In-Depth

Reducing Unsolicited E-Mail: Making Senders Pay

Microsoft's Penny Black solution may impose fees on those sending unsolicited e-mail, while a service from Vanquish adds economic penalties for such messages.

• By Eugene Kaspersky
• 01/21/2004

In a similar move, Microsoft intends to require those who send e-mail to pay a defined sum. In a nutshell, the new initiative is as follows: "If I don’t know you, but you want to send me mail, you will have to show that you put a certain amount of effort into sending precisely this letter to me, rather than to anyone else."

Payment will be based on CPU cycles. A day is made up of 80,000 seconds, and fixing the "computer cost" of one message at 10 seconds will ensure that any one user will be able to send no more than 8,000 messages a day from his machine. In order to send mass messages, spammers will have to invest a considerable amount of money in hardware.

Penny Black will also make use of memory cycles and the Turing test, which determines whether a message has been created by a machine or by a human.

According to those behind the project, Penny Black will not cause any difficulties for everyday users, but will be a serious obstacle to spammers. Looking at the other side of the coin, spam almost never has a return address, and when it does, the address is falsified. Furthermore, modern trends in the computing underground show that virus writers, hackers, and spammers are starting to unite. Using malicious programs and hack attacks, proxy servers can be established unnoticed on users' computers, then used for spamming. If this trend continues, under the conditions imposed by Penny Black the next virus epidemic will cause an unthinkable number of financial transactions. Once again the question will be raised: is the owner of a hacked computer ever completely innocent?

However, there are many alternative ways of stopping unsolicited e-mail. These methods include both technical and organizational techniques that can raise the efficiency of filtering spam up to 99%.

Traditional methods include a multi-level, multi-lingual filtration of incoming e-mail traffic to mark spam and spam-like messages. On the first level, a message is checked with a unique "intelligent" kernel that can distinguish different types of spam from non-spam business correspondence. This technology is very similar to the heuristic analyzer in anti-virus software, which is able to generically detect previously unknown malicious programs.

The second level employs a "signature" method that compares each message with existing templates contained in the daily database updates. The database contains examples of undesirable messages that make it possible to detect spam even if incoming messages differ from the original templates. The anti-spam database containing signatures is usually updated on a daily basic. However, the most prominent anti-spam vendors even tend to update it every two to three hours.

The third method analyses messages for formal e-mail attributes. These formal characteristics include sender e-mail address and IP address, among others.Finally, anti-spam software employs a fourth method of "black lists", a standard means of filtration according to addresses recognized as notorious sources of spam that are included on continuously updated, public black lists.

Organizational methods are usually integrated on the ISP level and include quarantining of e-mail traffic until a confirmation from the sender is received. There are many other organizational methods. A good example is an anti-spam service provided by US-based Vanquish Inc. This technology provides an economic deterrent to spam, and empowers the recipient to instantly penalize senders of unwanted e-mail, through the embedded penalty button. This approach to stopping spam allows unfettered communication between those you have sent to in the past, those you have requested data from, Web sites you have requested info from, someone replying to your subject matter, or someone you specifically add as an allowed sender.

If the Vanquish-protected user feels that a message is spam, they simply click the penalty button and the sender's account is debited a set amount (about five cents). The penalty money is distributed to the recipient's ISP to help defray the costs of carrying the spam on their network.