Closed TopicStart new topicStart Poll

> AntiSPAM recommendations
hschneider
Posted: Jun 24 2004, 01:37 PM
Quote Post


No - I'm not an answering script ...
Group Icon

Group: Admin
Posts: 6631
Member No.: 195
Joined: 19-June 02



QUOTE

Anti-Spam Technical Alliance Publishes Industry Recommendations to Help Stop Spam

Yahoo!, Microsoft, EarthLink and AOL Propose Key Best Practices and
    Technologies to Tackle the Problem of Unsolicited Commercial E-Mail

    SUNNYVALE, Calif., REDMOND, Wash., ATLANTA, and DULLES, Va., June 22
/PRNewswire/ -- The Anti-Spam Technical Alliance (ASTA), whose participants
include Yahoo! Inc. (Nasdaq: YHOO), Microsoft Corp. (Nasdaq: MSFT), EarthLink
(Nasdaq: ELNK) and America Online Inc. (NYSE: TWX), today unveiled the result
of more than a year of close collaboration by presenting a host of detailed
best practices and technical recommendations for the entire industry in an
effort to fight the scourge of spam.
    The proposal provides recommended actions and policies for Internet
service providers (ISPs) and e-mail service providers (ESPs) as well as large
senders of e-mail including governments, private corporations and online
marketing organizations. These recommendations primarily focus on two key
issues: helping solve the e-mail forgery problem by eliminating domain
spoofing through Internet Protocol (IP)-based and signature-based solutions;
and best practices to help prevent ISPs and their customers from being sources
of spam.
    The complete ASTA proposal can be found at each adopting company's Web
site:

    * http://antispam.yahoo.com
    * http://download.microsoft.com/download/2/3...d409-46ce-b9d6-
      c24908789d8b/ASTA_Statement_of_Intent.pdf (due to length of URL please
      cut and paste into browser) or
      http://www.microsoft.com/spam
    * http://www.earthlink.net/spamblocker
    * http://corp.aol.com/press/press_release062204.html

    ASTA was founded in April 2003 to bring together key industry stakeholders
to drive technical standards and promote collaboration in the development of
industry guidelines to address the spam problem. Current members include
leading technology companies such as America Online, British Telecom, Comcast,
EarthLink, Microsoft and Yahoo!

    Comments
    "With these proposed solutions, ASTA is taking a huge step toward
collective and enforceable technologies in reducing spam and e-mail forgery,"
said Brad Garlinghouse, vice president of Communication Products at Yahoo!
Inc. "We are laying out clear best practices and Good Neighbor policies that
will help change the rules of the game on spammers once and for all."
  "We believe that thanks to continued innovation and the ongoing cooperation
of governments and industry around the world, we are on the right path to turn
the tide against spammers -- but further change is needed on an industrywide
basis to thoroughly contain the problem for consumers and businesses
worldwide," said Ryan Hamlin, general manager of the Anti-Spam Technology &
Strategy Team at Microsoft. "Our aim with this proposal is to help lay out a
clear framework for the industry as we continue to work together to end the
spam business and put our customers back in control of their inboxes once
again."
    "Today's announcement shows the industry's commitment to working together
to develop the best technical standards and practices that all providers can
use to stop spam," said Linda Beck, executive vice president of Operations at
EarthLink. "By collaborating on new ways to better identify the origin of
messages, we can help lift the veil of anonymity on spammers and restore the
integrity of e-mail. We encourage continued testing and public discussion in
order to move toward industry-standard technical solutions."
    "This announcement opens an entirely new chapter in spam fighting on
behalf of all online consumers. Spam is an industrywide challenge that merits
an industrywide solution. Creating a set of best practices puts us on a clear
glide-path to winning a major battle against spammers, scammers and spoofers,"
said Matt Korn, executive vice president, Network & Data Center Operations at
America Online. "This proposal also shifts the spam fight toward identifying
legitimate senders of e-mail to ensure prompt delivery of their e-mail. Now
we're going to focus on testing and evaluating cost-effective technologies
that can identify legitimate senders of e-mail and help restore consumer trust
in their e-mail inboxes."

    About Yahoo!
    Yahoo! Inc. is a leading provider of comprehensive online products and
services to consumers and businesses worldwide. Yahoo! is the No. 1 Internet
brand globally and the most trafficked Internet destination worldwide.
Headquartered in Sunnyvale, Calif., Yahoo!'s global network includes 25 world
properties and is available in 13 languages.

