Thursday, August 10, 2006

Protocol Against Spam

There has been heavy debate over the effectiveness of the SMTP protocol in a world polluted with spam. There is an urgent need for a new protocol to replace this age-old technology to help battle the ever-increasing problem of spam. But is it really necessary to replace this trusted protocol, is e-mail protocol not the solution to spam we are seeking for.

I guess I have you a bit confused now. The e-mail protocol I’m referring to is not the technology protocol, no I’m speaking of a set of rules that has to be applied to make sure your e-mail reach its destination. This set of rules will make it easier to define the behavior of spam when developing anti-spam controls. Web developers who want their web sites to reach high rankings in search engines have to keep within the rules of the search engines, if they don’t, they won’t reach their targeted audience. Moderators of Internet Relay Chat rooms do not tolerate any behavior that does not comply with the set of rules of the chat room. Crossing the line in a chat room will get you kicked from the room. The same rules apply for discussion forums. Some members like to spam forums with affiliate links and scams. Some forums allow you to place a link to your web site in your signature where other forums disallow the use of HTML altogether. It is very simple, if you don’t stick to the rules you don’t get to use the service.

But applying this to e-mail is not that simple. It is very difficult to deny the usage of e-mail if they don’t stick to the rules. Yes we read that Internet Service Providers ban their members if they get caught using spamming techniques to deliver their message. But do we ever see these measures enforced on someone? Be honest, you would rather have the client use spamming techniques than to loose out on the money the customer is paying. The solution to this problem is to penalise spammers without banning them from using e-mail. Search engines have given us the guidelines to do this. I agree that search engine algorithms is not perfect mechanisms and people familiar with Search Engine Optimisation know that search engines constantly change their algorithms to stay ahead from people exploiting their vulnerabilities. Applying these algorithms to the SMTP protocol is yet another problem. Many ISP’s have spam filters installed on their servers to help filter out spam for their clients, so if you can apply the rules of search engines to these spam filters you will be closer to the solution.

Search engines scan pages for consistency in their content. If the header of a page does not conform to the body of the page you won’t get a good ranking on the Search Engine Result Pages. This will filter out a huge chunk of spam circulating the Internet. Companies who send e-mails with a single image embedded in the e-mail also make it hard for current spam filters to determine if it is spam or not. You need Optical Character Recognition software to scan the contents of the image and convert it to text. This will make anti-spam software very expensive and even the best OCR scanning software still makes errors when they convert images to text. What about pornography? You will also need a special scanner to detect pornographic images. The only solution to this is to make a general rule that it is not proper e-mail protocol to embed only images into an e-mail without proper content. I don’t understand why companies still use this method of marketing. Dial-up users normally download e-mail and disconnect from the Internet to read their messages offline. There is nothing more frustrating than opening a message with only images embedded into it and there is no way you can see what the sender is trying to offer you without reconnecting to the Internet again. People advertising like that never reach me because I simply delete messages like this. If everyone starts to do this it will automatically create a protocol and companies will stop sending e-mails like this. E-mail clients like Thunderbird allow you to hide images embedded into e-mail messages and an e-mail that consists only of images is therefore totally useless if it reaches the inbox of people using this feature. The only ones who will continue using this practice will be spammers.

Search engines detect when you simply place hundreds of keywords on a page that makes no sense at all. Pages like this never rank well and sites using this practice even get banned from most search engines. Have you ever received an e-mail with strange sentences or tons of words at the bottom of the e-mail. These words and phrases are used to confuse spam filters and to make it harder for the software to decide whether it is spam or not. Applying the technology of search engine algorithms here will get rid of yet another chunk of spam.

A protocol that is starting to become a common practice is the usage of text only e-mail messages. Many servers reject e-mails with HTML code embedded into them and only allow text messages to pass through. But this is the common example where little Johnny did something wrong and now the whole class gets punished. Respectable companies use images in their e-mails to compliment the content of their messages. If you can’t use HTML, you can’t format the message to have the look and feel of your company. If you can’t use HTML, you can’t make use of your company logo or include illustrative images of your products in your messages. Why should everyone get punished for people who abuse the same mechanism that respectable and honest organisations use to promote their products? This is why you have to design an e-mail message in such a way so that it still delivers the marketing message clearly without the images and HTML.

I have even seen people suggesting that closed circle e-mail protocols replace SMTP. These protocols are used in companies for internal communication. Servers only allow e-mails to pass through if they have your e-mail address on their safe-list. If you are not on their safe-list you won’t get through. But this is a very unpractical method of filtering out spam, what if a customer wants to contact the sales department or anyone contacting any department for that matter? Another similar method is one that was introduced by Hotmail. Only e-mails from your contact list lands in your inbox, every other e-mail is filtered to your Junk Mail folder. You will have to indicate which e-mails to allow in the future. The rest are deleted automatically after a specified number of days. This method has some merit but can be a daunting task if you want to implement it in a commercial environment. You will have to employ a full-time e-mail administrator to select which e-mails should go through. Both these protocols are very counterproductive measures.

Lets be honest, getting rid of spam is not an easy task. But if everyone starts to ignore spam or messages with the characteristics of spam you should see a decline in the spam circulating the Internet. Spammers will soon realize they are only wasting bandwidth with their useless e-mails and no one is falling for their moneymaking schemes anymore.

Coenraad de Beer - Platinum Author

Cyber Top Cops - The Cyber Security Specialists Platinum Author

No comments: