Software

Is spam a dilemma, phenomenon, or both?

I do not know anyone that likes spam. Yet, nine out of every ten emails are spam-related. If it's not cost-effective, wouldn't spammers stop?

I do not know anyone that likes spam. Yet, nine out of every ten emails are spam-related. If it's not cost-effective, wouldn't spammers stop?

---------------------------------------------------------------------------

The fact that spam exists eludes me. First, how can you trust unsolicited email advertising questionable products (you know the kind)? Next, despite our disdain, spam must work. Otherwise, advertisers wouldn't be using it. In trying to figure this out, I came across the Messaging Anti-Abuse Working Group (MAAWG).

MAAWG is a consortium of Internet Service Providers (ISP), Email Service Providers (ESP), anti-spam technology vendors, and companies interested in fighting email abuse. Here's their mission statement:

"The purpose of MAAWG is to bring the messaging industry together to work collaboratively and to successfully address the various forms of messaging abuse, such as spam, viruses, denial-of-service attacks, and other messaging exploitations.

To accomplish this, MAAWG develops initiatives in the three areas necessary to resolve the messaging abuse problem: Industry collaboration, technology, and public policy."

Last year, MAAWG published a report about email abuse. The paper is packed full of useful information. The 2010 Email Security Awareness and Usage Report is this year's equivalent. It's impressive, providing what I would consider an in-depth look at how users view spam. Check out what MAAWG is trying to accomplish with this survey:

  • Measure the levels of email users' awareness of spam issues.
  • Understand how email users distinguish legitimate email from spam.
  • Measure the level of awareness of messaging threats and perceived vulnerability.
  • Track changes in response patterns among U.S. respondents.
  • Provide a benchmark for future research.
  • Promote research results as basis for outreach and communication campaigns.

That's quite a list. Now, let's see what the participants had to say.

Who are the participants?

The survey is specific about participant requirements. MAAWG was looking for people that consider computers and the Internet a tool, not their profession. The following is how MAAWG classified the participants:

"Those surveyed were general consumers who indicated they did not have an IT professional managing their email address and were therefore generally responsible for their email experience. Since we were interested in consumers' habits, we did not differentiate between ISPs and ESPs, but used these terms to refer to the service where consumers obtain their email."

The interviews were held early January of 2010 and involved six countries. The following graph depicts participant distribution by country:

Amount of experience

One of the first questions requires participants to judge their level of experience: How would you describe yourself when it comes to your experience with security on the Internet; including firewalls, spam, junk mail, and computer viruses? Here is what the participants decided:

  • 44 percent classified themselves as somewhat experienced.
  • 36 percent considered themselves having little or no experience.
  • 20 percent felt they were very experienced.
Importance of sender?

I thought this question was telling: In general, how important do you consider each of the following types of personal email sent you? A spammer or phisher would love to know which email addresses are important. It gives them a distinct advantage, since they can spoof the sent by address. That said, email from family and friends topped the list as being extremely important, with financial email a close second. The following chart gives the run down:

What is spam?

Next, MAAWG asked: How do you personally define spam? The respondents were asked to pick all that apply. Topping the list at 69 percent was non-requested email. The following chart shows the break down by type of email and participating country:

Spam indicators

Appropriately, the survey asked: When going through your email and deciding what email is spam and what is legitimate, what indicators do you rely on to help you decide? The sender's name or address garnered over 70 percent. Subject line came in second with 67 percent.The chart below lists all the indicators and how the participants ranked them:

By correlating the above results with other survey information, MAAWG was able to come up with the following statistics:

  • Women are more likely to check the sender's name or address (76 percent to 71 percent).
  • Men base their decision on the email's contents or spelling (56 percent to 49 percent).
  • Email users that are 55 or older are more likely to use all of the indicators.

The indicators seem intuitive. Yet, I never think to check the "time of day/night sent". I should, that's a great way to help verify the sender.

When is spam email opened?

