E-mail? Spam? The dividing line is disappearing

. . . continued from Hot News

Many of the spam e-mails are malicious. They contain file attachments (none of which I'm expecting) touted as safe, but which actually contain the most virulent viruses and Trojans. Others contain HTML code and scripts which can install backdoor programs on my computer which remote hackers can then use to take over my machine. So I use MailWasher Pro to screen everything before it hits my computer. I have up-to-date antivirus software running 24/7, I scan my system weekly using AdAware and SpyBot Search & Destroy. My computer connects to the 'net through a router with a built-in firewall. A few bad e-mails still get through. It's a never ending duty to stand vigilant before the digital gates, software weapons in-hand, ready to fire at the first sign of attack. This is no way to live.

My friend and business associate Julius Oklamcak is a brilliant IS/IT manager who has worked his magic at several prominent software companies including MGI Software, Roxio and lately, iSee Media. Over dinner recently, I quizzed the guru about his opinions on the scourge of e-mail. The initial response he provided is largely unprintable. When he settled down, his more considered and lucid answers were both enlightening, eminently rational and a scathing indictment of most of the large Internet Service Providers doing business in North America, Europe and Asia.

Essentially, the idea is that for every e-mail which knocks on the server's 'door', the server must send a confirmation request message to the originating ISP listed in the normally hidden e-mail header which then has to be answered.

From Julius' point of view (and it's a view shared by most of the smart IS/IT specialists today), e-mail is simply an open door. The whole e-mail infrastructure, worldwide, is designed so that any e-mail server naturally accepts an e-mail from any source. So the guru asks now, why aren't all e-mail servers being reworked so that they can check to see where every message is coming from?

A better question is why is this fundamental sort of verification screening not being implemented at the server level? Essentially, the idea is that for every e-mail which knocks on the server's 'door', the server must send a confirmation request message to the originating ISP listed in the normally hidden e-mail header which then has to be answered. If there's nobody home at the other end (because the e-mail is a spam originating from a send-only source), the server can reject the e-mail out of hand. Bye-bye. Delete. To find out if the e-mail header is spoofed (meaning it's an legitimate address which doesn't belong to the sender), the e-mail server can ask the originating server if there's lots of sequential traffic from the originating address. Either way, spam can be rooted out automatically at the source. If something can't be verified at the server level as legitimate, you'll never see the e-mail. QED.

The obvious question to ask is why isn't this being implemented by every ISP on the planet right now? The answer is . . . money, or at least the lack thereof. Transitioning to a rational, self-correcting system is time consuming, software intensive and hardware intensive. Several times as much cache space, twice as much processing power, and at least 50% more storage space is needed to handle current e-mail volumes in order to emplace the system Julius described. He's the first one to admit the costs. He's also the first one to look naysayers in the eye and demand an alternative.

Of course there are few effective alternatives (if you don't count fragging all the spammers that is). If you detect frustration, anger and brutally harsh attitudes when discussing e-mail spam, know that it's the most natural sort of reaction to this invasion. But until ISPs and software makers unite to form a genuine digital curtain against spam, we are going to have to live with the current mess. It's unpleasant and it's our reality.

Talk to your ISP. Demand protection. Ignore their deprecatory answers about wanting to avoid accidentally deleting good e-mail. Demand that they screen out the obvious crap. Ignore their quasi effective advice about trying to protect your e-mail address through the use of cunning text and graphical tricks (requiring yet more of your time). Demand that your ISP threaten and if necessary prosecute the worst offenders. Demand more for your monthly account fee than a mere connection to the Internet.

Without your voice demanding improvements, things will only get worse.

Back to Hot News!