    About Microsoft
    Founded in 1975, Microsoft (Nasdaq: MSFT) is the worldwide leader in
software, services and solutions that help people and businesses realize their
full potential.

    About EarthLink
    "EarthLink revolves around you ™." Celebrating ten years as a leading
national Internet service provider (ISP), Atlanta-based EarthLink has earned
an award-winning reputation for outstanding customer service and its suite of
online products and services. According to the J.D. Power and Associates 2003
Internet Service Provider Residential Customer Satisfaction Study(SM),
EarthLink is ranked highest in customer satisfaction among high-speed ISPs.
Serving more than five million subscribers, EarthLink offers what every user
should expect from their Internet experience: high-quality connectivity,
minimal drop-offs and ISP-generated intrusions, and customizable features.
Whether it's dial-up, high-speed, Web hosting, or wireless Internet service,
EarthLink provides the tools that best let individuals use and enjoy the
Internet on their own terms. Learn more about EarthLink by calling (800)
EARTHLINK or visiting EarthLink's Web site at http://www.earthlink.net/.

    About America Online
    America Online Inc. is a wholly owned subsidiary of Time Warner Inc.
(NYSE: TWX). Based in Dulles, Virginia, America Online is the world's leader
in interactive services, Web brands, Internet technologies and e-commerce
services.

    America Online is a registered trademark of Time Warner, Inc..
    EarthLink and the EarthLink logo are registered trademarks of EarthLink
Inc.
    Microsoft is a registered trademark of Microsoft Corp. in the United
States and/or other countries. Yahoo! and the Yahoo! logo are trademarks
and/or registered trademarks of Yahoo! Inc. The names of actual companies and
products mentioned herein may be the trademarks of their respective owners.

    For more information, press only:
      Mary Osako for Yahoo!, (408) 349-6255, mosako@yahoo-inc.com
      Rapid Response Team, Waggener Edstrom for Microsoft, (503) 443-7070,
      rrt@wagged.com
      Carla Shaw for EarthLink, 404-748-7267, Shawcm@corp.earthlink.net
      Nicholas Graham for America Online, 703-265-1746

    Summary of ASTA Recommendations
    ASTA's proposal focuses on two key issues: helping solve the e-mail
forgery problem by eliminating domain spoofing through IP-based and signature-
based solutions, and best practices to help prevent ISPs and their customers
from being sources of spam. Recognizing that broad adoption of any technology
or best practice is critical to solving the spam epidemic, all members of ASTA
have agreed to the following recommendations:

    Addressing E-mail Address Forgery
    One of the key problems with today's e-mail infrastructure is that
messages do not contain enough reliable information to enable recipients to
decide whether an e-mail message is legitimate and reliably identify the
sender. Spammers take advantage of this fact and commonly disguise the origin
of their messages by forging the sender addresses on their e-mail using
someone else's domain name. This is called "domain spoofing."
    Although the problem of identifying the origin of e-mail is complex, there
are two promising new methods that organizations can implement to lay a
foundation for future advances and promote authentication that verifies that
senders of a message is who they claim to be:

    1. Authenticating senders based on IP addresses.

      Currently, the only trustworthy attribute in an e-mail message header
      is the IP address of the server that is transmitting the e-mail. IP
      addresses can therefore be used by e-mail receivers to verify other
      attributes in the message header, such as the sending domain, and thus
      help reduce the common forms of phishing and forgery that are rampant
      today. This verification loop can be done using the existing Domain
      Name System (DNS) infrastructure combined with fairly simple changes to
      the receiver's e-mail systems.

    2. Authenticating senders based on content signing.

      Another approach to sender authentication uses a technology called
      Content Signing (CS). CS systems use public/private key pairs to
      generate the signatures that are used for sender verification. The
      public keys may be made broadly available through a variety of key
      exchange mechanisms or via publication in a directory or in DNS. The
      private keys are stored securely on the domain's mail servers. When a
      user sends an e-mail message, the mail server uses the stored private
      key to automatically generate a digital signature for the message. When
      the recipient's mail server receives the e-mail message, it retrieves
      the sender's public key and uses it to verify the digital signature in
      the message. This verifies both the sender's identity and the integrity
      of the message body (that the e-mail content was not modified during
      delivery).

      As with IP-based sender authentication, the companies believe that
      content signing technologies are an important component of a long-term
      industry solution.

