Don't Give up on E-Mail

Beyond Filters

But will filters solve the spam problem? As with virus writers and antivirus solutions, it's a continuous game of leapfrog. The latest Bayesian filters work great, but spammers will come up with new tricks to outwit them. Meantime, spamming continues to be a profitable enterprise--some e-mail users are naíve enough to act on the spam offers that manage to get through.

Beyond filters, e-mail providers are fighting back on multiple fronts. Under development are protocol extensions based on transferring and verifying credentials between e-mail senders and receivers. DomainKeys (from Yahoo), Caller ID for E-Mail (from Microsoft) and SPF (Sender Policy Framework, from Me Wong Meng) all use DNS TXT records to store verification information for e-mail senders (see BuzzCut for more on the last two). Their techniques will help limit forged return addresses.

Another front is the courts. In March, Microsoft, AOL and Earthlink collectively filed six lawsuits under the CAN-SPAM Act. Recently, Microsoft filed eight more lawsuits. The CAN-SPAM act pushed aside some stronger laws on state books, so this recent flurry of suits will determine whether the federal law has any teeth. Additionally, several states, including California, Florida and Virginia, are producing statutes that will let individuals sue deceptive e-mailers.

Many hurdles remain. The millions of mail servers now in production must be updated to support SPF or Caller ID. Which one of these techniques will win out? Which one should you implement if you don't want to wait? Will these techniques require an overhaul of the DNS infrastructure?Miles To Go ...

Meantime, as new mechanisms are implemented, we still must accept e-mail sent by servers that haven't been updated. This transition could last years, so when will mail administrators feel confident enough in widespread adoption to start blocking mail that fails the additional protocol checks?

Spam is a business. In the end, if it's not profitable, spammers will have to find alternative methods to advertise their wares. We're getting there. Early on, many communications protocols were built without regard to security. Now, it's essential to retrofit our mail systems to protect ourselves. Comprehensive antispam efforts that include improvements to mail protocols, filtering and common sense laws eventually will make it cost-prohibitive for most spammers to continue.

To those who insist that e-mail will go away, replaced by instant messaging, blogging or some other yet-to-be-invented electronic medium: You're wrong. Tomlinson's invention will outlive you and me.

Mike Lee is Network Computing's editor. Write to him at [email protected].0