A Tale of Two Spam Solutions
Network News Break: News of spammers headed for the pokey is seldom bad, and neither is solid information on how to stop the spam itself. Also: Mixed reports on the growth of the Internet's mixed blessing, the Feds step in to tell your users what you've probably been saying for years, and VoIP leaves the security industry behind.
|Main||Elsewhere||The Week in CrossNodes||The Week in Network News|
Call it "a tale of two spam solutions."
On the one hand, we have news this week of the US Department of Justice going after spammers in a series of arrests and indictments that are partially the result of "Operation Slam Spam," a joint effort between the FBI and the Direct Marketing Association.
The DMA's stake in this matter can't be overstated: Ensuring that there's a clear line between spam of the "unsolicited and non-unsubscribable" sort and the kind that seems more legitimate because it offers opt-outs has to be priority number one for an organization interested in bringing the business of mass commercial solicitation into the Internet age.
Another thing's hard to deny: A well regulated direct marketing industry that followed its own rules and avoided creating too many "perfectly reasonable" loopholes would be a blessing to beleaguered network admins, who could start implementing common sense rules for mail filtering. If every unsolicited marketing mail coming across the enterprise threshold had to have "ADVERTISEMENT:" at the front of the subject line, your anti-bulk-mail filters would pretty much write themselves.
How soon will that happen, though? We're guessing that "not any time soon" is a fair approximation.
Savvy users have learned through bitter experience that following an opt-out link is often a recipe for more spam. And we're at a strange tipping point now where we have to wonder if improved subject labeling on the part of a lot of legitimate direct marketers won't just encourage their less legitimiate counterparts in the spamming community to continue their current practices: They'll just gamble on user complacency about the effectiveness of subject line keyword filtering and continue to slip through the filters.
We've said before that spam is a technical problem that requires a technical solution. While we're happy to think that there's at least a chance that "good spammers" will follow a few rules, we're also positive that legislation won't solve the matter.
So we'll probably continue to carry articles like this week's series kickoff on building an antivirus/antispam gateway with Linux.
We've been using SpamAssassin, an anchor of this series, for a few years now, and it's very, very good. It hits the occasional false positive, but with a little tuning and effort, you'll find it snagging the vast majority of the junk that flows in over the threshold.
It's definitely something to look into while you wait for the wheels of justice to turn.
» Sometimes you want the future to hurry up and get here, other times, it's like a slow-moving train of doom. We'll leave it to our readers to decide how they feel about the broadband revolution, which , according to this report, is either stalled or exploding. On the one hand, it's nice to have all that bandwidth. On the other hand, all that bandwidth is a wonderful vector for worms, zombie spammers, and DDoS attacks on our networks. We're probably best off calling it a mixed blessing and moving on.
"You can find some holes and drain financial resources out of companies," he said. "You can start charging phone calls to them and buying stuff over the phone. That's the really scary stuff."
» A consumer alert from the FCC regarding phishing (define) is full of the usual advice we tend to give our users no matter what. This one might be worth forwarding around anyhow: It's from the government, which might mean more than your good word to some of your users.
» If you can't beat 'em in Federal court, there's always the state courts. So says VeriSign as it smarts from a ruling that maintains ICANN is not in violation of the Sherman Act for putting the kibosh on, among other things, the company's wildy unpopular SiteFinder service. According to the company, it'll be back in lower courts trying to press its case, hoping, no doubt, that it'll happen to find a judge who thinks VeriSign's profit motive trumps the technical integrity of the Internet commons.
Building an Anti-Virus/Anti-Spam Gateway (Part 1): With SpamAssassin, Amavisd-new, and ClamAV, you've got all you need to build a Linux-based SMTP gateway that stops spam and viruses cold.
If you're looking for a remote administration tool for Windows 2003 Server systems that's got the basic features you need and a familiar interface for novice administrators, HTML Remote Administration Tools might be the ticket.
Network News Break is CrossNodes' weekly summary of networking news and opinion. Please send your comments and suggestions to the editor.