    Throughout the process of implementing these technologies, ASTA members
will provide feedback that along with other industrywide feedback will enable
subsequent improvements to the specification to be completed, with the goal of
providing for the best long-term, industrywide IP based authentication
solution.
    It is the belief of this group that the ubiquitous deployment of some or
all of these proposals, combined with the most innovative anti-spam filtering
technologies and approaches, continued litigation against the worst offenders,
appropriate legislation and other measures, will serve to reduce the economic
incentives and eliminate the entry points for spammers to continue their
barrage of unwanted communications. ASTA looks forward to the community
response to this proposal and invites participation from all segments of the
community to assess the validity and impact of these proposed solutions and
their accompanying technical specifications.

    Addressing Spam Through Best Practices
    In the proposal, ASTA recommends a number of best practices that
organizations should implement as applicable. Many of these practices have
already been adopted by responsible organizations using e-mail today, but
broader global adoption is necessary, as the combined effect of implementing
these approaches can serve to minimize opportunities for spammers. Those who
do not adopt these proposals risk loss of online user confidence in the safe
and trusted exchange of e-mail for the entire community.
    Specifically, ASTA's proposal outlines the following:

    *  Recommendations for ISPs and mailbox providers and organizations that
      provide Internet connectivity, such as these:

        - Block or Limit the use of Port 25
        - Implement rate limits on outbound e-mail traffic
        - Control automated registration of accounts
        - Close redirectors that can be abused
        - Close all open relays
        - Configure proxies for internal network use only
        - Detect compromised computers (zombies)
        - Educate users to increase use of existing tools
        - Develop effective complaint reporting systems

    *  Recommendations for legitimate bulk e-mail senders, such as these:

        - Do not harvest e-mail addresses through SMTP or other means
          (defined as collecting e-mail addresses, usually by automated
          means) without the owners' affirmative consent.
        - Register your e-mail domain with a creditable safelist provider.
        - Always provide clear instructions to customers about how to
          unsubscribe or opt-out of receiving e-mail. Promptly respond to
          these requests.
        - Do not use or send e-mail that contains invalid or forged headers.
        - Do not use or send e-mail that contains invalid or nonexistent
          domain names in the From or Reply-To headers.
        - Do not employ any technique to hide or obscure any information that
          identifies the true origin or the transmission path of bulk e-mail.
        - Do not use a third party's Internet domain name or allow mail to be
          relayed from or through a third party's equipment without
          permission.
        - Do not send e-mail that contains false or misleading information in
          the subject line or in its content.
        - Monitor SMTP responses from recipients' mail servers. Promptly
          remove all e-mail addresses for which the receiving mail server
          responds with a 55x SMTP error code (e.g., "user doesn't exist").

    *  Recommendations for consumers, such as these:
        - Install firewalls on PCs as appropriate.
        - Use anti-virus software and other screening tools to detect
          incoming viruses, malware, and harmful or suspicious code.
        - Make use of spam filtering technologies and customize settings that
          provide the appropriate level of protection needed.

    Some of these recommendations are already part of laws in various
countries including the Controlling the Assault of Non-Solicited Pornography
and Marketing (CAN-SPAM) Act of 2003 in the United States. However, the
disparity between laws and the absence of anti-spam laws in most countries
means the industry needs to come together and adopt consistent policies and
practices that drive spammers out of business.

    The complete ASTA proposal can be found at each adopting company's Web
site:

      * http://antispam.yahoo.com
      * http://download.microsoft.com/download/2/3...d409-46ce-b9d6-
        c24908789d8b/ASTA_Statement_of_Intent.pdf (due to length of URL please
        cut and paste into browser) or
        http://www.microsoft.com/spam
      * http://www.earthlink.net/spamblocker
      * http://corp.aol.com/press/press_release062204.html


SOURCE Anti-Spam Technical Alliance
Web Site: http://antispam.yahoo.com http://www.microsoft.com/spam
http://www.earthlink.net/spamblocker
http://corp.aol.com/press/press_release062204.html


--------------------
Bye,
Harald


-- Download XMail Queue Manager 1.46 NOW: XMail Server Tools
-- Cross platform remote queue management!
-- Message analyzing on the fly!
-- Builtin diagnostics knowledge base!
-- Manages multiple mail queues!

Sponsored by
CD-Produktion und DVD-Produktion and Homestaging Saarland - Immobilien schneller verkaufen in der Region Saarland, Rheinland-Pfalz und Luxembourg
PMEmail PosterUsers Website
Top
0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:
« Next Oldest | Documentation and Knowledge Base | Next Newest »

Closed TopicStart new topicStart Poll