SAN FRANCISCO -- The savvy of spammers gives even information security veterans fits. That includes industry heavyweights...
such as Cupertino, Calif.-based Symantec Corp.
"The main barrier to my fight against spam is the increased technological sophistication of spammers," said William
Plante, who spoke at the recent Institute for Spam and Internet Public Policy (ISIPP) conference, said one particularly effective obfuscation method is the use of secure HTTP Uniform Resource Locactors ( URLs).
"We don't have any technology yet that can trace HTTPS URLs," he said.
An unintended effect of antispam laws
Plante also believes that advanced obfuscation will become more common among less malicious spammers as various government laws get more stringent. "As untested laws get enacted, all spammers will start trying harder to cover their tracks to avoid being the first test of the laws."
So, what's currently the best strategy to combat spam? Plante recommends a multi-pronged defense.
"There are four components to a spam solution: legislation, public awareness, the responsibility of direct marketers and technology," he said.
The growing threat
Junk e-mail continues to mushroom at an alarming rate. Spam accounted for 42% of all Internet
"The amount of growth is even greater than these numbers indicate because there has been a growth of overall Internet e-mail from January 2003 until now," said Plante, who presented data gathered by Brightmail Inc., which was recently acquired by Symantec. Spam is "a very significant problem, which, left unchecked, will continue to grow."
Another pressing concern for Plante is the increasingly malicious spam technique known as phishing, whose creators use e-mail to mimic legitimate e-commerce sites in an attempt to trick users into disclosing sensitive information.
Advice for e-mail administrators
As for network and messaging administrators at the front lines of the war on spam, Plante recommended "self-education" on the types of spam and address-spoofing methods. Most enterprises have software that blocks spam, but Plante suggested that administrators "understand why some spam can get through," and he urged them to make data collection on block-evading spam a priority.
Conference notes: ISIPP speaker Michael Grow, an attorney and chair of the technology department at the Washington-based law firm Arent Fox PLLC, discussed the practice of prosecuting spammers for copyright and trademark infringement … Anne Mitchell, president of the ISIPP, announced a new program called the International Council on Internet Communication. The ICIC is a private industry group consisting of high-level executives and attorneys from around the world who will work to share information and resources in an effort to provide a more unified antispam initiative.