QuickLinks - Junk mail (spam)
QuickLinks - Junk mail (spam)
Issue no. 318 - 5 September 2004
- OECD - Task Force to Coordinate Fight against Spam
OECD countries have set up a task force to marshal the efforts of government, business and civil society in the most comprehensive, strategic and inclusive response to date to the problems posed by unsolicited e-mail messages, or spam. The OECD Task Force will ensure a better focus of work on priority areas and improved coordination between different policy communities. Key objectives will include coordinating international policy responses in the fight against spam, encouraging best practices in industry and business, promoting enhanced technical measures to combat spam along with improved awareness and understanding among consumers, and facilitating cross-border law enforcement.
- Sender ID loses supporters
The Apache Foundation, an open-source development group, has withdrawn its support for the proposed anti-spam standard Sender ID, saying Microsoft's licence requirements are too strict. The move by the group responsible for the popular Apache Web server comes as other open-source developers also voiced reservations about Microsoft's attempts to apply stringent licence requirements to its contribution to the spam-fighting technology.
Issue no. 317 - 22 August 2004
- ISIPP Spam Conference
by Rebecca Bolin. Notes from the Institute for Spam and Internet Public Policy (ISIPP) conference on spam, the International Spam Law and Policies: The Global Case. see also Spam Laws Worldwide Index.
- Spam and the Introduction Problem
by John Levine. A common approach to the spam problem is to divide it into the authentication problem and the introduction problem. The authentication problem involves ensuring whoever claims to have sent an e-mail message really did send it. Authentication has gotten a lot of attention. While it's far from solved, it's fairly well understood. The introduction problem involves vetting mail from people who haven't written before. A lot of anti-spam proposals turn out really to be introduction proposals. While some of these proposals are quite clever, and some of them are plausible solutions to the introduction problem, none of them solve the spam problem, because the introduction problem is not the spam problem.
Issue no. 316 - 1 August 2004
- Australian code aims to curb spam
A spam taskforce operating under the auspices of the Australian Internet Industry Association (IIA) has released a draft industry code of practice designed to block the spam epidemic. Members of the public and all relevant stakeholders are invited to submit comments by 30 August 2004.
- NL - Dutch regulator inundated with spam complaints
(Digital Media Europe)
OPTA, the Dutch telecom watchdog, has reported receiving 2,200 spam complaints - including 1,900 over e-mail - in the two months since anti-spam regulations went into force in the Netherlands.
- Sender Address Verification: Solving the Spam Crisis
Thankfully, a new anti-spam technology has made its way into the market. This approach, known as Sender Address Verification or SAV, is poised to cripple spammer's ability to deliver machine-generated email. [Ed: Read the comments as well as the article].
- Spam - Think Globally, Block Locally
Spam is a global problem: Even though most of it originates in the United States, the bulk of it is sent from overseas on behalf of American spammers. Is law or technology the best way to solve the problem? That's the question considered by privacy experts at a conference called 'International Spam Law & Policies: The Global Case.' Most speakers firmly came down against legislation, promoting a mix of private legal action and technology.
- US - Florida delivers sunshine and spam
Although Florida is fighting back with an anti-spam law that went into effect this month, the state has long been known as the "spam capital of the world." Florida is relatively attractive to folks who are running scam-type operations because it has very favorable personal bankruptcy laws. If they get sued, they're able to hold on to a lot more of their personal possessions.
- US - Judge fines spammer $4m
Microsoft has won a judgement against a Californian spammer. A federal judge in California has awarded Microsoft $4m after finding that a California man and his company had sent spam, or unsolicited email, to users of its MSN and Hotmail services to get them to download a toolbar onto their computer desktops.
