Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
First iPhone worm spreads Rick Astley wallpaper
Four reasons to buy (and one reason to avoid) the Droid
Stimulus for tech and telecom $3B, but jobs still guesswork
Cisco MARS shuts out new third-party security devices
Verizon Droid buzz muted in Boston
Week in Google news: Google Dashboard, Droid fever, focus on e-commerce
Cloud computing, virtualization proponents getting antsy
Data center start-up offers energy saving software
Vendors scrambling to fix bug in Net's security
Judge dismisses lawsuit challenging Gartner's Magic Quadrant
Boston Celtics clamp down on spam
Cloud computing inevitable? Not so fast, educator says
Blue Coat slashes staff, buys S7 services company
Apple seeks new sheriff to lock up iPhones
/

Q & A: Dave Rand on spam

By Sharon Gaudin
Network World, 09/10/01

David Rand, who was involved with the development of the Internet during its infancy, is a founding member, along with partner Paul Vixie, of Mail Abuse Prevention System (MAPS). Rand is MAPS' executive director and is involved in the day-to-day operations and policy setting at MAPS. He sat down with Network World feature writer Sharon Gaudin to talk about battling spam.

What inspired you to join the fight against spam?

I was getting unsolicited e-mail, in what I used to think was high volume (one or two per day). I was using my e-mail for business purposes, and the extra time to deal with UCE was eating into my time, and frustrating me.

Further, my home computer was abused (because it was an open relay). It took me several days to write the software to eliminate the problem. I spent the next several weeks dealing with fall-out complaints because people thought that I had sent the spam.

I have two children. The older daughter, 12, has already been spammed.

I have not yet put up an account for my younger daughter who will be 1 shortly. It's my hope that by the time she is old enough to read, I won't have to worry about her first e-mail message being spam.

Spam fighting tactics come under fire
ISPs and spam police
The spam police force
How the blacklist system works
Antispam-related URLs
Network World's e-mail policy

Why is spam such a problem? How do you think it affects business?

It is a problem because of the cost-shifting effect. It costs spammers little to send out huge volumes of spam (and many are apparently stealing credit card numbers or using other techniques to further reduce the cost). It ends up costing the mail recipient hard cash to upgrade their resources to ensure that legitimate e-mail is able to get through.

As an example, let's say that the average spam is 4K bytes. If each person just gets one spam per day, that's 120K bytes of storage required (if the mail server keeps the messages for only 30 days). Per person. That's an additional 1.2G bytes of space per month if the ISP only has 10,000 users. How many ISPs only have 10,000 users?

Just dealing with the huge amount of mail that spam can generate is a burden to the ISP's links as well - let alone the small business trying to use a lower cost line to get connectivity, such as DSL.

As an example, my home computer gets around 100,000 spam attempts each week. Most are to addresses that do not exist and have never existed. It works out to around one full CD's worth of completely worthless mail, each week - about 600M bytes.

I pay for the connections to the Internet and my connection fees are very high, thousands of dollars per month, because of my location.

If I didn't have to carry this traffic, I would be able to reduce the size of the connection. The MAPS lists certainly help reduce the amount of traffic I have to pay for, by allowing me to reject traffic from sites which MAPS has determined are sources of unsolicited, unwanted e-mail.

Do you think you are winning the war on spam? How much affect do you think MAPS and the other antispam groups are having on the problem?

MAPS is not about stopping spam. MAPS is about stopping spammers. I know that we have caused many organizations that were lured by the "low cost bulk e-mail" siren song to turn to a fully verified opt-in system. This makes the consumers happy because they get exactly what they want, and it makes the advertisers happy because they know their audience is receptive to their message.

There are very few hard-core spammers in the world today. Most of the spam that exists today is for get-rich-quick schemes or other such questionable ploys. Thanks to our combined efforts, we think the mainstream commercial businesses are aware of how bad spam is and won't start.

Are we winning? What we want is to show that the mailserver owner has a right to decide what kind of mail they are going to accept. That is, if a given mail server owner decides that she will only accept mail from people whose last names start with a "Q" - that's OK.

Her equipment - her rules. In the same light, users that subscribe to the MAPS lists also have the right to accept mail from hosts that conform to the "good neighbor" policies, which have always existed on the Internet. It's clear that the MAPS lists can help reduce the amount of spam that subscribers get, but they also help to reduce the number of spammers.

Are you concerned about the legitimate businesses that get caught up in the fray and are blacklisted even though they're not professional spammers?

