With the explosion of the number of Internet-connected hosts and the unprecidented growth of the number of people using the Internet, clear erosion on the 'Information Super Bike-Path' is becoming apparent. One of the most visible problems for the Internet is the issue of 'spam' -- unsolicited bulk electronic mail which is generally of a commercial nature. It is possible to define patterns with which we can identify spam and thus put into place measures which will reduce the volume (and cost) of running electronic mail services, without undermining legitimate use of such systems.
Spam is problematic for a number of reasons, the most important of which is that the real cost of such traffic is carried by people other than those who benefit from it. In terms of the GCFN problem, by early June, 1997, spam had become such an incredible drain on our staff time that, in order to guarantee project continuation, some controlling measures had to be put into place. Our analysis of many of the numerous spam complaints we've received determined that there are patterns to at least the kinds of spam that users get upset about. Our analysis seems to indicate that certain parts of the published standards for e-mail communication were not being followed in many spam incidents.
Thus, an effective method for controlling spam would be to enforce standards compliance on incoming electronic mail. Using the Berkeley sendmail package (version 8.8), we implemented two standards-compliance checks against the SMTP (e-mail) delivery transactions. The result: a drop in spam volume -- over a quarter million attempts to deliver non-compliant mail were rejected -- with exactly no legitimate messages being blocked over the 3-week examination period following our changes.
Following the initial successes of the sendmail defensive
measures, users experienced a second wave increase in spam volume.
Through the creation of an anti-spam filtering system that
The technical portion of this talk discusses the technology and standards of electronic mail transmission, with a strong focus on effective choke points that can be utilized to reduce unsolicited, unwanted, unwelcome electronic mail. Specifically, we consider run-time and compile-time options to reduce the cost of running an electronic mail service within the context of the sendmail v8.8 software and the procmail 3.11pre7 mail processor.
The policy portion of this talk discusses the current legal status of electronic mail defense mechanisms, consideration of some of the management issues involved in determining the cost that spam is inducing on a system.
This material requires aproximately one-hour. It is written to the interested site administrator or policy maker audience.
Return to the index of talks by William Yang