How Can We End the Spam Problem?

In the short term, it seems certain that spam will continue to get worse. There is a steady upward trend, and nothing to suggest this will change any time soon. However, spam control vendors will continue to provide reasonable protection against the onslaught.

Spam is mainly dependent on botnets for delivery (a botnet is a collection of virus-compromised PCs, under the control of a criminal). In order to keep this up, the botnets are increasing in sophistication and approaches to find machines. Botnets use spam to find hosts, and there is a cycle that has potential to be broken.

ISPs could do more to break the cycle, such as port 25 blocking and instrumenting the sending behavior of their subscribers. Sadly, and despite the best efforts of organizations such as MAAWG, there seems to be a lack of collective willpower to do this.

However, the operating system vendors -- in particular, Microsoft -- and anti-virus vendors also have another point of control. They can harden the majority of deployed systems to a level that they will be able to prevent botnets effectively operating and thus break the botnet/spam circle. For example, botnets would have less opportunity to grow if Microsoft was more aggressive in pushing out and forcing the execution of new versions of its Malicious Software Removal Tool, rather than today's rather leisurely, monthly schedule.

If we can break the botnet cycle at its source, we can slash the spammers' sending capacity.

... Steve Kille and Richi Jennings

Post a comment

You must be logged in to post a comment. To comment, first join our community.