RealTime IT News

Gates on Spam

Microsoft Chairman Bill Gates offered a "fireside chat" to beleaguered e-mail users Monday, bucking them up and promising them eventual relief. Redmond is on it, okay, guys?

In an "executive e-mail" sent to subscribers, Gates claimed significant advances against spam, with billions of junk e-mails blocked each day. Microsoft regularly sends such position statements and think pieces, bylined by its top executives.

Gates said the improvement so far came in part from SmartScreen, the spam-filtering technology used in MSN 8, MSN Premium, MSN Hotmail and Outlook 2003. For example, since SmartScreen went live on Hotmail six months ago, it's successfully blocked more than 95 percent of all incoming spam. Microsoft recently began making the tool available free to users of Exchange Server 2003, as well.

However, spammers have cranked up their output in response, Gates wrote, so that networks are more burdened than ever, even if the spam doesn't get through to in boxes. Fighting back, Microsoft is working on a number of new technologies and strategies.

Gates, who is also chief software architect for the software company, pointed to the Anti-Spam Technical Alliance as a recent success. The coalition of ISPs, which includes AOL, Yahoo!, EarthLink, Comcast and British Telecom, as well as Microsoft, endorsed a set of anti-spam best practices for e-mail service providers and large senders. They also agreed to cooperate on testing of proposals to combat "domain spoofing," the use of false "From:" addresses to make a message appear to be from a legitimate sender. Domain spoofing is involved in half of all of today's spam.

Gates emphasized that ISPs need to authenticate senders, and touted Microsoft's own Sender ID standard. In February, Microsoft began a pilot test of the technology among Hotmail users.

The Sender ID standard calls for publishing the IP addresses of outbound e-mail servers in the Internet directory, or Domain Name System, that control all e-mail delivery and embed each sender's IP address into an "envelope." This envelope would contain hidden routing information, allowing the recipients' e-mail systems will then be able to check a message's authenticity.

Gates wrote that his company is working on ways for unfamiliar senders to "qualify" their e-mail, for example by being required to use the sending PC to perform a computation before sending. While the time spent wouldn't bother normal users, it could create huge overhead for bulk e-mailers and spammers.

Another tactic would allow servers receiving suspect e-mail to reply to the sender with a challenge such as a puzzle or the familiar twisty letters to be typed into a form.

In May, the company pilot tested Bonded Sender, an accreditation program developed by IronPort Systems and overseen by TRUSTe, a nonprofit privacy organization, on Hotmail. In order to be bonded, senders have to meet standards good e-mail practices -- and also post a bond with IronPort. The bond is forfeited if a sender fails to adhere to the standards.

Such schemes have been criticized as opening the door to ISPs charging a fee for e-mail delivery -- or even Microsoft itself. "We firmly believe that monetary charges would be inappropriate and contrary to the fundamental purpose of the Internet as an extremely efficient and inexpensive medium for communications," Gates wrote.

Gates promised new features for SmartScreen over the next 12 months, and that the company would provide the technology with auto update capabilities similar to those it's used to plug holes in Windows XP.

In the works, Gates wrote, is Microsoft Exchange Edge Services, a new technology to insulate networks from incoming spam and hacker attacks that will incorporate the company's latest filtering and security technologies, while providing a platform for third-party anti-spam solutions. He did not provide information on when Exchange Edge Services might ship.

According to the e-mail, Microsoft has worked with international government agencies to bring more than 90 enforcement actions in 14 countries; in March, Microsoft and other ISPs began filing lawsuits under the CAN-SPAM Act. The company also filed 17 lawsuits in June alone.

Gates wrote, "Spamming has become a more difficult and less rewarding business." But someone must still be making money -- he added that there are now four junk e-mails for each legitimate one sent.