AOL finds spam's silver lining

Have you received the spam about the free Hummer?

No? Maybe it's not out there -- so I'll be the first to predict it: There will shortly be a spam e-mail that offers a chance at a "Free Hummer from America Online if you just click here."

My advice?

Don't. Just go to the America Online Website.

America Online will soon award $20,000 in gold bars, a 2003 Hummer H2 (with just 18,500 miles!), and $65,000 in cash, all seized from a major spammer in a settlement reached last year. America Online is holding a sweepstakes, running from Aug. 10 to Aug. 19, for the spammer's ill-gotten gains. So the sweepstakes is real, just be careful if you receive an e-mail about it. 

Although I have yet to see any data suggesting spam in general is in decline, America Online and Microsoft have scored a few hits on spammers. Both companies say they have seen a decline in spam on their systems as a result of their efforts, but research from IronPort Systems indicates that about 72 percent of e-mail is now spam, up from 68 percent a year earlier.

Microsoft has a nice chunk of change to show for its trouble, too: Under terms of a legal settlement, "spam king" Scott Richter and his company OptinRealBig.com must fork over $7 million to the software company.

After setting aside some money for its legal bills, Microsoft will spend $5 million of that cache on anti-spam efforts and donate $1 million to a program that provides computer gear to community centers. The aforementioned $5 million will go to increase Internet enforcement efforts and expand technical and investigative support for law enforcement investigations into spam and computer-related crimes.

As part of the settlement, Richter and his company have agreed to comply with federal and state laws -- including the CAN-SPAM law -- and have agreed not to send spam to anyone who has not confirmed a willingness to receive it.

Richter was fingered when Microsoft set up several "spam traps" in May and June 2003, which, according to the New York State Attorney General, captured 8,000 messages containing 40,000 fraudulent statements. In other words, all those "enlargement" pills, "better than Viagra" medications, and "guaranteed" investment schemes don't work. Surprise, surprise.

In an odd note, despite all this evidence, Richter and his company did not admit to any wrongdoing. Apparently $7 million is the going price for "innocence" these days. 

It is satisfying to see one spammer -- well, technically an "alleged" spammer -- take a fall (or at least lose a bite out of his wallet), but I wouldn't be a good journalist if I didn't present another side to the security story.

Enterprises face some real difficulties attempting to implement secure authentication, as a survey from authentication vendor TriCipher recently detailed. IT executives responding to the survey said some of the major challenges include authenticating remote users, a rise in phishing attacks on employees, and users writing down passwords in plain sight.

Perhaps most important, 56 percent of executives responding to the survey stated that their existing authentication system was too hard to use, manage, or integrate with other systems. The major barriers to implementing a new, easier-to-use-and-manage system include user-adoption barriers, cost concerns, and difficulty managing and integrating multiple solutions, according to the survey.

To read more, check out the "Strong Authentication Challenges and Trends Survey."

One more note: This will be my last column for InfoWorld. Because of some changes here, I'll be moving on. I've enjoyed doing the column and enjoyed the many comments I've received from readers. You pay close attention to what I've written, I'll say that. Thanks, and don't tell my boss this, but it's been fun.