 |
 |
washingtonpost.com EarthLink to Offer Anti-Spam E-Mail System 'Challenge-Response' Technology Rejects Messages Unless Senders Are Cleared by Recipients By Jonathan Krim Washington Post Staff Writer Wednesday, May 7, 2003; Page E01 http://www.washingtonpost.com/wp-dyn/articles/A22390-2003May6.html?referrer= email A system that backers claim will eliminate e-mail spam is about to be deployed by a major Internet service provider, giving a boost to an emerging technology that if widely adopted would change how people communicate online. Atlanta-based EarthLink Inc., the country's third-largest provider of for-pay e-mail accounts, will roll out test versions of the system for its 5 million subscribers this month. Known as "challenge-response" technology, the system thwarts the ability of spammers to reach their intended audience with millions of automatically generated e-mails. When someone sends an e-mail to a challenge-response user, he or she gets an e-mail back asking to verify that the sender is a live person. Once the sender does that by replicating a word or picture displayed on the screen, the original e-mail is allowed through. The system automatically recognizes future e-mails from the same sender, so the verification needs only to be performed once. Without the verification, the e-mail is not delivered. Some experts see problems with the technology and doubt that consumers will warm to a process that adds another step to e-mail delivery. The technology is available from a handful of small vendors for a fee, but the customer base is small. EarthLink is betting that customers will put up with a little extra effort in order to stem the tide of unsolicited messages pushing diet fads, get-rich schemes and pornography. Like arch rivals America Online Inc., Microsoft Corp. and Yahoo Inc., EarthLink has spent millions of dollars developing software to block spam. But spammers have found ways to defeat them and spam accounts for 40 percent of all e-mail. "The limitations on filters are truly very daunting," said James Anderson, EarthLink's vice president of product development. Even as filters improve, users must constantly adjust them so that they don't block messages they want to receive, he said. The challenge-response system will be optional and free for EarthLink subscribers, Anderson said. It will allow users to automatically clear the e-mail addresses of friends, family members and other associates in their electronic address books, so those people would not receive the challenge e-mail. Executives at EarthLink's three top competitors, who recently formed a coalition to combat spam, said they are evaluating challenge-response technology. Yahoo and Microsoft's MSN and Hotmail networks already employ challenge-response when someone seeks to open an e-mail account. Yahoo also recently started using a variation of the system when an account holder is sending high volumes of mail, to crack down on spammers using Yahoo accounts. America Online spokesman Nicholas J. Graham said that for now, AOL is concerned about putting too many burdens on users and that the technology is "not a one-size-fits-all panacea." In addition to requiring senders to verify themselves, users would have to use special e-mail addresses when registering to purchase goods online, because vendors often send sales confirmation notices by computer. The special addresses are designed to route such messages to a user's regular in-box. The new system could slow delivery of some e-mail. For instance, a sender might walk away from his or her computer after sending an initial message, not noticing until hours later that a challenge had come back. Phil Goldman, chief executive of Mailblocks Inc., a Silicon Valley start-up that provides a challenge-response service, said people will quickly get over those hurdles. "It's about social habits," said Goldman, a former Microsoft executive whose service launched a month ago. "When the rotary telephone first came out, people said, 'You mean I have to dial seven numbers?' " Goldman said developers of the Mailblocks system own patents on the challenge-response technology. His company already is seeking to enforce its two patents against another small provider of the technology, Spam Arrest LLC of Seattle. Brian Cartmell, manager at Spam Arrest, said his company is vigorously contesting the Mailblocks claim. He said Spam Arrest, which has been operating since April 2002, has "many thousands" of customers but he declined to be more specific. Anderson said Goldman's patent claims are "not relevant" to the product EarthLink developed inside the company. Goldman acknowledged that the system is in its infancy and needs ongoing refinement. It is probably not best suited for businesses that sell directly to customers, he said, because consumers might resent having to send verification when they want to make a purchase. Others see deeper problems. "Challenge-response will indeed block the vast majority of spam," said John R. Levine, a computer consultant and co-author of "The Internet for Dummies." But he said a lot of people will never respond to a challenge, or will think the challenge e-mail itself is spam. Levine said that already, spammers are disguising e-mails as challenges to get people to open the messages. And he worries that if large numbers of people begin to use the system, user address books will be a target of hackers seeking to obtain lists of approved addresses. Some viruses launch attacks using computer address books, and if that happened, confidence in the challenge-response system would erode, Levine said. "The consequences of spammers' response to challenge-response will be really ugly," Levine said. Boosters of the system remain confident that challenge-response can effectively combat spammers' attempts to sabotage the process. "This is as close as there is to the silver bullet" against spam, Anderson said. ************************************************************************************ Distributed through Cyber-Society-Live [CSL]: CSL is a moderated discussion list made up of people who are interested in the interdisciplinary academic study of Cyber Society in all its manifestations.To join the list please visit: http://www.jiscmail.ac.uk/lists/cyber-society-live.html *************************************************************************************