AT&T Released Details of Anti-Spam Filter, Hopes For Long-Term Benefit

AT&T received a U.S. patent earlier this month that will give intellectual property (IP) attorneys ground on which to stand when pursuing spammers.

The patent, number 6,643,686, grants AT&T IP protection for its system and method for circumventing schemes that use duplication detection to detect and block unsolicited e-mail (spam). What this means is that spammers can now be sued under the patent infringement laws for trying to defeat the anti-spam filters that run on mail servers.

In its patent application, AT&T provided significant details regarding how spam filters work and how they can be defeated, and this release of information has brought on a firestorm of protest from the e-mail security and anti-spam communities. However, AT&T anticipates that creating the legal grounds, however technical and specific, to pursue spammers will, in the long run, benefit the general Internet community more than the risks posed by releasing the details of anti-spam filtering systems.

Dave’s Opinion
AT&T is following a tried and true legal tactic of patent and then sue. These booby-trap or submarine patent suits are a staple of the legal profession, and in many cases they work well. I hope that AT&T shares its IP rights freely with those who want to put spammers out of business and are willing to pursue the legal process to do so.

Call for Comments
What do you think? Leave your comments below.

References
AT&T Patent

The Big Gorilla Project

Spam is an ever-increasing annoyance for e-mail users. Most people have some form of spam filtering application that reduces the instances of the frequently offensive unsolicited commercial messages. Many of these filters seek to identify spam based on the address from which the message is sent, but spammers are already wise to this trick, and spoofing is now commonplace. By hiding or misdirecting their transmission source, spammers make it exceedingly difficult for most users to determine from where the spam message actually came.

But there’s some hope for spammer identification. An loose alliance formed by large e-mail services (Microsoft, Yahoo, America Online, and Earthlink), the Anti-Spam Research Group (ASRG), and Intelligent Computer Solutions (ICS) is working on an e-mail sender-authentication system that’s been dubbed the Big Gorilla Project.

Using an identification system based on public key encryption, ISPs who have control over outgoing e-mail can include a piece of encrypted code in header of each outgoing message. The code snippet can be used by receiving ISPs to confirm the identity of the outgoing e-mail server and the authenticity of the e-mail message’s return address.

By confirming the identity of the transmission site, it’s a simple matter to blacklist and block known offenders.

Dave’s Opinion
I use a combination of anti-spam filtering applications, both on our incoming mail servers and our client workstations. So far I’ve been able to drop my daily spam tally from over 600 messages to about a dozen, maybe double that on a bad day. But that’s still not good enough. It’s not just receiving junk mail that bothers me, it’s the offensive content.

I’m all for proposals, both legislative and technical, that help kill off spam.

Call for Comments
What do you think? Leave your comments below.

References
Anti-Spam Research Group
Intelligent Computer Solutions

California Wins Legal Case Against Spammers

Two LA spammers were ordered to pay $2 million and received various business restrictions in Santa Clara County Superior Court, this past Friday. This is the largest judgment won by government prosecutors against senders of unsolicited e-mail. The spammers are also the object of a Federal Trade Commission suit; however, both legal cases are civil suits, so there’s not much chance that the spammers will see the inside of a jail cell anytime soon.

Since 1999, almost three-quarters of states have passed anti-spam laws, but prosecutors have brought only a handful of lawsuits; success in the legal system often requires integrating case law (past judgments), and until more criminal suits are won this catch-22 will continue. Rather than pursue criminal penalties, ISPs and frustrated individuals have been using the courts by filing suit using various laws such as consumer fraud and trespass.

Dave’s Opinion
The U.S. Senate unanimously approved an anti-spam bill this past Wednesday: the first federal legislation to tackle spam. The Sentate bill requires bulk e-mailers to indicate a valid return address, disclose that the content is advertising, and give consumers valid and working opt-out mechanisms. In addition, the bill bans the use of addresses obtained from automated mechanisms, such as web-crawling and e-mail harvesting.

Senate bill S.877, CAN-SPAM Act of 2003, also directs the FTC (Federal Trade Commission) to come up with a plan for a do-not-spam registry, similar to the do-not-call telemarketing registry.

The U.S. House of Representatives is considering competing anti-spam legislation, and may have a more difficult time reaching agreement; however, I’m holding out hope for a valid and reliable do-not-spam registry by 2005.

Call for Comments
What do you think? Leave your comments below.

References
S.877 CAN-SPAM Act of 2003