or companies that accidentally send a marketing e-mail to a customer after that customer had requested removal from the e-mail list, said Misener.
Every business "has a strong economic interest not to irritate existing customers," said Misener, but the kinds of punishments imposed against people who send e-mail with fraudulent headers could potentially be applied to companies that inadvertently send out e-mail to customers who don't want it.
Many spam e-mails arrive from other countries, and without a global agreement, there is skepticism about the impact regulations would have on reducing spam.
Australia's government is examining the problem raised by spam, and any solutions will likely use a variety of approaches, said Keith Besgrove, an official at Australia's National Office for the Information Economy. He said a typical approach for his country would be to look at solutions that could involve legislation, industry codes of best practices and raising awareness.
The Australian government has had a long-standing policy of a "light touch" regulatory regime with anything to do with communications and online technology, Besgrove said.