We could give ourselves a target of say two years to bring spam under satisfactory control, Robert Horton, the acting head of the Australian Communications Authority and the ITU meeting’s host, told delegates.
This is the target suggested by Mr Bill Gates in terms of the technical capabilities that are required and I think that as regulators we could align ourselves with that target, Horton said. I believe the world cannot wait longer than that.
The ITU meeting, which concludes this morning, was ostensibly designed to bring telecommunications regulators from member nations together with experts on spam, to bash out ideas for international cooperation on the problem.
Gates first touted the two-year deadline in January at a meeting of the World Economic Forum. He had identified two ideas – computational challenge technology and micropayment-based economic disincentives, as solutions.
But delegates to the ITU meeting this week pushed other ideas. Enrique Salem, who was CEO of Brightmail Inc until its recent acquisition by Symantec Corp, said ISPs throttling the spam passed through their networks is making a meaningful dent in spam.
We are making progress, the reason I believe that is that spammers are having to send more and more spam to try and still get a return, Salem said. He pointed out that there’s an event horizon after which this will no longer be feasible.
I will tell you that the economics are about to shift, Salem told the ITU meeting. We can sense it because we see specific data points that at some point they cannot continue to send more and more spam.
Delegates pointed out that the majority of spam nowadays is sent via compromised residential PCs on broadband connections. A representative of DoCoMo said that the company has been deactivating phones belonging to the mobile spammers.
Richard Cox, CTO of the SpamHaus Project, said that ISPs and carriers need to be better at responding to abuse complaints, and they need to be supported by laws that allow them to disconnect nodes they find to be compromised.
Cox also said it is too easy for spammers to hide their identities online, and called for domain name registrars to be stricter on accuracy when they gather contact information from their customers.
Registrars are accepting the most blatant of false information from people registering domains, and we have great difficulty persuading them to do otherwise, Cox said. We’ve got to make some fundamental changes to how registrars do business.
Speaking to ComputerWire yesterday, Scott Chasin, CTO of MX Logic Inc, said that two years was also discussed as a tentative deadline for net-wide deployment of the Sender ID email sender authentication spec at a recent meeting of technologists.
The two-year timeline is running deep in a lot of circles, Chasin said. He said he sees rollout of Sender ID evolving gradually, though there was some discussion about big ISPs enforcing Sender ID support to anybody wanting to send to their users.
Most people involved in the spam debate agree on another Gateism, that there’s no silver bullet or magic bullet to the spam problem. Spammers have shown themselves adept at circumventing many types of countermeasure.
Has anyone got that final ultimate solution to problem of spam? Cox asked the ITU meeting’s delegates. There is no such solution, if there was, spam would change to get around it.
Even if we can address spam problem in two years time, there will be some other misuse of the internet coming along, David Brunswick, of Tumbleweed Communications Inc and the Anti-Phishing Working Group, told the meeting.
