Analysts suggested this week that the spam battle is taking up something of a new strategy that could be called containment, not liberation—and you can thank improved spam-catching products in part for the shift.
America Online anti-spam coordinator Carl Hutzler told reporters that filters to block spam are improving to where doing more than what is in use now "will needlessly kill" legitimate email, prompting email gatekeepers and spam fighters to think seriously about a shift toward stopping spam from leaving their sources.
Published reports indicate that EarthLink is instituting a requirement for customers’ mail programs to submit passwords to the Internet service provider before it sends their email. This is a change from EarthLink's previous policy of just ensuring a computer was tied to a legitimate account, but the ISP said that with viruses co-opting computers for spam trafficking that's no longer enough.
The ISP sent out new software recently and made new tools available to download and walked their customers through manual mail-settings changes even when they called EarthLink technical support for other reasons, the reports indicated. "Any action can be a little daunting," EarthLink director of communications products Stephen Currie told CNN, "when you're trying to migrate millions of people."
EarthLink also admitted in the breach that other ISPs might start blocking EarthLink email unless it has strong outbound controls in place and operating.
Even the Spamhaus Project, which usually plays second fiddle to no one when it comes to criticizing and attacking spam and its purveyors, agreed with the apparent new shift in spam-battling focus. "The best place to stop spam," Spamhaus volunteer John Reid told CNN, "is before it's sent. If you can keep it in the bag, bottled up, that's where it's the least expensive."
Spamhaus and other spam fighters also acknowledge that while they won't stop pushing ISPs to do more to stop spammers from opening new accounts, about 90 percent of the world's spam problems come from networks of zombie computers compelled by malware infection to become spam conduits.
The questions include justifying outbound measures because they don't reduce the spam volume in your inbox directly the way inbound filters do, according to Institute for Spam and Internet Public Policy director Anne Mitchell. "[ISPs] have to look at the bottom line and their profitability," she told CNN, explaining why more or all ISPs don't put outbound controls into place.
What most agree on is that spam is likely to get worse before it gets better, even with new outbound controls coming into play. Spamhaus has said a rise in stealth proxy spam software designed specifically to take over remote private computers and send the spam forth by way of ISP relays is likely to hike the world's spam volume to 95 percent of all email traffic by mid-2006.
If it does hit that stage, Spamhaus has said, "we would…see visible signs of the beginning of a slow meltdown of email delivery systems caused by overloaded email queues and stressed spam filters."