Issue no. 315 - 18 July 2004
Issue no. 314 - 24 June 2004
- Anti-Spam Technical Alliance Publishes Industry Recommendations to Help Stop Spam
The Anti-Spam Technical Alliance (ASTA), whose participants include Yahoo!, Microsoft, EarthLink and America Online, have unveiled the result of more than a year of close collaboration by presenting a host of detailed best practices and technical recommendations for the entire industry in an effort to fight the scourge of spam. The proposal provides recommended actions and policies for Internet service providers (ISPs) and e-mail service providers (ESPs) as well as large senders of e-mail including governments, private corporations and online marketing organizations. These recommendations primarily focus on two key issues: helping solve the e-mail forgery problem by eliminating domain spoofing through Internet Protocol (IP)-based and signature-based solutions; and best practices to help prevent ISPs and their customers from being sources of spam."
- EU - United front against spam urged
The European Commission has urged the computer industry to sort out its anti-spam strategy. Lack of co-operation between all those tackling spam was holding back efforts to stem unwanted commercial messages, said EC official Philippe Gerard. At an anti-spam meeting in London, he said it was up to industry to do its part now that laws were in place to prosecute spammers.
- Spam Laws Worldwide - UK
by Rebecca Bolin. Many people have been watching how the UK's December 2003 spam legislation has developed. Though there was little hope for it at the time, it seems the situation is now out of control, and no one believes the UK legislation (though based on the strong EC Directive) will do much at all. Section 32 offers the preferred method of enforcement. Persons or the Office of Communications can request that the Information Commissioner enforce the regulations. Even before the regulations, the Commissioner warned that it did not have enough funding to carry out responsibilities under the new laws. These predictions were correct. Though the law threatens fines for non-compliance, seven months later, none have been issued.
- US - FTC Says No to Antispam Registry
A national 'do not e-mail' registry would do little to prevent the proliferation of junk e-mail and could even make the spam problem worse, said the Federal Trade Commission. The FTC was required to produce the report for Congress under a provision of the federal Can-Spam Act. The 'do not e-mail' registry would have functioned much like the national 'do not call' registry, allowing consumers to protect themselves from unwanted marketing. However, technical oversights in the e-mail system would make such a registry impossible in practice, concluded the report.
- US - Spammer prosecutions waste time and money
by Thomas C Greene. The recent US Federal Trade Commission (FTC) report on the futility of establishing a national 'do not email' registry contains a number of interesting observations related to spam control and to the so-called CAN-SPAM Act. In a nutshell, the FTC rejects the registry because it would become a weapon that spammers could use to fortify their ever-growing lists of victims. But there are a number of related points in the report that deserve attention. One is an indirect critique of the CAN-SPAM Act, recent legislation that promises lawsuits and even jail time for incontinent spammers. The Act is meant as a deterrent, and in order for it to work as such, it will obviously have to be used, and spammers will have to be made examples. Unfortunately this is an expensive and often futile business,
Issue no. 313 - 13 June 2004
- DE - German Spam Floods Inboxes
German residents have been targeted by a flood of racist emails. This is thought to be the first time that right-wing extremists have used wide-scale spamming to reach their audience. The emails included stories about the alleged criminality of foreigners and their abuse of the German health and social welfare system, which has led to suggestions that the European elections may have been the trigger for the spam attack. The emails, sent by computers infected with the Sober.G virus, contained racist messages and links to right-wing Web sites. Sober.G is a mass-mailing worm that sends itself to email addresses harvested from each infected computer. First detected in May this year it has been most active in the UK, Germany and the Netherlands, according to MessageLabs. See also German Spam Floods Inboxes (Wired). Zombies are personal computers that have been infected with a virus that allows spammers to control them from a remote location for the purposes of sending out mass quantities of spam. These infected machines allow spammers to send much more e-mail than they could with their own e-mail server. It also makes it harder for authorities to trace the source of the messages.
- UK - Spammers consider a soft touch
The UK is increasingly seen as a soft touch for spammers, many of whom have decided to set up shop here, according to anti-spam organisation Spamhaus. Steve Linford, founder of Spamhaus, told vnunet.com that the European e-Privacy Directive, enforced in December 2003, had simply made the problem worse.
