By David McGuire washingtonpost.com Staff Writer
Tuesday, June 22, 2004; 4:38 PM
In the battle over eradicating junk e-mail, spammers have a big advantage: the technology that controls how messages are transmitted lets them lie with impunity about who they are, where they are from and what they are sending.
That has prompted some of the world's largest e-mail providers to propose new ways to authenticate e-mail so that Internet users can be sure of the origins of the messages that they receive.
Officials from America Online, EarthLink, Microsoft, Yahoo, Comcast and British Telecom announced the proposals on Tuesday, along with 21 recommendations for Internet and e-mail service providers, online direct marketers and the public on how to reduce the amount of spam online. One of them suggests cutting off Internet users whose computers are sending large amounts of spam, while another recommends limiting the amount of e-mails sent every day.
"There are two real root causes for the proliferation of spam: it's cheap – virtually free – and there's complete anonymity for spammers," said Stephen Currie, director of product management at Atlanta-based EarthLink Inc. "The thing we're trying to do is somehow get identity associated with e-mail on a global sense."
Internet service providers view authentication as the best hope against the relentless influx of spam, now said to comprise as much as 80 percent or more of the e-mail traffic circulating through cyberspace.
The proposals and recommendations released Tuesday come nearly a week after the Federal Trade Commission told Congress that a national "do-not-spam" list would not solve the problem because spammers could use the list to harvest new addresses, the opposite of its intended effect. Until it's easier to identify who sends messages, trying to force spammers to obey federal rules would not work, the FTC said.
The six companies, members of the Anti-Spam Technical Alliance, said they would test two ways to identify e-mail senders. One would rely on using the unique markers included in the "from" lines and "Internet Protocol numbers" of e-mail messages. The other would rely on digital "keys" to verify an e-mail's authenticity. They plan to release their findings later this year.
Once widely adopted, these systems in theory would allow e-mail providers to dump messages with false "from" information without before accepting them into their networks and wasting valuable space.
Many companies have developed ways to analyze the content of e-mails to see if fit patterns that often mark junk e-mail, but spammers can cover their tracks by taking advantage of security gaps in the basic setup of the Internet.
Authenticating e-mail messages would not guarantee an end to junk e-mail, but would force spammers to disclose where they are sending their messages from and allow e-mail providers to better sort incoming messages, said John Levine, chairman of an Internet Engineering Task Force group charged with fighting spam.