On Thursday, a task force of engineers began meeting in San Francisco to discuss the best methods of fighting spam.
Engineers attending the meetings indicated that they prefer a comprehensive reworking of Internet systems designed to fight spam. How this will play out in the business world, however, is anybodys guess.
Spam, the popular name for junk email, represents about 40 percent of all email traffic, according to Brightmail, a company set up to fight spam. Researchers at the U.K.s Star Technology Group estimate that spam represents 0.05 percent of total Internet bandwidth, or 5 percent of all email traffic in terms of size, though 50 percent in terms of quantity.
“Spam is 50 percent of all email,” wrote Matt Sergeant, a researcher for Star Technology, which applies virus filtering to email documents through dedicated servers. “But the average email size is 60 Kbytes (this gets bloated to the high end by Word documents and other large things that get emailed around, but its still an accurate average). The average spam size is 6k at the moment. So at 1/10th of the size of regular email, spam accounts for 5 percent, bandwidth-wise.
“However, on the flip side, we still have to apply aggressive filters to every email we see,” Sergeant added. “Our virus filters are extremely aggressive (but we dont have any false positive problems there – about 2 [false positives] every 10 million mails), and so it takes us about 1 second to process a mail, regardless of the size. So while spam is only 5 percent of the bandwidth, its 50 percent of the processor time. Thats 100 percent more servers we have to buy just because of spam.”
The members of the International Engineering Task Force (IETF) are expected to publicly debate solutions that have been privately bandied about in mailing lists and other fora for the past months.
The AntiSpam Research Group of the Internet Research Task Force, funded by the IETF, focuses its efforts on three efforts for fighting spam: consent expression, or expressing a policy that gives consent for spam; policy enforcement, which applies rules set up for denying or accepting spam to individual emails; and source tracking, or trying to track down the sources of email which try to break or otherwise bypass the filtering rules.
Paul Judge, the chairman of the AntiSpam Research Group and director of R&D at CipherTrust, a trusted email device provider, has created a semi-graphical taxonomy of a secure anti-spam system.
“I went back and looked at some of my older work in creating taxonomies,” Judge wrote to an anti-spam mailing list. “The top level classification was incorrect. Instead of prevention, deterrence, and response, I believe that it should be prevention, detection, and response.”
One method of fighting spam involves verifying the domain name of the sender before a message is accepted The use of forward DNS, which asks for a receipt verifying the existence of the sender, is a policy supported by Phillip Hallam-Baker, chief scientist at VeriSign. While “vanilla” DNS checking is sometimes today to simply check whether the domain of the sender exists, that technique cant actually verify that the message actually originated from that domain.
The problem, as Sergeant pointed out, is that many spam emails are sent from lists of millions of email addresses “harvested” from Web pages, email lists, and other sources. However, the bulk emailer or “list kiddie” typically falsifies his own email address.
“Someone (most likely your ISP or email provider) has to deal with the resulting bounce from the receiving domain,” Sergeant wrote.
But blocking unverifiable emails also eliminates anonymous emails from being sent, others pointed out. Sergeant responded by noting that bounced emails can be filtered, and observers noted that bounced emails can be easily trashed if they lack an “@” symbol.