AOL attempts to stop spam at source

With e-mail spam becoming a hotly debated topic among consumers and the government, America Online is stepping up its anti-spam efforts by testing a new system for e-mail that could greatly decrease the amount of junk mail.

In January, the world’s largest Internet service provider implemented a test of a new e-mail protocol called Sender Permitted From (SPF). The new system allows ISPs to monitor where mail is coming from in an effort to stop junk messages from getting through.

An e-mail protocol is the way in which the mail is sent and received through the computer networks. Like most other ISPs, AOL uses Simple Mail Transfer Protocol (SMTP).

AOL’s test run of the e-mail protocol with its 33-million worldwide subscribers will signal the first widespread use of the system.

The move by the Internet giant was triggered in response to e-mail spoofing. This occurs when someone falsifies the origin of a message so an ISP who is investigating can’t trace who sent the junk e-mail.

One way in which some of these junk mailers send the messages is by hacking into unprotected e-mail servers and sending their spam so the trace will come back to that location. Other methods include changing the “from” entry to something other than their real address.

SPF attempts to cut these users off by allowing an e-mail provider to change their Domain Name System (DNS) database, such as users of yahoo.com, to be able to display their unique IP address. The IP address is simply the individual number that is given to users when they sign onto the Internet.

By displaying the IP address before a message is sent through an e-mail system, ISPs can see if the e-mail was coming from the supposed sender. If the ISP finds that it is not, it could add that IP address to a list of blocked senders and would not deliver the mail.

In other words, the new system would create a form of caller-ID for e-mail that would allow ISPs to scan message sources for offending IP address. This means that spam e-mails would be returned to the sender so they cannot frustrate consumers.

The SMTP e-mail system used by ISPs has been widely criticized by some who feel it provides no means for identifying spam senders. ISPs who try to track the offending spammer are often left without the true identity of the sender.

Aside from sparing Internet users from receiving unwanted e-mail, the system could allow users who have been falsely accused of sending spam to be vindicated of the allegations.

This technology could also help ease the large volume of spam messages that have threatened to bring down the most popular activity on the Internet. It has been estimated that more than 50 percent of e-mails sent throughout the world are spam.

The increase in spam messaging has posed a monetary threat to ISPs in addition to serving as an annoyance for users.

In 2003, AOL reached a partnership with Yahoo!, Microsoft and EarthLink to counter the threat of spam by implementing the new mail protocols. No general agreement has been put into place; however, AOL’s decision could serve as a catalyst for other ISPs that may be interested.

In addition to the SPF protocol, there are at least two other technical specifications that are being considered to replace the current SMTP system. Designated Mailers Protocol and Reverse Mail Exchange function much the same as SPF protocol by allowing ISPs to identify senders of spam.

Although AOL’s solution to spam shows promise, it could also create problems for some users under certain domains of e-mail providers. An example of this would be AOL banning a person’s address simply because they are associated with an offending service provider.

This denial could serve as a blanket coverage ban for other users who have not committed any form of wrongdoing.

A problem such as this could force ISPs to hold off on accepting the standards until this problem could be rectified. This, in turn, would lead to the biggest problem facing companies that want to switch over to sender-identifying methods.

For these methods to function properly they require companies to maintain accurate databases of offending IP address. If companies are not keeping up-to-date lists of these addresses, spammers will be able to send the mail without having to worry about it being sent back.

Although some users, such AOL subscribers, would see a reduced amount of spam on their computers, it would still leave countless others without protection.

In addition, the SPF protocol could not help users who have become the victim of a worm planted by a hacker, which allows that person to send e-mail from the host’s computer without their knowledge.

Regardless of the problems that may arise, this decision by AOL could signal a proactive change in other ISP’s spam policy. There may be a switch to combating spam at its source instead of using filters to weed out the offending messages on the side subscribers.

This could lead to an all out war against spammers, leaving them without any audience to receive their messages.