Network World - The fight against spam has been too tactical and not strategic enough, according to experts at the Next Generation Networks conference in Boston.
"There's too much of the thinking, 'I've got a problem. How do I stop it from hurting me?'" said Phillip Hallam-Baker, principal scientist at VeriSign Inc. The thinking ought to be how to stop spam in general, he said.
"It's a public health problem. We have to look for ways to stop the infection from spreading to others," Hallam-Baker said.
Three approaches could work, said Paul Judge, chief technology officer at CipherTrust Inc. Filter spam so it never reaches desktops; train users to recognize and kill spam without responding to it or outlaw spam; and set up stiff penalties as a deterrent.
Spam can be limited by setting thresholds for cutting off e-mail from a single source address when more than a certain amount is sent per set time period, said Dean Drako, CEO of Barracuda Networks Inc.
Similarly, if a machine has been infected to generate spam, it can be cut off if it sends more than a certain amount in a given time period. About half of the machines used to spam are hijacked, said Hallam-Baker. Filters can also weed out spam based on keywords.
Phishers, whose e-mails seek to trick credit card and other financial information out of victims, use sets of commandeered machines to send their e-mails, Judge said. CipherTrust finds that phishers use about 1,000 such zombie machines per day, then switch to another battery of machines the next day. These zombie batallions range up to 15,000 in number, he said.
Hallam-Baker said ISPs should strip off all executables from their customers' e-mails to prevent creation of zombie computers. "It's a completely irrelevant capability that is only dangerous," he said.
Laws against spam throw potential legal hassles in front of spammers as well as the threat of financial penalties and the result of having all their e-mail blocked, Hallam-Baker said.
The downside is that antispam laws have had little effect. California passed an antispam law last year, Drako said. "There was no significant impact on spam being sent on the Internet," he said.
Hallam-Baker suggested a three-tiered registration system to stop spammers. Creating bonded senders could help by establishing a group of bulk e-mail senders who are likely not spammers. They would post a bond they would forfeit if they are caught spamming.
Senders would be authenticated via a lightweight DNS mechanism that would link the sender address to a small set of e-mail servers. If the address was lifted to send mail
- Top 12 Laptop Bags for Mobile Pros
- Think Deleted Text Messages Are Gone Forever? Think Again
- 7 New Faces of the C-suite
- 5 Ways CIOs Can Rationalize Application Portfolios
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Alert Logic for PCI DSS Compliance To achieve PCI DSS compliance, you must identify and remediate all critical vulnerabilities detected during PCI scans. Threat Manager streamlines this process by...
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts