Online Portals Won’t Defeat Spam

When America Online, Microsoft Corp. and Yahoo! on Monday announced they would join hands to fight spam, many people took notice but security experts say the “Big Three” online portals lack the will or the knowhow to solve the growing spam crisis.

“The three companies getting together to fight spam is just a press release and marketing. The proof is in what happens next,” said Bruce Schneier, chief technical officer for Counterpane Internet Security, a managed security monitoring company that has a detection response service that effectively is an alarm system for corporate networks.

“In the end, spam is an arms race. It’s like viruses … someone can always get around existing measures. While new measures can trap existing spam messages, there will always be a new spam idea that will get around the latest solution,” Schneier said.

The anti-spam initiative from the nation’s leading online portals is timed to take advantage of the spotlight cast by a high-profile, week-long forum on spam hosted by the Federal Trade Commission (FTC) in Washington. On the eve of that forum, the FTC Wednesday released its study that showed 66 percent of unsolicited commercial e-mail contained false information either in the form of “From” lines, “Subject” lines, or the message text themselves.

But while AOL, MSN and Yahoo! certainly have vested interests in eliminating spam, they may also have economic interests in turning the other cheek. America Online has well over 30 million e-mail accounts and, sources say, both MSN’s Hotmail and Yahoo! Mail each have over 100 million e-mail accounts. In essence, e-mail management is a lost leader for the online portals. Adding anti-spam software to those 230 million or more e-mail accounts would result in skyrocketing costs.

Indeed, McAfee Security, a division of Network Associates and one of the biggest providers of anti-spam software, said it is in talks with a number of the leading e-mail services including America Online about providing anti-spam software, similar to its deal with Microsoft’s MSN unit to provide anti-virus software protection to its Hotmail users.

“It’s going to take more than just us to wipe out spam altogether,” said Ryan McGee, director of product marketing for McAfee, who projects that “over fifty percent of all spam will be wiped out within five years.”

“It makes sense for us to consider providing anti-spam software with the online leaders but we have yet to close any deals on the spam front. Executives are talking but there is nothing real advanced to announce,” McGee said.

If any deal is consummated though, it is likely that ISPs and portals will pass those additional costs along to their customers — much like how the Baby Bells charge for value-added services like unlisted numbers, caller ID and anti-telemarketing blocklists.

McAfee Security can offer anti-spam protection as an “added service that would cost between one and five dollars a month,” McGee said.

McGee called the problem of spam an “urgent business need” and that a series of deals would be announced with both consumer and business services during the second half of the year. “None of the deals are public, but we are talking to the big players, as well as the mom and pop ISPs,” he said.

McAfee’s SpamKiller is a content filtering mechanism that works on the email server. Like most filtering agents, it has a “catch rates” of between 90 to 95 percent but it can also be spoofed.

“Technical solutions are never going to be perfect,” said Shinya Akamine, CEO of Postini, a Redwood City, Calif.-based company that serves more than 1,200 customers primarily in the financial services, legal and management consulting sectors. Postini monitors three and half million e-mail accounts and claims to process over a billion messages every ten days. The company said that between 60 to 70 percent of the messages it monitors are spam, and claims its “catch rate” is between 95 and 99 percent.

“Everybody is recognizing the magnitude of the spam problem and is sprinting to come up with a solution. The reason the industry has failed to date is because the focus has been on content filtering,” Akamine said.

“The bulk of the attacks have nothing to do with content,” Akamine said.

How do spammers operate and what is being done to stop them?To find out, see Page 2.