- US - Comcast Slows Flow Of Spam
Comcast, the USA's largest provider of high-speed Internet access, has begun blocking a channel frequently exploited by spammers to send out large volumes of e-mail, a move that many technologists say was long overdue and should be matched by other service providers. The company began targeting certain computers on its network of 5.7 million subscribers that appeared to be sending out large volumes of unsolicited e-mail and it is blocking port 25, a gateway used by computers to send e-mail to the Internet.
Issue no. 312 - 6 June 2004
- US - Network Associates awarded antispam patent
Security software company Network Associates has been granted a patent for methods of filtering spam, or unsolicited e-mail. The United States Patent and Trademark Office approved the patent, a sweeping grant for Network Associates' methods and systems used within its McAfee antispam products. The patent covers a combination of techniques to fight spam, including what's known as compound filters, paragraph hashing and Bayesian rules,
Issue no. 311 - 31 May 2004
- Microsoft wants to meld antispam proposals
Microsoft is lobbying to combine its technical proposal for authenticating e-mail, Caller ID for E-mail, with a competing process, SPF, or Sender Policy Framework, backed by America Online. Microsoft has submitted the proposal to industry standards body Internet Engineering Task Force (IETF) for consideration as a standard. Yahoo has also submitted its own e-mail authentication proposal, DomainKeys, to the IETF. See also Antispam framework scores Microsoft endorsement (CNET News.com).
- Spam messages on the increase
Junk mail now accounts for nearly 70% of e-mails worldwide, according to filtering firm MessageLabs. Despite efforts in the US to cut down on the sending of unsolicited messages, new laws seem to be having the opposite effect. Spammers are simply adapting rather than shutting up shop. 'The law goes part way to legitimise spam rather than outlaw it,' said Natasha Staley, information security analyst at MessageLabs.
- US - Porn spammers ignore new rule
by Declan McCullagh. Spammers flooding the Internet with pornographic solicitations apparently are not abiding by a new federal rule that took effect last week. Not only did illegal sexually-explicit spam fail to slow down after the regulations took effect May 19, but pornographic e-mail measured by one antispam company jumped from around 2 million messages in a 40-hour period last week to around 2.5 million during the same period this week. Brightmail, an antispam company in San Francisco, said that it measured 2 billion junk e-mail messages in the 40-hour period last week after the FTC rule took effect. Of the 2 million that were pornographic, 40 percent had some sort of label that resembled what the FTC mandated. see Spam Statistics.
Issue no. 310 - 16 May 2004
- AU - ACA joins forces with Australian High Tech Crime Centre to fight spam
The Australian Communications Authority (ACA) and the Australian High Tech Crime Centre are cooperating in the fight against spam. The ACA has staff stationed inside the Australian High Tech Crime Centre in Canberra, allowing them to efficiently exchange information and expertise about cyber offences with police investigators and to work jointly on cases. The Spam Act 2003 came into force on 10 April 2004 and prohibits the sending of unsolicited commercial electronic messages with an Australian link.
- CA - Canadian government action plan to combat spam
The Canadian government has introduced a new action plan to combat spam. The focal point was the establishment of a new national task force on spam that includes representatives from technology companies, ISPs, marketers, anti-spam activists, as well as ILN editor Michael Geist. The task force will examine current Canadian anti-spam legislation, consider potential statutory amendments, and assess technological and educational initiatives. see also Ottawa panel seeking to can Net spam (CP).
Issue no. 309 - 9 May 2004
- CA - Untouchable?: A Canadian Perspective On The Anti-Spam Battle
The Canadian perspective encompasses an overview of the issues facing all Internet users and of the current US and European approaches. [Ed: Recommended].
