Sections:
Home |
Featured Blogs |
News Briefs |
Industry Updates |
Topics |
Community
RSS Feeds, Email Updates, Mobile Edition and More: CircleID Extras
About: About CircleID | Media Coverage | CircleID Blog | Contact | Advertising Programs
Terms & Policies: Codes of Conduct | Privacy Policy | Terms of Use
RSS Feeds, Email Updates, Mobile Edition and More: CircleID Extras
About: About CircleID | Media Coverage | CircleID Blog | Contact | Advertising Programs
Terms & Policies: Codes of Conduct | Privacy Policy | Terms of Use
Copyright © 2002-2008 CircleID.
Iomemo Inc.
All rights reserved unless where otherwise noted.
Local Time: Wednesday, October 15, 2008 12:07 PM PDT – Page Load: 0.2602 Sec.
Local Time: Wednesday, October 15, 2008 12:07 PM PDT – Page Load: 0.2602 Sec.
Nice one, Neil! I appreciate your inspired ability in reporting the evolution of spam, malware, et cetera. You omitted to mention spamtraps, the "Delivered-To" attacks, and some other minor moves along the trench, but the first part of your article depicts the situation very faithfully.
However, the second part of the article is somewhat ingenuous. I don't dare hypothesizing what might be the equivalent of the Titanic disaster for the Internet. Anyway, since history repeats itself, no serious anti-spam effort will be taken before that happens: Perhaps a handful of ISPs vote according to the anti-spam policy that a candidate proposes. Otherwise, no serious politician would ever issue an act whose title contains the words "CAN-SPAM". Similar considerations hold for opium derivatives and firearms smuggling. No one will get sheer revenues for getting rid of them, thus we keep 'em. Even in the face of serious damages.
In particular, as you mention the IETF along with anti-phishing organizations, I'd recall the MARID case. We all know SPF is a neat protocol that would allow the internet community to implement an effective distributed white list, if universally adopted. Rather than giving it the status of an official internet protocol, which would boost adoption, the IETF allowed the industry to make a mess of SPF and eventually issued conflicting experimental RFCs. DomainKeys and its many patents, the fatter body counterpart of SPF, apparently faces a better karma. That's an example of the IETF commitment in fighting computer-aware criminals…
I'm more skeptical than you about the effectiveness of current anti-spam technologies. You mention content filtering as a late '90s technique. However, only recently it hit the masses. Spam messages started exhibiting elaborated content variations only in the last years. In plain English, content filtering does not work: if 'puters can't understand human messages, they cannot distinguish spam and ham either. On the other hand, blacklists suffer their own arbitrariness, and leave the question open about who's fault it is if legitimate messages don't get delivered, every time they hit a major ISP. Hence, protocol filtering has its weaknesses.
Organizing conferences won't give us back the net, unless they are non-technical meetings aimed at prompting voting people to make up their minds. Would you fight for the Internet?