Alliance plans to stem tide of spam

A coalition of top internet service providers has put forward a set of technical guidelines designed to stem the tide of spam.

AOL, BT, Comcast, EarthLink, Microsoft and Yahoo! announced a proposal of best practices for filtering and sending email. Among the recommendations are technical methods for authenticating email senders by IP address or with digital content signatures. That way, ISPs and email providers could help prevent email fraud, one of the chief frustrations for anti-spam fighters.

The group also advocated that ISPs detect and shut off internet traffic from "zombie" machines - hijacked consumer PCs used to send millions of unwanted email messages every day.

Ryan Hamlin, general manager of Microsoft's anti-spam technology and strategy Group, said in a statement: "Our aim with this proposal is to help lay out a clear framework for the industry as we continue to work together to end the spam business and put our customers back in control of their inboxes once again."

The effort is the latest from the Anti-Spam Technical Alliance (ATSA), a group formed in April 2003 by the four major ISPs – AOL, EarthLink, Microsoft and Yahoo!. Since its founding, the coalition has not publicly announced many joint projects, but individually, the parties have laboured over technical and legal efforts to thwart spammers.

On the technical front, each company in the last year has publicly backed a different system for authenticating email and quashing mail forgeries, or domain spoofing. Yahoo has backed a system known as DomainKeys for verifying the identity of an email sender with digital signatures, or two-key encryption.

AOL has been testing a DNS-based system, formerly known as Sender Permitted From and recently renamed Sender Policy Framework (SPF). Microsoft, too, has developed its own system for identifying the origin of email, called Caller ID for email. It recently proposed a merger of Caller ID with SPF.

Last week the coalition endorsed the underlying technical methods of each system, without specifying a standard. The group is examining both DNS-based and encryption-based systems and believes that the two standards are complementary.

ASTA's proposal also said that ISPs should implement rate limits on outbound email traffic, control automated registration of accounts and close all open relays, which are a big source for email. They also urged ISPs to block or limit email on Port 25, the main thoroughfare for email communications. For consumers, they recommended that all PC users install virus protection and security systems.

Earlier this year, ASTA launched its first joint legal assault against spammers. The suits claim that hundreds of unnamed defendants sent messages using false email addresses - a violation of the newly enacted US federal Can-Spam Act.

Stefanie Olsen writes for CNET News.com