- Regulating spam: Directive 2002/58 and beyond
(Amsterdam Institute for Information Law)
Study (commissioned by Sybari software) about the impact of the new anti-spam regulations in the EU. Their conclusion is not encouraging. "An important limitation on the effectiveness of the E-Privacy Directive is the simple fact that most spam originates from outside the EU. (...) Beyond that, the effectiveness of the E-Privacy Directive depends on its implementation in national legislation. So far, implementation has been rather slow in a number of countries." The study warns about large differences in the EU in the legal protection of corporate users and users which are not subscribers. The most important recommendation is for the EU to take additional actions to promote effective enforcement mechanisms. [from EDRi-gram]
- US - CAN-SPAM Library
The CAN-SPAM Library is the most comprehensive collection of legal documents about the CAN-SPAM Act, including copies of and links to legislative history and current lawsuits filed under the act.
Issue no. 308 - 2 May 2004
- EU - European anti-spam laws lack bite
European laws on spam are 'meaningless' finds a study by Dutch academics. Researchers at the University of Amsterdam said the laws will provide no safeguard against spam because most of it originates outside the EU's borders. Only a co-ordinated international effort will make a difference to the amount of spam being sent they warn. The authors of the study say the European laws also lack key clauses that would make them more useful to end users.
Issue no. 307 - 25 April 2004
- US - SEXUALLY-EXPLICIT: spam labelled by FTC
Spam is not illegal in US federal law. But from 19th May, any spam that contains sexually oriented material must include the warning "SEXUALLY-EXPLICIT: " in the subject line or US spammers face fines for violations of federal law. The CAN-SPAM Act, passed in 2003, outlaws fraudulent e-mail and requires marketers to include an unsubscribe option; but it continues to allow legitimate, albeit unsolicited, commercial e-mail. The Act also directed the Federal Trade Commission to adopt a rule requiring a mark or notice to be included in spam that contains sexually oriented material. The purpose of the notice is to inform recipients that a spam message contains sexually oriented material and to make it easier to filter out messages they do not wish to receive.
Issue no. 306 - 3 April 2004
- Spam Monster Eyes Another Target
Spim is to chat clients what spam is to e-mail - unsolicited messages from unknown losers pushing products and services. And it's on the rise: Spim is expected to triple from 400 million messages in 2003 to 1.2 billion messages this year, according to technology market research firm The Radicati Group.
Issue no. 305 - 28 March 2004
- AOL Blocks Spammers' Web Sites
America Online has adopted a new tactic against spam: blocking its members' ability to see Web sites promoted by bulk e-mailers. The policy, which began earlier this year, opens a new front in the war on spam but also makes the company the first of its kind to push past the traditional Internet orthodoxy that service providers should be neutral conduits to anything the World Wide Web has to offer.
- Big players propose competing solutions to spam
by Stefanie Olsen. There are few signs of unity in developing technology standards that could be more effective in slowing the deluge of spam, despite America Online, EarthLink, Microsoft and Yahoo scored a major publicity coup earlier this month, when they launched their first joint legal assault against spammers.
- DE - Anti-Spam-Taskforce diskutiert Maßnahmenkatalog
Beim zweiten Treffen der Anti-Spam-Taskforce (ASTF) des eco, des Verbands der deutschen Internetwirtschaft, wurde der Entwurf eines gemeinsamen Anti-Spam-Maßnahmenkatalogs diskutiert. Dieses 'Whitepaper' enthält unter anderem Vorschläge für ein 'Trusted Network', innerhalb dessen ein ungefilterter Mailverkehr möglich sein soll. Zur gleichen Zeit hat in Berlin die SPD-Arbeitsgruppe Post und Telekommunikation einen bereits bekannt gewordenen Gesetzentwurf beraten, nachdem Spammer in extremen Fällen sogar ins Gefängnis wandern können.
- DE - Germany Prepares Laws to Battle Spam
Germany's Social Democrat (SPD) government plans to introduce an 'Anti Spam' law in an attempt to stem the tide of unsolicited junk e-mails that is costing the country millions of euros. The law will be Germany's first attempt at introducing a successful and effective punishment for those unscrupulous companies who bombard inboxes with undesirable advertising mails. The laws will consist of punishments ranging from fines to imprisonment for the worst offenders. Germany was one of the countries criticized last year by the European Commission for not implementing spam restrictions in accordance with an EU directive. Along with Belgium, Greece, France, Luxembourg, the Netherlands, Portugal, Finland and Sweden, Germany failed to adopt the privacy law which would have helped in the EU's fight against unwanted e-mail. "
MIT recently brought together the nation's top spam fighters at its annual anti-spam conference. Network World caught up with some of the speakers and participants. Here are their stories.
