Anti-Spam Technical Alliance Publishes Industry Recommendations To Help Stop Spam.SUNNYVALE, Calif., REDMOND, Wash., ATLANTA, & DULLES, Va. -- Yahoo!, Microsoft, EarthLink and AOL (A division of Time Warner, Inc., New York, NY, www.aol.com) The world's largest online information service with access to the Internet, e-mail, chat rooms and a variety of databases and services. Propose Key Best Practices and Technologies to Tackle The Problem of Unsolicited Commercial E-Mail The Anti-Spam Technical Alliance (ASTA), whose participants include Yahoo! Inc. (Nasdaq "YHOO YHOO Yahoo! Inc. (NASDAQ symbol) "), Microsoft Corp. (Nasdaq "MSFT MSFT Microsoft (stock symbol) MSFT Movimento Sociale Fiamma Tricolore (Italy) MSFT Multi-Stage Fitness Test MSFT Master of Science in Family Therapy MSFT Macalester Students for Fair Trade "), EarthLink (Nasdaq "ELNK ELNK EarthLink, Inc. (stock symbol) ELNK Ethernet Link ") and America Online See AOL. Inc. (NYSE NYSE See: New York Stock Exchange "TWX (TeletypeWriter eXchange Service) A U.S. and Canadian dial-up communications service that became part of Telex. In 1971, the Bell System sold TWX to Western Union. TWX transmitted 5-bit Murray code or 7-bit ASCII code at up to 150 bps. See Telex. "), today unveiled the result of more than a year of close collaboration by presenting a host of detailed best practices and technical recommendations for the entire industry in an effort to fight the scourge of spam. The proposal provides recommended actions and policies for Internet service providers Internet service provider (ISP) Company that provides Internet connections and services to individuals and organizations. For a monthly fee, ISPs provide computer users with a connection to their site (see data transmission), as well as a log-in name and password. (ISPs) and e-mail service See Internet e-mail service. providers (ESPs) as well as large senders of e-mail including governments, private corporations and online marketing organizations. These recommendations primarily focus on two key issues: helping solve the e-mail forgery See e-mail spoofing. problem by eliminating domain spoofing The unauthorized use of a third-party domain name in an e-mail message in order to pretend to be someone else. See e-mail spoofing. through Internet Protocol See Internet and TCP/IP. (networking) Internet Protocol - (IP) The network layer for the TCP/IP protocol suite widely used on Ethernet networks, defined in STD 5, RFC 791. IP is a connectionless, best-effort packet switching protocol. (IP)-based and signature-based solutions; and best practices to help prevent ISPs and their customers from being sources of spam. The complete ASTA proposal can be found at each adopting company's Web site: --http://antispam.yahoo.com --http://download.microsoft.com/download/2/3/7/ 23779c05-d409-46ce-b9d6-c24908789d8b/ASTA Statement of Intent.pdf (Due to the length of this URL URL in full Uniform Resource Locator Address of a resource on the Internet. The resource can be any type of file stored on a server, such as a Web page, a text file, a graphics file, or an application program. , it may be necessary to copy and paste To copy files from one location to another or to copy text and images from one document to another. All modern operating systems and applications have a copy and paste capability that is typically selected from an Edit menu. See cut and paste and Win Copy between windows. this hyperlink into your Internet browser's URL address field. You may also need to remove an extra space in the URL if one exists.) or http://www.microsoft.com/spam --http://www.earthlink.net/spamblocker --http://corp.aol.com/press/press_release062204.html ASTA was founded in April 2003 to bring together key industry stakeholders to drive technical standards and promote collaboration in the development of industry guidelines to address the spam problem. Current members include leading technology companies such as America Online, British Telecom The telephone and communications carrier that provides services in Great Britain and Northern Ireland. It used to be a division of the British Post Office, but was privatized in 1984 under Margaret Thatcher's administration. , Comcast, EarthLink, Microsoft and Yahoo! Comments "With these proposed solutions, ASTA is taking a huge step toward collective and enforceable technologies in reducing spam and e-mail forgery," said Brad Garlinghouse, vice president of Communication Products at Yahoo! Inc. "We are laying out clear best practices and Good Neighbor policies that will help change the rules of the game on spammers once and for all." "We believe that thanks to continued innovation and the ongoing cooperation of governments and industry around the world, we are on the right path to turn the tide against spammers -- but further change is needed on an industrywide basis to thoroughly contain the problem for consumers and businesses worldwide," said Ryan Hamlin, general manager of the Anti-Spam Technology & Strategy Team at Microsoft. "Our aim with this proposal is to help lay out a clear framework for the industry as we continue to work together to end the spam business and put our customers back in control of their inboxes once again." "Today's announcement shows the industry's commitment to working together to develop the best technical standards and practices that all providers can use to stop spam," said Linda Beck, executive vice president of Operations at EarthLink. "By collaborating on new ways to better identify the origin of messages, we can help lift the veil of anonymity on spammers and restore the integrity of e-mail. We encourage continued testing and public discussion in order to move toward industry-standard technical solutions." "This announcement opens an entirely new chapter in spam fighting on behalf of all online consumers. Spam is an industrywide challenge that merits an industrywide solution. Creating a set of best practices puts us on a clear glide-path to winning a major battle against spammers, scammers and spoofers," said Matt Korn, executive vice president, Network & Data Center Operations at America Online. "This proposal also shifts the spam fight toward identifying legitimate senders of e-mail to ensure prompt delivery of their