By Will Sturgeon, 15 November 2004 13:50
NEWS The global war on junk email has signed up a new alliance of major backers - with 35 major companies uniting to make their concerns known to the US Federal Trade Commission.
In an open letter to Deborah Majoras, chair of the FTC, the businesses, including Amazon.com, Cisco, CipherTrust, Earthlink, eBay, Symantec and VeriSign, all call for a more rapid roll-out of email authentication technologies.
The letter says spammers are "undermining users' trust and confidence" in email and the internet and calls upon the FTC to take action in order to protect legitimate businesses and end users.
"Despite our progress, spammers have become more creative and deceptive," the letter says. "Fraudulent practices such as phishing are increasingly robbing individuals of their security, privacy and financial assets. No one company can solve this problem alone. This is why we are working together to lead the adoption of email authentication technologies."
"As industry leaders, we share a responsibility for protecting users from the blight of online threats. While many of us compete in the marketplace, we stand united in our fight against spam and phishing."
The letter, also endorsed by the Anti-Phishing Working Group, expresses support for Sender ID Framework and signature-based authentication and calls for greater involvement from ISPs.
"By deploying both IP and signature-based solutions, we will ultimately have a more robust solution," it says.
"As we speak, this technology is in early deployment and shows significant promise, and therefore, businesses and ISPs should initiate the implementation of SIDF and publish their records today."
While accepting such technologies won't prove a silver bullet to eliminate spam altogether, Paul Judge, CTO at CipherTrust, said: "It is encouraging to see many organisations rally around the importance of email authentication protocols such as Sender ID Framework in order to eliminate spoofing and greatly affect the problems of phishing and spamming."
"The industry's continued support throughout the adoption process is a critical step in eliminating the threat of spoofing and phishing and this most recent collaboration is a means to that end," added Judge.
Majoras last month earned criticism on these pages for failing to acknowledge the full extent of US contribution to the spam problem and as such is felt by some to have displayed an apparent lack of understanding of the challenges. The need now for such a letter may add fuel to the suggestion that too little has been done to crack down on the problem of spam email on the part of the US during Majoras' time in the top job at the FTC.
Comments
There are 3 comments. Join the discussion
1. Douglas Otis
What is not mentioned is a conclusion that SPF and Sender-ID (SIDF) are not safe and do not improve security. SPF and SIDF do not authenticate the mailbox-domain of the message where the intent of the sender and the checks leading to the last hop remain unknown.
CSV is a safe alternative and compatible with electronic signatures. See http://www.csvmail.org/
2. Nick
All talk and no action!
How many times do we need to agree to do something about this problem before something is actually done? While experts discuss and governments ponder, SPAM in all its horrible, deceptive forms flourishes.
3. Nigel Perry
Spam continues because the spammers have no expectation that anything bad will happen to themselves. Fear is the key. Don't let the spammers opposite numbers sell you expensive security measures: just make a small legislative change. No-one should be prosecuted for harming a spammer! It's all so easy when you work it out logically....