MIT hosts spam pow-wow

The fight against spam, phishing and email fraud should focus on economic incentives and aiding law enforcement, according attendees at a conference examining the problem this week.

Speakers at MIT's 2006 Spam Conference were notably cognizant of the recent proposals of white lists and AOL's Goodmail, a pay per email service offering preferential treatment in email delivery for marketers. It is also one year since the implementation of Can-Spam, the federal law that sets email marketing standards and makes it less complicated for law enforcement to go after John Doe spammers.

Many addressed these issues head on. Others proposed solutions that would clearly bypass the issue of email postage, or creating a hierarchy of email senders, an idea that goes against the internet's equalising spirit.

Phil Raymond of Vanquish Labs, who presented on behalf of the Email Accountability Initiative, put it bluntly, "If you have a first class [car] on the train, there will be a lot of people in the cattle car and some of those cars will be left behind completely."

Rather than an email postage system, Raymond proposed another type of economic incentive. In lieu of paying postage to send email, bulk emailers could be required to put up a bond. And rather than worrying about how to legally classify spam, leave it up to the recipients. Under this system, email recipients would have the ability to penalise those senders they don't want mail from. A price would be attached to the penalty, and the marketers' bonds would cover the cost of those emails rejected as spam.

The idea is that spammers and legitimate marketers alike would be less likely to send mass emails if rejection is going to cost them actual dollars. A study showed that under such a system, spammers give up, and legitimate marketers, according to Raymond, aim their email campaigns more specifically at parties likely to be interested.

The consensus seemed to continue to be that though filters are good, they don't cut to the heart of the matter. Presenters urged greater concentration on preventing and going after generators of spam content, rather than just keeping spam email from entering users' in-boxes.

Tobias Eggendorfer of the University of Bendeswehr Munchen, who proposed the use of SMTP and HTTP "tar pits" to slow delivery of bulk email, said: "Filtering email is like easing the symptoms of a disease without curing the disease itself. The only thing it's doing is easing the pain."

Eggendorfer's sentiment about filters was echoed throughout the conference.

CipherTrust, a network security company, emphasised going after emails with phoney domain names and the spoof websites they link to. It announced the release of PhishRegistry.org, a free service that alerts registered legitimate websites when they are being spoofed.

Two attorneys also weighed in on Can-Spam. Jon Praed of the Internet Law Group, a boutique high-technology law firm representing such clients as AOL, suggested going after email harvesters, the entities that gather email addresses from the internet for the purpose of spamming or selling the addresses to spammers.

In Praed's opinion, Can-Spam has led legitimate marketers to spend large sums of money to comply and change their tactics, while failing to rein in dangerous spammers.

Aaron Kornblum, an attorney from Microsoft's 65+ anti-spam litigation team, saw Can-Spam as a useful tool that has aided law enforcement in states with weak or nonexistent internet fraud laws. Since 2003, Microsoft has filed 109 civil lawsuits. Seventy of those were filed since 1 January, 2004, utilising Can-Spam provisions. Seventeen of those defendants were from the Registry of Known Spam Operations (Rokso), the FBI Most Wanted List equivalent for spammers.

Though researchers are just scratching the surface of spam prevention, progress has been made, many presenters said. Vocabulary is being developed so that law enforcement and experts are communicating with each other and the public.

Candace Lombardi writes for CNET News.com