e-mail. Now we're going to focus on testing and evaluating cost-effective technologies that can identify legitimate senders of e-mail and help restore consumer trust in their e-mail inboxes." About Yahoo! Yahoo! Inc. is a leading provider of comprehensive online products and services to consumers and businesses worldwide. Yahoo! is the No. 1 Internet brand globally and the most trafficked Internet destination worldwide. Headquartered in Sunnyvale, Calif., Yahoo!'s global network includes 25 world properties and is available in 13 languages. About Microsoft Founded in 1975, Microsoft (Nasdaq "MSFT") is the worldwide leader in software, services and solutions that help people and businesses realize their full potential. About EarthLink "EarthLink revolves around you (TM)." Celebrating ten years as a leading national Internet service provider (ISP (1) See in-system programmable. (2) (Internet Service Provider) An organization that provides access to the Internet. Connection to the user is provided via dial-up, ISDN, cable, DSL and T1/T3 lines. ), Atlanta-based EarthLink has earned an award-winning reputation for outstanding customer service and its suite of online products and services. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. the J.D. Power and Associates 2003 Internet Service Provider Residential Customer Satisfaction Study(SM), EarthLink is ranked highest in customer satisfaction among high-speed ISPs. Serving more than five million subscribers, EarthLink offers what every user should expect from their Internet experience: high-quality connectivity, minimal drop-offs and ISP-generated intrusions, and customizable features. Whether it's dial-up, high-speed, Web hosting Making a Web site available on the Internet. Many ISPs host a few personal Web pages for an individual at no additional cost above the monthly service fee, but the address is subordinate to the ISP; for example, www.friendlyisp.com/pat_smith. , or wireless Internet service, EarthLink provides the tools that best let individuals use and enjoy the Internet on their own terms. Learn more about EarthLink by calling (800) EARTHLINK or visiting EarthLink's Web site at http://www.earthlink.net/. About America Online America Online Inc. is a wholly owned subsidiary Wholly Owned Subsidiary A subsidiary whose parent company owns 100% of its common stock. Notes: In other words, the parent company owns the company outright and there are no minority owners. of Time Warner Inc. (NYSE:TWX). Based in Dulles, Virginia Dulles, Virginia is an unincorporated census-designated place located in Loudoun County, Virginia, part of the Washington Metropolitan Area. The headquarters of AOL, Orbital Sciences Corporation and ODIN technologies and the former headquarters of MCI Inc. are located in Dulles. , America Online is the world's leader in interactive services, Web brands, Internet technologies and e-commerce services. America Online is a registered trademark of Time Warner, Inc. EarthLink and the EarthLink logo are registered trademarks of EarthLink Inc. Microsoft is a registered trademark of Microsoft Corp. in the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. and/or other countries. Yahoo! and the Yahoo! logo are trademarks and/or registered trademarks of Yahoo! Inc. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Summary of ASTA Recommendations ASTA's proposal focuses on two key issues: helping solve the e-mail forgery problem by eliminating domain spoofing through IP-based and signature-based solutions, and best practices to help prevent ISPs and their customers from being sources of spam.. Recognizing that broad adoption of any technology or best practice is critical to solving the spam epidemic, all members of ASTA have agreed to the following recommendations: Addressing E-mail Address See Internet address. e-mail address - electronic mail address Forgery One of the key problems with today's e-mail infrastructure is that messages do not contain enough reliable information to enable recipients to decide whether an e-mail message is legitimate and reliably identify the sender. Spammers take advantage of this fact and commonly disguise the origin of their messages by forging the sender addresses on their e-mail using someone else's domain name. This is called "domain spoofing." Although the problem of identifying the origin of e-mail is complex, there are two promising new methods that organizations can implement to lay a foundation for future advances and promote authentication that verifies that senders of a message is who they claim to be: 1. Authenticating senders based on IP addresses. Currently, the only trustworthy attribute in an e-mail message header The identification lines at the beginning of an e-mail message, such as To:, From:, Subject: and Date:. is the IP address of the server that is transmitting the e-mail. IP addresses can therefore be used by e-mail receivers to verify other attributes in the message header, such as the sending domain, and thus help reduce the common forms of phishing and forgery that are rampant today. This verification loop can be done using the existing Domain Name System (DNS (Domain Name System) A system for converting host names and domain names into IP addresses on the Internet or on local networks that use the TCP/IP protocol. For example, when a Web site address is given to the DNS either by typing a URL in a browser or behind the ) infrastructure combined with fairly simple changes to the receiver's e-mail systems. 