The results of the next two questions are where I start to see a crack in the spam-fighting armor. MAAWG first asks: When you receive email that you think is spam, what do you usually do? Here are the results:

Over 60 percent say, "Do not open it." That's as I would expect. Do you agree? The next question is: Have you ever done any of the following? The first chart breaks the answers into age groups:

The next chart correlates participant's answer with their level of experience:

Almost half of the participants opened emails they suspected were spam. Does that surprise you? It did me, for the following two reasons:

  • First, the 18 to 34 age group was determined to be the more experienced, yet a large percentage of them opened suspect email.
  • Second, if you refer back to the question: When you receive email that you think is spam, what do you usually do? The chart points out 60 percent of all respondents do not open spam emails.

Does that mean users, even experienced ones are tempted to check out email they know is spam at least some of the time?

Survey conclusions

If spam is a concern, take the survey and see how your answers compare. Then see if you agree with one of the conclusions made in the report:

"Among various types of organizations, Internet/email service providers and anti-virus software companies are those most widely perceived as responsible for stopping the spread of viruses, fraudulent email and spam.

Less than half of users think that stopping the spread of viruses and spam is their own responsibility, but they tend to rate themselves better at doing it than all organizations, except for anti-virus software companies which get the highest marks."

There is certainly some food for thought in that statement.

Is there a disconnect? Let's look at the conclusion in more detail. The survey participants feel that:
  • ISPs, ESPs, and antivirus providers; not users, are responsible for stopping spam.
  • Users are more capable of detecting and stopping spam than all organizations except antivirus providers.

I will let that sink in. In many ways this survey mirrors what I found when writing "Are users right in rejecting security advice" and "Is there hope for antivirus programs."

Final thoughts

I am starting to think the problem is more than a technical issue. Could it be another case of how "we're wired" is being used against us. What do you think?

I want to thank Linda Marcus of Astra Communications and MAAWG for publishing the 2010 Email Security Awareness and Usage Report, along with allowing me to repost the above MAAWG charts.

About

Information is my field...Writing is my passion...Coupling the two is my mission.

64 comments
Ocie3
Ocie3

those who send it are not paying for the cost of the bandwidth. Ultimately, [b]we[/b] are paying for the bandwidth, and all of the other costs, when we pay the bills that our ISP sends us. Essentially, the spammers are thieves, and victimize everyone with their deceit, not just the people who choose to respond to a spam e-mail message. It costs the spammers very little to acquire the means to send spam, and very little to create it. Their revenues are large relative to the costs.

sboverie
sboverie

My ISP has a good spam filter, but it is not perfect. I still have to go through the "known" spam box because sometimes legitimate emails get marked as spam. I have a business website with email address that is redirected to another email address; sometimes I get spam from that business address. It is because I have a business website that I sometimes have to open messages that is probably spam but might be a business inquiry. I do check the sender's name and domain before opening. I look to see if there is an attachment and also spelling before opening. If there is an attachment and I do not trust the sender I will mark the email as spam. If I get an email from my alter ego (my business site) I can delete it without reading. In the past I tried unsubscribing from spam, half the time the links to unsubscribe did not work and generally it did not make a difference at all. It made a big difference when my ISP offered a spam service. Spam still gets through and legitimate email still gets tagged as spam; but I am not overwhelmed with dozens of spam messages in my inbox. I've received notice of lost or rejected emails that I did not send; I check the time and date stamp to see if I was online at time of receipt to see if my computer is really the source of those messages. Most of the time it looks like my address was spoofed. Controlling spam seems to be everyone's responsibility. The ISPs can make a big difference but users need to be informed and aware of problems.

dford
dford

I hover over the 'Sign In Here' link and have a look at the link address. If it looks like a genuine web site I will go to the site and send a message to the web master, including the link, to enable him to quickly remove the problem. I have a few web sites and I would hope that someone would do the same for me if I were unlucky enough to be hacked

jkameleon
jkameleon

It's money involved, and money is always more than a technical issue. And yes, it is another case of how "we're wired" being used against us. It always comes to this once technical part of security is done.