- Stand and Fight: An Arsenal for Spam Victims
(New York Times)
For most users, spam is simply a maddening headache. Fortunately, effective weapons are emerging in the Battle of the In-Box. You can install special software that works alongside your e-mail program to filter incoming messages, or choose a new e-mail program with ingenious spam-blocking features. Or, because spammers frequently use fake return addresses to evade filters as they blast out millions of messages, you may choose to install a companion program that requires the sender to verify his or her identity before the message can be delivered. Such options enable you to stand firm against spam without having to get a new e-mail address.
Issue no. 304 - 21 March 2004
- EU - Position Paper on SPAM
The American Chamber of Commerce to the European Union (AmCham EU) welcomes and supports the increased political attention being given to the issue of spam by the European Commission and EU Member States. This reflects a more global concern that will no doubt be discussed at the forthcoming Organization for Economic Cooperation and development (OECD) conference. AmCham EU would like to provide some recommendations to guide the Commissionís and Member States' future endeavours in this area. We highlight six areas in particular definition, transposition, application, enforcement, remedies and technical measures.
- Anti-Spam Solutions and Security
As a brief review from part one of this article series, current anti-spam solutions fall into four primary categories: filters, reverse lookups, challenges, and cryptography. Each of these solutions offers some relief to the spam problem, but they also have significant limitations. Spam filters do not stop spam. In all cases, the spam is still generated, still traverses the network, and still gets delivered. And unless the user does not mind missing the occasional misclassified desirable email, the spam is still viewed. While filters do help organize and separate email into spam and non-spam groupings, filters do not prevent spam. The first article looked at filters and reverse lookup solutions. This second part now focuses on the various types of challenge-based systems and cryptographic solutions.
Issue no. 303 - 29 February 2004
- US - Spam: A Reality Check
The CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing) act recently became law in the United States, and people are already passing judgment on this broad and, some might say, groundbreaking law. On the surface, the verdict hasn't been positive.
- Make 'em pay - The dismal science takes on spam
The short history of society's fight against spam - usually defined as unwanted commercial e-mail - may be about to pass into a significant third phase. In the first phase, it was geeks who led the resistance, using techie weapons such as e-mail filters with fancy Bayesian mathematics. In the second phase, politicians joined in, eager to get their names on to new legislation - in America, for instance, 36 states and Congress have passed laws of some sort against spam. Now, in the third phase, the economists are taking over.
- Row over how to junk spam
Microsoft is proposing to stop spam by checking that messages are being sent by the person they claim to come from. The Caller-ID for e-mail idea is one of several proposals floated as a way to stem the rising tide of junk mail. The Internet's engineering body has set up an emergency meeting to sift through the different proposals and draw up a network-wide solution. But some fear the competing proposals could cause confusion and spell the end of some widely-used net features. see also US - Microsoft Announces Anti-Spam Initiative (Washington Post) Microsoft is launching a system to make it harder for spammers to disguise their locations. Dubbed "Caller ID for E-mail," the system would allow computers to recognize whether incoming e-mail is from a legitimate Internet address. The project is intended to foil spammers who routinely falsify their sending location in order to fool recipients and hide their identities, a trick known as spoofing.
