Modernizing Authentication — What It Takes to Transform Secure Access
America Online, Inc., Earthlink, Inc., Microsoft Corp., and Yahoo!, Inc. have joined forces to collectively file six lawsuits against hundreds of defendants, including some of what the ISPs are calling the 'most notorious large-scale spammers'. These are the first major industry lawsuits under the new federal Can-Spam Act that went into effect Jan. 1 of this year.
''This is definitely a good shot across the bow for the spammers that we know about,'' says Mark Sunner, CTO, of MessageLabs, Inc., Inc., a New York-based email security company. ''It's a good deterrent to the less-sophisticated spammers who will be put off by this. But the technically savvy spammers, the really major spammers, will be driven further underground and they'll take great steps to cover their tracks.''
Sunner and other industry observers say the largest and most dangerous spammers are taking increasingly technical and stealthy steps to shield themselves from detection.
For months now, the anti-spam and the anti-virus communities have been saying that there has been a great convergence between viruses and spam. Virus writers used to produce malicious code for the thrill of it -- to make a name for themselves in the underground community. Today, they're more apt to be working for major spammers who want to compromise hundreds of thousands of machines, opening backdoors and using them to send out unsolicited bulk email.
Vince Schiavone, president and CEO of the ePrivacy Group, an advisory group that focuses on spam and other security issues, says spammers also are setting up networks of workers around the globe to create another layer between themselves and law enforcement.
''We're talking about spam networks,'' says Schiavone. ''They've got chains of people so instead of 10 million spams being sent from one address, they've got a network of hundreds of people each sending thousands of spams. It's making it harder to find out who's at the top of that chain.
''I wonder how many people in these spam lawsuits are really working for somebody else,'' he adds. ''Now that would be interesting to find out.''
But representatives of the four ISPs filing the lawsuits say they are attacking the major players.
''Today is a red-letter day for big-time spammers, and the letters they should remember from this day forward are 'CAN-SPAM,''' said AOL Executive Vice President and General Counsel Randall Boe, speaking at a press conference in Washington, D.C. Wednesday morning. ''Consumers should take note that the new law not only empowered us to help can the spam, but also to can the spammers as well. And we'll do that, one spam kingpin at a time if necessary.''
And William Hugh Murray, an executive consultant for TruSecure Corp., a risk management company based in Herndon, Va., says having the ISPs throw their weight behind the anti-spam effort is just what's needed.
''My sense is that this problem has reach such scale that it must be dealt with... the Internet, as we know it, is broken,'' says Murray. ''These ISPs are big players with muscle and money. We need them involved in this fight... If we don't do something, we'll have reached the point where the public's trust will be broken and it won't be repaired.''
No one is arguing that spam is out of control.
Several anti-spam companies, including MessageLabs, have recently said that spam is increasing at such an alarming rate that even though it accounted for 24 percent of all email a year ago, it is expected to make up 80 percent of all email being sent around the world by the third-quarter of this year.
And it is affecting how -- or how little -- people are using email.
Spam actually now is driving people away from using their email. A recent report from the Pew Internet & American Life Project, an organization focused on researching the Internet's impact on society, shows that people are actually using email less because they don't want to deal with the digital scourge.
What analysts can't agree on is how to stop it. And some say that the ISPs lawsuit, while a good step, just isn't the silver bullet that many hope it will be.
''I do think legislation is a good thing and it's encouraging to see ISPs going after people,'' says MessageLab's Sunner. ''The fact that this is happening, clearly, is not going to mean that spammers around the globe stop sending spam. They'll just take greater steps to cover their tracks.''