LocoLobo
LocoLobo

I usually base my decisions on the Sender's name and subject line. Sender's name can be spoofed but they don't get it right. For instance, here at work if I get an email from jblow@mynetwork.com rather than from Joe Blow I know it is spoofed. But not all the users on my network can tell the difference. Most of them even though they have seen emails from LocoLobo will still open the email from llobo@mynetwork.com. This has to be worse on their home PC. That said, let me make an admission here. Every once in a while I open email I am pretty darn sure is SPAM. Even though every time I have it was spam. Why? Curiosity. 99+% of the time just the suspicion it is spam causes me to delete it without further ado. But sometimes there is something in the subject that just hits my sense of curiosity. I think spam will always be a problem because I suspect that 50% or more is "legitimate". What I mean is I think a significant amount of the spam is actually paid advertising by business. Many would probably not classify their emails as spam. They feel that if you went to their website you expressed an "interest". Many may just pay someone to do a "blanket" emailing hoping to get some hits not caring how many uninterested people they hit. Even at the same time cursing the spam they receive.

kevintr
kevintr

Some legitimate customers, neighbors and friends have unusual email addresses, use bad spelling or grammar and either leave the subject blank or use spam-like words in the subject. The only way to tell if these are spam is to open the message. If I am not sure whether or not a message is spam, I will isolate my computer from the network and open the spam. Some software firewalls allow you to temporarily 'disconnect' from the network. I currently use Windows 7's Network Connections to temporarily disconnect. I am sure that I am not alone in handling suspicious email this way. This could skew the survey results.

fmuise
fmuise

Spammers could be reading this right now...

CharlieSpencer
CharlieSpencer

is the 24% who said they 'Use the Unsubscribe link'. We (the IT community) are not doing a good job of educating people regarding this phishing tool. "I am starting to think the problem is more than a technical issue. Could it be another case of how 'we're wired' is being used against us." Michael, I can't believe you are just now starting to consider this possibility. Spammers have been using social engineering for years. Scammers have been doing it for millennia. In most cases it's just a new way of appealing to those who believe they can get something for nothing. E-mail just allows them to reach more suckers more quickly than 'traditional' methods. Now, forward this to six of your friends. Bill Gates is tracking it and will send you $250!

Manitobamike
Manitobamike

As PT Barnum said "there is one born every minute". He was referring to suckers and if emailing spam costs almost nothing and you can get a 1 in 1 million response to sell garbage to some sucker spam will live on. What I don't understand is why we have not gone to an email system that validates the return address against the IP address of the sender. If you check back on Johndoe@mycompany.com and it is a valid email address and comes from IP 1.1.1.1 and mail.mycompany.com is mapped to 1.1.1.1 then consider it valid otherwise toss it. - Would it cause extra traffic, I think not because it would eliminate a huge portion of the spam. - Would spammers just start sending from legitimate systems. Probably yes but that can easily be blocked. Someone help me out here, what am I missing from the revamp email system solution? (And don't say it takes too long to change, we have been dealing with spam for years).

CG IT
CG IT

you get junk mail with snail mail, you get junk mail in Email. Like catalogs and mail order you get in snail mail there will always be a market for that as there will always be people who want to buy stuff from those catalogs and mail orders. But what started out as advertising junk, turned into an attack vector for criminals. Since email is global, a criminal in "Russia" or "China" can conceivably steal information from someone living in Hawaii. Before email and computers, criminals basically had to visit the residence and break in. Now they can do it from anywhere in the world. That's where spam as an attack vector becomes a serious problem. Especially when the spammers can spook addresses and as the report shows, the majority of people look at the sender. I do find it interesting that consumers believe it's an ISP/ESP responsibility for taking care of malicious emails. I think that came about because email providers like AOL/Hotmail/Yahoo mail & GMail all advertised that they have spam guards as a marketing inducement for users to use their service, thus the user now believes it's the providers responsibility. To me, that's like the snail mail postal service throwing away junk mail for you so that doesn't get to your snail mail mail box. The postal service isnt' ever going to do that. Is there a solution? Probably the only solution is regulatory. Regulatory email in that one simply can't install an email server and begin to send out malicious email. Cloud Computing might be an answer in that the entire world wide web service is provided by 2 or 3 companies. Ma Bell is an example where the telephone systems are regulated and the ability of telemarketers are highly regulated almost to the point of unprofitability. Until there is some regulattions on domain names, where you can't spoof/spook email addresses, spam as an attack vector for criminals will continue to be a serious problem for the individual. That is unless everyone goes back to the old days of visiting the bank and using paper statements. If consumers removed financial information from their computers or put them on computers not connected to the internet, thus removing the inducement to steal, malicous email and other attack vectors will continue to be a serious threat.