- US - Yahoo, Sendmail to test antispam system
by Stefanie Olsen. Yahoo and software provider Sendmail will jointly develop a system for authenticating e-mail, with the goal of mitigating spam. The two companies announced support of DomainKeys, a proposed system for verifying the identity of an e-mail sender and reducing e-mail forgeries. Yahoo - which runs a Web-based e-mail service used by more than 39 million people in the United States, according to Nielsen/NetRatings - plans to develop and test the system by March. Sendmail's open-source technology, which routes the bulk of corporate e-mail to and from the Internet, will be integral to the experiment. see also New Spam Filters Cut the Noise (Wired) Open-source spam filter developers are claiming that their software can now block 99.97 percent or more of incoming spam on a network, thanks to new techniques.
Issue no. 301 - 8 February 2004
- EU - Commissioner Liikanen calls for more international cooperation to combat 'spam'
Enterprise and Information Society Commissioner Erkki Liikanen called for global cooperation against 'spam' at a two-day OECD workshop in Brussels. Building on efforts by many countries to combat 'spam', the OECD should rapidly agree a five-point framework to promote effective legislation against spam, cooperation between enforcement agencies, self-regulation by industry, technical solutions, and greater consumer awareness. Opening remarks at the OECD workshop on spam (RAPID). See Background paper for the OECD workshop on spam. see also OECD calls for cooperation on spam (IDG), There's No Spam Like American Spam (Washington Post) and The idea of e-mail postage gains currency (New York Times).
- How Spammers Are Targeting Mobile Phones in Asia
Cellphones are becoming the latest target of electronic junk mail, with a growing number of marketers using text messages to target subscribers in Asia. Mobile phone spam has yet to approach anything like the volume of the e-mail variety, but the problem is growing in a region where the average user sends as many as 10 SMS (short message service) messages a day.
- OECD - Netzwerke für Spamjäger
Am Ende der OECD-Konferenz in Brüssel waren sich alle in einem einig: Die internationale Zusammenarbeit beim Thema Spam muss verbessert werden. Die Europäische Kommission will laut Bernd Langeheine, Direktor Communication Services, ein Kontaktnetzwerk aus Ansprechpartnern in den Mitgliedsländern aufbauen. siehe auch Spam-Krieger suchen noch nach guten Strategien.
- How to make spam unstoppable
Good news for spammers, the smart filtering software used to catch spam can be beaten. The bad news for spammers is that this flaw in filtering systems is not easy to exploit and can be combated by turning off the preview pane in e-mail.
Issue no. 300 - 1 February 2004
- DK - Spammer receives record fine
A Danish telecoms equipment firm has been fined a record £37,000 for sending unsolicited commercial e-mails - otherwise known as spam. The conviction is one of the first in Europe to use the anti-spam provisions of a recent Directive. The 2002 Directive set out new rules to deal with unsolicited commercial e-mail, cookies and other privacy issues in electronic communications and was due to be implemented throughout the EU by 31st October 2003. Denmark and the UK are two of only six member states to have put appropriate measures into place to implement the EU law.
- EU - Commission calls for further action to combat spam
A series of actions to help enforce the EU 'ban on spam' were presented by Enterprise and Information Society Commissioner Erkki Liikanen. While the Commission will support these efforts as much as possible, it will primarily be for EU Member States and competent authorities, industry, and consumers and users of the Internet and electronic communications services to play their role, both at the national and international level. These actions focus on effective enforcement by Member States and public authorities, technical and self-regulatory solutions by industry, consumer awareness, and international cooperation. Examples include providing competent authorities with the required investigation and enforcement powers to trace and prosecute 'spammers', adapting marketing practices to the opt-in regime, and explaining to users how to avoid spam and what filtering and security can do for them. Communication on unsolicited commercial communications or 'spam' COM(2004) 28.
Links to news items about legal and regulatory aspects of Internet and the information society, particularly those relating to information content, and market and technology.
QuickLinks consists of
QuickLinks is edited by Richard Swetenham firstname.lastname@example.org
- a free newsletter appearing approximately once a week. The newsletter is distributed by electronic mail through an "announcement only" mailing list. To be included on the mailing list, send a blank email to email@example.com (HTML) or firstname.lastname@example.org (Text)
- a Web site with frequent updates, an events page, news items organised by category as well as chronologically by issue and full text search.