Spam
Is spam a problem? Bandwidth hogging -> slower, costlier Discourages use of net ( , e-commerce) Productivity -> loss of time and money Receiver pays (but not fre , just in inconvenience), esp. in mobile wireless (Japan e.g.) Potential for fraud, esp. phishing/spoofing Missing legitimate messages (false positives) harvesting -> privacy Viruses: propagation of open relays, etc. (80% of spam through relays) Offensive content
Current Approaches Technical solutions: –Filtering at the client-side –Filtering of mail server-side IETF’s MARID: Authentication (started with SPF, which AOL championed; then MSFT introduced Caller ID for , for which it is holding patents) (but MARID shuttered on 9/22/04) Domain Keys: Authentication using keys (encryption) based upon domain names: Yahoo! (could add another level of security by using a certificate authority) Technically complementary. Think of it as two conversations: one at SMTP conversation level; one at the header level –Blacklisting (ISPs subscribe to a blacklist from a private organization) –ISPs slowing down passage of high-volume messages. –China:
Current Approaches Contract (ISP – User): –e.g., complete header information required –(bad for reputation, could get blacklisted, ISPs) Legislation –CAN-SPAM Act of 2003 –EU Directive International cooperation for enforcement –MoU between three countries to improve enforcement –Bilateral MoU approach (Australia-Korea) Norms –Failed almost completely: shame –User education Market-based solutions –Spam has an economic cost. “E-postage idea”: added transaction costs. (Computational speed costs approach.) –Bonded Sender
Future Approaches Standardized addresses
What are the priorities? Government enforcement –Criminal enforcement by FBI, US DOJ –Consumer protection US FTC, US DOJ (but see prestige in the anti-trust group) –But you have the int’l problem (do you need a TRIPS agreement analog?) Internally focused remedies –Invest in private security systems & shore up your own systems –Work with other companies to improve security, customer awareness Self-help remedies in the law –Trying the find the perpetrators & suing them Pressure ISPs to fix the problem Customer education (the only final answer?)