Michael Kassner
Michael Kassner

Are using spam email as a malware vehicle. That is why it's getting to be more than an annoyance.

Neon Samurai
Neon Samurai

By disabling networking when you open suspected spam, your really just making the malware wait until you reconnect. The infestation and activation can still happen on your local system and wait quietly for the next step's trigger. You could look into alternative email clients though. Something may get past my mail and malware scanners but it's not going to exploit a vulnerability in Outlook when I'm not using Outlook in the first place. There are some clients that pretty much disable attack vectors simply by being to minimal to include them if not due to not being an targeted application.

lars_honeytoast
lars_honeytoast

You can view the email first without downloading it to your computer. There are also other features prized by Mailwasher users. So don't fear spam anymore.

CharlieSpencer
CharlieSpencer

don't have much of a choice. Open it and risk the malware, or delete it and potentially lose a sale. Sometimes it isn't easy to sort the wheat from the chaff.

CG IT
CG IT

they mark the products up then say their having a sale with mark downs which the final price ends up being their everyday price, and people end up buying the on sale products without ever really doing price comparisons.

Michael Kassner
Michael Kassner

But, steady. I was hoping that just this once it might be different. MAAWG picked excellent questions, with the unsubscribe element giving surprising results as you pointed out.

Craig_B
Craig_B

I believe we need to modify the SMTP protocol or create a new version. Again, the internet founders did not think about security and it's just too easy to send email and make it look like it's coming from a reliable source. Your validation idea is a good start. The issue is to get everyone to use it or any other new methods. Just because someone opens a suspected spam does not mean they do anything with it. Some may simply delete it after that have verified it's junk, though some may actually click on the links, argh.

Michael Kassner
Michael Kassner

I will have to mull your concept over a bit. Sounds interesting.

fatman65535
fatman65535

I have to agree with those who feel that some changes to SMTP will be needed to slow down spam. I feel that open email relays are part of the problem. Email should not enter the internet, except through the ISP's portal. Meaning, if I send email using a Gmail address, it should not be sent through anyone else's email servers. Email bearing a Gmail address should enter the internet from a Gmail server, which should be able to verify where the email came from. I think it is incumbent on all of us to transition to encrypted email, and possibly, some kind of certificate to reduce email address spoofing. This, however, will take some time, and there are those who will complain about the added complexity. What can I say, you can't please them all.

Neon Samurai
Neon Samurai

It's not all advertising in physical mail. There is a noticeable dose of fraud and barely legal attacks long before electronic mail became popular. Consider the "you may already be a winner" envelopes that require a small fee be returned to the sender then usually two or three more before you feel the real bait and switch or bait and run ending.

jcarvalho
jcarvalho

National Postal Services (USPS, etc.) should run e-mail marketing. The problem is that you can send out a million e-mails at no or low cost. If the return is 1 person per 10,000 e-mails that's still 100 customers/suckers per mailing. If commercial e-mail needed some kind of e-stamp to be automatically pass through e-mail filters, then legitimate vendors would use that. If spam costs you something and you have to register with a legitimate authority to use it it limits the number of scoundrels that get through. If sending a million e-mails cost you $100 then it at least cost them something and they had to present some kind of credentials to a supervising authority. Maybe all e-mails should go through Postal systems and we should all pay a few fractions of a cent to keep the e-mail universe sane.

