MIT Spam Conference looks beyond filters

CAMBRIDGE, MASS. - Leading researchers into spam e-mail, along with some of its victims, gathered on the campus of the Massachusetts Institute of Technology (MIT) Friday for the second annual MIT Spam Conference.

While last year's event provided a forum for those championing the use of spam filters to stop unwanted e-mail solicitations, the 2004 Spam Conference was notable for discussions of a whole spectrum of spam-fighting tools, from the use of authentication to verify e-mail senders, to lawsuits that target individual spammers.

Bayesian filters, which identify spam by assigning statistical probabilities to message content, were again a focus of discussion at the conference. The filters have made it much harder for spammers to get messages through to users, but they have not stemmed the tide of spam, according to interviews with conference attendees.

Despite the wide use of spam filters, 70 percent of the e-mail messages received by Microsoft Corp.'s Hotmail Web-based e-mail service are spam messages, according to Geoff Hulten, a spam researcher for Microsoft.

"The Bayesian solution is useful, but it just sweeps the spam problem under the rug. The spam is still there clogging up your system," said Keith Ivey of Smokescreen Consulting in Washington, D.C.

Researchers discussed ways to improve the performance and accuracy of Bayesian filters, such as deploying them on servers rather than on e-mail clients.

However, just as much discussion was given to other techniques that could be used in conjunction with filters, or in place of them.

Speaking on the topic of suing spammers, John Praed of the Internet Law Group said that spam filter writers needed to work in conjunction with law enforcement to help build cases and bring legal action against spammers.

E-mail providers and law enforcement must also be more savvy about using existing laws to stop activities that support spammers, such as e-mail harvesting from Web pages, said Matthew Prince, cofounder of UnSpam LLC.

E-mail providers can include language on Web pages that makes address harvesting and other activities illegal. Such technologically simple steps would help cast spammer activities like address harvesting in terms that courts understand, such as "breach of contract," he said.

Providers could even use provisions of the Digital Millennium Copyright Act (DMCA) to go after spammers by declaring e-mail addresses trade secrets, Prince suggested, drawing groans from many in the audience.

More than one speaker touched on the need to better secure e-mail exchanges, making it harder for spammers to use faked (or "spoofed") e-mail addresses to circumvent antispam technology.

Representatives from Yahoo Inc. were also in attendance to talk about that company's support for user authentication to fight spam.

"If you know with certainty who the sender is, you know for certain whether the message is spam," said Laura Yecies, senior director of mail products at Yahoo.

Yahoo is championing the use of so-called "domain keys," which use public key encryption technology at the domain level to verify the sender of e-mail messages.