MAPS is very careful about listings. There are currently three types of lists available (and a fourth, which is a combination of the three).

By far the most popular, and the one that stops the most spam, is the RSS. This is a list of hosts that have been abused by spammers and remain open relays. "Open relay" is a term that means that anyone on the Internet can use the relay to send e-mail to any other host, sometimes anonymously.

Spammers use open relays and dial-up accounts to prevent their primary Internet connections from being cancelled. RFC-2505, one of the standards that the Internet operates on, has required that open relays be closed for almost three years now. Most often, the system administrators are simply unaware that their host is an open relay, or there are no system administrators.

Because we list hosts only after they have been verifiably abused (we keep a copy of the reported spam on file), and after they have been tested to see that they are in fact open relays, subscribers are confident in using this list. Also, as part of the listing process, a notice is sent to the postmaster of the host, advising them that their relay is open and offering them online resources to help fix it.

The second list is the DUL. This list contains addresses that are verified to be dynamically assigned addresses, most commonly used by dial-up ports. Within the last year, primarily because of rampant abuse by spammers and our efforts in educating the providers, most dial-up providers have effective antiabuse filters in place. These filters prevent the use of dial-ups to abuse open relays, which effectively stops the spammers from the simplistic approach they were using.

The third list, the RBL, is by far our most effective list at stopping spammers. This list contains addresses that are known to be involved in spam or spam-support services. Very few listings in the RBL are for more than an individual IP address. When they are larger, it is because we have seen a pattern of abuse from that network block. Some ISPs do attempt to place "nonspam" sites in with the "known spammer" sites listed on the RBL, in an attempt to sway public opinion.

But to answer your question, every address we list on the MAPS lists is a failure in my eyes - a failure to educate, a failure to change. It's my hope that one day, there will be no entries on the RBL.

Why don't you just list the spammers, instead of an entire network block or business associates?

We most often do list individual IP addresses. It's impossible to list "the spammer," because they don't have a bar code on them. It is only when we see a pattern of abuse that larger network blocks are listed. It is usually a result of "evasion," that being the ISP in question moving a customer from an IP address listed on the RBL to an IP address that is not listed. We see this as a "whack-a-mole" game and are unwilling to play.

Critics say MAPS has a lot of power without the authority - the authority to set policy and the authority to put companies on a list that will hinder their communications abilities. How did you gain that kind of power and authority?

It is not MAPS which wields the power - it is the individual mail server owners, each of whom chooses whether or not to accept e-mail from these sites. As to the authority, each of our subscribers gives us that authority. They depend on MAPS to fairly administer our published guidelines. As we have a very large subscriber base, it is apparent that we have been doing so and that they trust us to do so in the future.

How did you lay off half your staff this spring without limiting your investigative capabilities?

The staff that was laid off this spring was involved in a new product that we were planning to offer - an outsourced abuse-desk service. We were not able to get sufficient demand to implement it.

What do you think actually will win the war on spam - filtering or legislation?

Neither. There will always be the ability to filter, and people will always find ways to break the law. Car theft is illegal, but thousands of cars are stolen each day.

We can reduce the spammers and make it more expensive for them to send their spam. That will serve to shift the cost back to the spammer. Once that is done, spammers will reduce the amount of spam they send. You do not see bulk postal mail shops sending 100,000,000 ads each day - it just would not scale. They know what it costs, and they adjust their lists to subscribers that would be most interested in getting their ad.

Back to the main feature

RELATED LINKS

Contact Features Writer Suzanne Gaspar

Other recent articles by Gaspar

The Spam Police
Spam accounts for as much as 50% of an ISP's e-mail traffic flow. Read how spam can cause damage and steps you can take to prevent it.

ISPs and spam police
Both fight spam, but they don't go about it the same way.

The spam police force
Organizations to help you fight spam.

How the blacklist system works
File an e-mail complaint with the Mail Abuse Prevention System hotline if you think you have received spam.

Antispam-related URLs
Click on these to help you prevent spam.

Network World's e-mail policy

Spam rebel with a cause
Find out if your mail provider is using the RBL services of the cyber-goons at MAPS.
Network World, 07/02/01.

ISPs fight spam from the front line
There is little doubt that you have a grueling job when your business card reads 'senior abuse administrator.'
Network World, 05/24/01.

The spam-tastic year 2000
Unwanted spam gave one e-mail user plenty to complain about in 2000.
PC World, 01/03/01.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.