Mobile Version
Subscribe
Contact Us
About Us
Advertising
Editorial
SC UK
SC Aus/NZ
Home
News
Features
Opinions
Newsletters
Products
Sectors
News Bytes
Canada News
Products
Group Tests
First Looks
Products
About Reviews
Blogs
The News Team Blog
The Data Breach Blog
The SC Magazine Awards Blog
Buyers Guide
Whitepapers
Jobs
Events
SC World Congress NYC
SC Congress Canada 2010
SCWC 24/7
Editorial Webcasts
Vendor Webcasts
Podcasts
SC Awards U.S.
SC Awards Canada
Subscribe
Newsletters
Subscribe to SC
Archive
SC World Congress
Archive
Topic Center:
Financial Services
Health Care
Retail
Government
SC Awards
SC Canada
SC Scholars
Cybercrime Corner
RSS
|
Login
|
Register
Home
>
News
>
Opinions
> Six years later, CAN-SPAM Act leaves spam problem unresolved
Six years later, CAN-SPAM Act leaves spam problem unresolved
Martin Lee, senior software engineer, Symantec Hosted Services
February 16, 2010
Print
Email
Reprint
Permissions
Font Size:
A
|
A
|
A
Martin Lee, senior software engineer, Symantec Hosted Services
Related Articles
Two porn spammers convicted on CAN-SPAM, conspiracy, fraud and money laundering charges
Guilty CAN-SPAMMER faces nearly six years in prison, $1 million fine
FTC charges internet marketers over CAN-SPAM violations
FTC polls public on CAN-SPAM changes
New spam spin: Can-spam can can spim too
FTC lays charges under provisions of CAN-SPAM Act
Spam proliferates despite year-old CAN-SPAM Act
Can-Spam can't can AOL spammer
More In Opinions
Is there a silver bullet to the payment industry's data decurity woes?
Control corporate financial risk
Google data collection scandal reveals careless security at Wi-Fi access points
Part two: Blacklists, clustering and The Matrix
Part one: Blacklists, clustering and The Matrix
Related Reviews
Symantec Managed IDS/IPS with Sourcefire
Symantec Network Access Control 11
Symantec Mail Security 8300 Series
Symantec Mail Security
Symantec IM Manager
RELATED TOPICS
Email Security
Spam
Compliance
Company
Symantec
Jan. 23 is an auspicious date in the cybersecurity industry. On this day in 2004 at the World Economic Forum, Bill Gates proclaimed that, “Two years from now, spam will be solved." Six years later, approximately nine out of every 10 emails are spam and there is no indication that the spam problem will ever be solved. So what went wrong?
The techniques that Gates referred to in 2004 seemed promising at the time. Technical advances would mean that the identity of the email's sender could not be forged. Puzzles, today known as CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart), would be introduced requiring humans to solve a string of letters before an email could be sent. The intent was to frustrate software that would not be able to solve the challenge. Additionally, payments would be introduced so that the recipient of an email could charge the sender for reading their marketing emails.
Unfortunately the payment idea never took off. Spam became increasingly associated with criminal activity rather than legitimate marketing, and the criminals didn't see the point of paying for something that they could do for free. The introduction of privacy and anti-spam laws forced legitimate marketing companies to move toward an opt-in system where the recipient consented to receive emails.
The concept of CAPTCHA has become widely accepted. Almost all webmail or social networking systems require new users to enter into a box a series of characters or words contained in a distorted image before they're allowed access to the system. These puzzles are designed to prevent the automated systems used by spammers to gain access to the system to abuse it by providing a challenge that is supposedly easy for a human, but impossible for a computer.
Unfortunately the ingenuity of spammers and the lure of making money through spamming by solving these puzzles with a machine have presented a new challenge. The concept itself has fallen prey to advances in computer pattern recognition and ultimately proved no barrier to spammers. Currently almost all CAPTCHAs can be solved by spammers' software, often much quicker and with greater ease than humans can.
Authentication schemes would allow the sender of a message to be identified beyond all doubt using mathematically proven cryptographic techniques. While this possibility generated much excitement, spammers continue to exploit its weaknesses rendering the technique less useful than it might have been expected to be in 2004.
Spammers have created their own domains, including email authentication, so that they can bypass identity checks. The result is that victims received mathematically proven cryptographically signed spam. Essentially, the spammers could create new domains from which to send emails faster than people could keep track of the domains – making it almost impossible to block the spammers' domains.
When spammers could break the puzzles that previously kept the webmail services free of spam, spammers could send millions of spam messages from the services that included email authentication. The result being, we still get spam pushing weight loss medication from a legitimate webmail account that can be verified and the battle against spam continues no matter what we may have hoped for in 2004.
|
Share
Most Popular
Most Emailed
Most Recent
Spam volume plunges in wake of Pushdo takedown
Microsoft releases new tool to defend against DLL attack
CA continues cloud buying spree with $200 mil Arcot buy
Spammers inundate Apple's new social media service Ping
Security defenses limited at SMBs, survey finds
Fake TweetDeck update on Twitter leads to trojan
Certain HP scanners can permit snooping and spying
IBM admits erring in statistics on vendor patching
FTC closes probe into LimeWire inadvertent file sharing
Is there a silver bullet to the payment industry's data decurity woes?
PCI Council unveils expected changes for DSS guidelines
Microsoft releases new tool to defend against DLL attack
Critical flaws discovered in widely used embedded OS
Calif. breach notification bill going back to the governor
SIEM: Love it or leave it
Rampant hotel data theft
Adobe ships Flash Player update, ColdFusion hotfix
Rockefeller, Pryor introduce federal data security law
CA continues cloud buying spree with $200 mil Arcot buy
Spam volume plunges in wake of Pushdo takedown
Nigerian man imprisoned on false promise of fortune
Spammers inundate Apple's new social media service Ping
Is there a silver bullet to the payment industry's data decurity woes?
Certain HP scanners can permit snooping and spying
Microsoft releases new tool to defend against DLL attack
IBM admits erring in statistics on vendor patching
Fake TweetDeck update on Twitter leads to trojan
How does the SC Magazine Awards process work?
CA continues cloud buying spree with $200 mil Arcot buy
FTC closes probe into LimeWire inadvertent file sharing
Popular Topics
Access Control
Analyst Reports & Industry Surveys
Apple Threats
Application Security
Botnets
Breaches & Exposures
Browser Flaws
Browsers And Security
Compliance
Email Security
Finance
Government
Insider Threats
Malware
Mergers & Acquisitions
Mobile Endpoint Security
Non-Microsoft Patches
Patch Management
Retail
Social Networks
Spam
Trojans
Vulnerabilities & Flaws
Vulnerability Disclosure
Web Security
Sponsored Links