Insecure on Security: The Questions Surrounding Spam

Solutions for customers' e-mail woes around spam remain elusive.

More than a year ago, on June 24, 2003, Microsoft Chairman and Chief Software Architect Bill Gates sent to subscribers an e-mail technology update titled "Toward a Spam-Free Future." Just a few weeks ago, on June 28, another e-mail update was distributed, titled "Preserving and Enhancing the Benefits of E-mail—A Progress Report." The messages I received werent spam, since I subscribe to the updates and could easily unsubscribe. But the title of the 2003 e-mail continues to be a promise of the future. I expect the same will be said a year from now about last months technology update.

/zimages/5/28571.gifRead more here about Gates antispam thoughts.

The solutions to spam and e-mail abuse will come from customers selecting products that address their filtering needs and abandoning vendors that dont meet those needs. The words of the vendors and the needs of the customers too often sound like distinct and nontranslatable languages.

Gates said a year ago that Microsofts MSN and Hotmail servers block more than 2.4 billion messages a day. In his June 28 memo, he said Hotmail blocks 3 billion messages a day. Thats a lot of blocked messages. But ask a user if the fact that billions of messages are blocked every day makes the user feel more secure about clicking on an allegedly urgent e-mail from his or her bank or about e-mail messages with headers full of question marks or random letters, and I think youll get an answer indicating a state of insecurity.

The reason for the insecurity lies in greed and design. The design of SMTP was never meant to accommodate e-mail on the scale of its current use. The inherent openness of the protocol encouraged greed, giving spammers, hackers and their assorted brethren a massive platform upon which they can launch their dirty deeds. Fixes to the platform could come from three avenues: blocking at the edge of the corporate network, aggressive e-mail blocking based on content scanning, and enterprise customers rethinking and rebuilding their e-mail platforms from the ground up.

As Labs Senior Analyst Cameron Sturdevant says this week, attendees at a recent e-mail conference had a hard time getting beyond the issue of spam—"which is understandable because the unresolved problem of spam is a threat to the overall stability of e-mail as a communication channel."

E-mail appliances are getting a lot of attention from companies such as Brightmail, Good Technology and IronPort Systems. The appliances reside at the edge of the corporate network and eradicate unwanted e-mail before it enters the mail system.

In a sense, those products allow users to build e-mail networks that are great at internal communications with partners and customers but keep the bad guys at bay.

In addition to e-mail blocking at the enterprise edge and users rethinking systems, the controversial area of e-mail content examination and filtering is going to get a big profile boost as Google rolls out its consumer e-mail programs from beta to public use.

Filtering e-mail based on content is very effective if you can continue to increase computing horsepower as e-mail volume increases, but its controversial because it evokes an image of the mail carrier reading your mail before he or she drops it into your mailbox.

Google hasnt been talking much about this subject—or anything else, for that matter—due to its upcoming public offering. However, powerful filters for spam screening rather than filters that automatically put advertising content next to e-mail messages should be the contribution to e-mail technology for which Google is striving; that will set it apart from Microsoft or AOL offerings.

In Sturdevants report on the e-mail conference, he quotes Internet pioneer and MCI Senior Vice President of Technology Strategy Vint Cerf, who suggested that e-mail should evolve into a users general file system. Using e-mail as the central file system wont take place until users believe the e-mail network to which the system is connected is secure, robust and protected from unwanted intrusion.

Editor in Chief Eric Lundquist can be reached at

To read more Eric Lundquist, subscribe to eWEEK magazine.

/zimages/5/28571.gifCheck out eWEEK.coms Enterprise Applications Center at for the latest news, reviews and analysis about productivity and business solutions.


Be sure to add our enterprise applications news feed to your RSS newsreader or My Yahoo page