In Brief
United Against Spam
ISPs and e-mail providers are going to new lengths to stop the attacks and, more than ever, cooperating in their efforts to thwart online attacks
By Paul Roberts
September 30, 2004 — CSO — Like unruly offspring, viruses, worms and spam often get their way. In many cases, online pests succeed by taking advantage of structural weaknesses in Internet infrastructures, such as simple mail transfer protocol. SMTP does a great job of getting e-mail messages to their targets, but it also makes it easy for spammers to forge them from addresses on e-mail messages.
But ISPs and e-mail providers are going to new lengths to stop the attacks and, more than ever, cooperating in their efforts to thwart online attacks and develop a new generation of secure Internet standards.
On the technical level, leading ISPs in the United States have proposed standards to end the practice of address spoofing in e-mail messages by changing the way e-mail is sent and received on the Internet.
In June, Microsoft submitted a new technology standard called Sender ID to the Internet Engineering Task Force for approval. The new standard would allow e-mail recipients to verify the sender of e-mail messages. If adopted, Sender ID could provide a way to close loopholes in the current system for sending and receiving e-mail that allow senders
Industry groups have also sprung up to address the growing number of spam and phishing scams. There's the Anti-Spam Technical Alliance, an e-mail provider industry group that includes e-mail rivals Microsoft, Yahoo, EarthLink and America Online. In June, the group released recommendations and best practices to end spam. Also in June, a new consortium of companies from across different industries formed to tackle phishing. The Trusted Electronic Communications Forum has representatives from leading retail, telecommunications, financial services and technology companies. The group will work with the U.S. government and other governments, as well as standards organizations and private companies to fix problems such as e-mail and website spoofing, according to a TECF spokesman.
-Paul Roberts
Other stories by Paul Roberts
$firstKeyword
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- The Forrester Wave™: Web Filtering, Q2 2009
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