2. Authenticating senders based on content signing. Another approach to sender authentication uses a technology called Content Signing (CS). CS systems use public/private key pairs to generate the signatures that are used for sender verification. The public keys may be made broadly available through a variety of key exchange mechanisms or via publication in a directory or in DNS. The private keys are stored securely on the domain's mail servers. When a user sends an e-mail message, the mail server uses the stored private key to automatically generate a digital signature for the message. When the recipient's mail server receives the e-mail message, it retrieves the sender's public key and uses it to verify the digital signature in the message. This verifies both the sender's identity and the integrity of the message body (that the e-mail content was not modified during delivery). As with IP-based sender authentication, the companies believe that content signing technologies are an important component of a long-term industry solution. Throughout the process of implementing these technologies, ASTA members will provide feedback that along with other industrywide feedback will enable subsequent improvements to the specification to be completed, with the goal of providing for the best long-term, industrywide IP based authentication solution. It is the belief of this group that the ubiquitous deployment of some or all of these proposals, combined with the most innovative anti-spam filtering technologies and approaches, continued litigation An action brought in court to enforce a particular right. The act or process of bringing a lawsuit in and of itself; a judicial contest; any dispute. When a person begins a civil lawsuit, the person enters into a process called litigation. against the worst offenders, appropriate legislation and other measures, will serve to reduce the economic incentives and eliminate the entry points for spammers to continue their barrage of unwanted communications. ASTA looks forward to the community response to this proposal and invites participation from all segments of the community to assess the validity and impact of these proposed solutions and their accompanying technical specifications. Addressing Spam Through Best Practices In the proposal, ASTA recommends a number of best practices that organizations should implement as applicable. Many of these practices have already been adopted by responsible organizations using e-mail today, but broader global adoption is necessary, as the combined effect of implementing these approaches can serve to minimize opportunities for spammers. Those who do not adopt these proposals risk loss of online user confidence in the safe and trusted exchange of e-mail for the entire community. Specifically, ASTA's proposal outlines the following: --Recommendations for ISPs and mailbox providers and organizations that provide Internet connectivity, such as these: --Block or Limit the use of Port 25 --Implement rate limits on outbound e-mail traffic --Control automated registration of accounts --Close redirectors that can be abused --Close all open relays --Configure proxies for internal network use only --Detect compromised computers (zombies Zombies Companies that continue to operate even though they are insolvent. Also known as living dead. Notes: It's advisable to avoid investing in zombies at all costs their life expectancies are highly unpredictable. ) --Educate users to increase use of existing tools --Develop effective complaint reporting systems --Recommendations for legitimate bulk e-mail senders, such as these: --Do not harvest e-mail addresses through SMTP (Simple Mail Transfer Protocol) The standard e-mail protocol on the Internet and part of the TCP/IP protocol suite, as defined by IETF RFC 2821. SMTP defines the message format and the message transfer agent (MTA), which stores and forwards the mail. or other means (defined as collecting e-mail addresses, usually by automated means) without the owners' affirmative consent. --Register your e-mail domain with a creditable safelist provider. --Always provide clear instructions to customers about how to unsubscribe To cancel a service. It is often possible to unsubscribe to an e-mail service by typing the word "unsubscribe" into a reply message. Contrast with subscribe. See opt-out. or opt-out of receiving e-mail. Promptly respond to these requests. --Do not use or send e-mail that contains invalid or forged headers. --Do not use or send e-mail that contains invalid or nonexistent non·ex·is·tence n. 1. The condition of not existing. 2. Something that does not exist. non domain names in the From or Reply-To headers. --Do not employ any technique to hide or obscure any information that identifies the true origin or the transmission path of bulk e-mail. --Do not use a third party's Internet domain name An organization's unique name on the Internet. The chosen name combined with a top level domain (TLD), such as .com or .org, also called a "domain extension," makes up the Internet domain name. For example, computerlanguage.com is the domain name for the publisher of this Encyclopedia. or allow mail to be relayed from or through a third party's equipment without permission. --Do not send e-mail that contains false or misleading information in the subject line or in its content. --Monitor SMTP responses from recipients' mail servers. Promptly remove all e-mail addresses for which the receiving mail server responds with a 55x SMTP error code (e.g., "user doesn't exist"). --Recommendations for consumers, such as these: --Install firewalls on PCs as appropriate. --Use anti-virus software and other screening tools to detect incoming viruses, malware, and harmful or suspicious code. --Make use of spam filtering technologies and customize settings that provide the appropriate level of protection needed. Some of these recommendations are already part of laws in various countries including the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM (Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003) A U.S. statute effective January 1, 2004 that allows spammers to be fined up to $6 million. ) Act of 2003 in the United States. However, the disparity between laws and the absence of anti-spam laws in most countries means the industry needs to come together and adopt consistent policies and practices that drive spammers out of business. The complete ASTA proposal can be found at each adopting company's Web site: --http://antispam.yahoo.com --http://download.microsoft.com/download/2/3/7/ 23779c05-d409-46ce-b9d6-c24908789d8b/ASTA Statement of Intent.pdf (Due to the length of this URL, it may be necessary to copy and paste this hyperlink into your Internet browser's URL address field. You may also need to remove an extra space in the URL if one exists.) or http://www.microsoft.com/spam --http://www.earthlink.net/spamblocker --http://corp.aol.com/press/press_release062204.html |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion