washingtonpost.com  > Technology > Special Reports > Spam

E-Mail Authentication Will Not End Spam, Panelists Say

By Jonathan Krim
Washington Post Staff Writer
Thursday, November 11, 2004; Page E01

For consumers and businesses increasingly shaken by the growing onslaught of unwanted e-mail and the computer viruses and other nefarious hacking spam can bring, any hope for quick relief was soundly dashed yesterday during a government-hosted gathering of technology experts.

Several executives and academics speaking at a forum sponsored by the Federal Trade Commission said criminals are already steps ahead of a major initiative by e-mail providers to counter those problems by creating a system to verify senders of e-mail.

_____Spam In The News_____
E-Mail Firms Seek Spam Solution (washingtonpost.com, Nov 9, 2004)
Microsoft E-Mail Looks Like Spam to Some Recipients (The Washington Post, Nov 5, 2004)
Jury Finds 2 Guilty of Felony Spam (The Washington Post, Nov 4, 2004)
More Spam News

In theory, such an authentication system would make it harder for spammers to disguise their identities and locations in an attempt to avoid being shut down or prosecuted.

But a majority of spam is launched by "zombies," or infected personal computers that are controlled by remote spammers. E-mail from a zombie looks as if it is coming from a legitimate source -- because it is. The owner of that source is simply unaware that his or her computer has been commandeered.

"We'll be lucky if we solve 50 percent of the problem" with e-mail authentication, said Pavni Diwanji, chairman of MailFrontier Inc., a Silicon Valley provider of e-mail security systems.

By some estimates, the problem is rapidly becoming a crisis. In the first half of this year, an average of 30,000 computers a day were turned into zombies, according to the computer security firm Symantec Corp. In addition to serving up unwanted or fraudulent messages, spam is used to deliver viruses and other malicious software code that can allow hackers to capture private data such as credit card or bank account numbers from personal computers.

Hackers and spammers also have been able to exploit a lack of awareness among many computer users, tricking them into providing their passwords or account information in response to e-mails that appear to be coming from legitimate financial institutions or retailers, a tactic known as phishing.

The information is then rapidly sold on a black market heavily populated by elements of organized crime in Eastern Europe, Asia and elsewhere.

As incidents of the resulting identity fraud mount, "we're losing consumer confidence in this medium," said R. David Lewis, vice president of Digital Impact Inc., which provides bulk e-mail marketing services to large companies.

Lewis and others said that if the public reaches a tipping point at which Internet commerce is no longer trusted, the economic consequences will be severe.

CONTINUED    1 2    Next >

© 2004 The Washington Post Company