CharlieSpencer
CharlieSpencer

That doesn't matter. I have co-workers who have never banked on line or provided their bank with an e-mail address, but they'll open e-mails claiming to be from their banks. Some will open e-mail from 'banks' they don't have accounts with. A few will open e-mails from 'financial institutions' when they don't even have ANY bank accounts of any kind! There are still people who don't understand the Internet is pretty much unregulated, who believe everything they read on it is true. By extension, e-mail comes over the 'net, so it must all be true too.

Michael Kassner
Michael Kassner

I was trying to figure out where users got the impression that ISP/ESPs were responsible. You solved my mystery, thanks.

Manitobamike
Manitobamike

-Snail mail junk is different in that there is a cost to the sender which makes it less profitable than nearly free email. - Phone system is "regulated" and they do have rules but just try and get any phone company to enforce the rules. Typical answer is "call originated outside our system". We will solve the spam problem before the phone companies ever get serious with rules.

seanferd
seanferd

I do that when I'm really curious about spam.

john3347
john3347

"So don't fear spam anymore." This suggestion is not even valid because my fear of Google's abuse of my privacy is much greater than my fear of abuse by the majority of spammers. When Google sells my browsing history (whether personally identifiable information or not), this just generates more spam.

CharlieSpencer
CharlieSpencer

We could debate whether Google is a bigger threat to my privacy, albeit a passive or inadvertent one, than the spammers.

CharlieSpencer
CharlieSpencer

You can mark something down 15% and it will sit in the aisles. Tell people they're not going to be charged a 7% state sales tax and they'll stampede the doors.

F1980
F1980

By unsubscribing to an email received from an "unknown sender", you are inadvertently confirming that your email address is live and monitored. It like tripping a motion detection camera, it sends a signal that there's been some kind of movement (someone out there?). Some spammers do keep a list of email considered "live" which is more valuable and can be more useful for targeted campaigns. In my opinion, you should only un/subscribe to respectable organisations emails and newsletters.

Michael Kassner
Michael Kassner

I was surprised at the percentages that did just as you suggested. Thats with a survey group of a little over 3000 too.

Michael Kassner
Michael Kassner

Is losing money big time. I would prefer a different approach.

Neon Samurai
Neon Samurai

Enough people believe anything seen on TV or in the movies is true let alone on the Internet. Sadly, stupidity doesn't require a license.

bboyd
bboyd

Until proven otherwise by consistent source that are not circularly referenced. In a similar vein, all technology is used for evil far faster than for good. Heck even the real bank emails don't use proper authentication. Look just emailed myself a link to get ****vicodin****, I should open it and press the linky! So lets lock down the interwebs and allow the Chinese government to run it so we can be safe from our selves. Or wait maybe just give it to Google so they can not be evil some more.

CG IT
CG IT

and believe it or not there is a market for mail order. Mostly the elderly who use it but it's a market. The reference to the telecoms is also an analogy. As Palmetto points out, the internet is unregulated and my viewpoint is that because it's unregulated, criminals will use it. how to combat the problem? regulate email. It's about the only way substantially reduce the threat vector. While email providers have done a great deal in cutting down spam, it's the ability of criminals to spoof/spook email addresses that's the problem as the survey shows.

Neon Samurai
Neon Samurai

Opening a potentially macro'd email is one thing but attachements are definately a different matter. I'm slowly building a collection of samples myself. As users forward strange stuff for confirmation. ups.doc.exe seems to be a popular attachment with the ploy of receiving someone else's failed delivery notice.

seanferd
seanferd

But that is how I handle it. Not so sure I would do that in Outlook, now that you mention it. I still generally don't open the attachments, except in a hex editor after a malware scan. Probably on a BSD or Linux OS, if I'm really a-scare't. :0

Neon Samurai
Neon Samurai

I believe there have been vulnerabilities that required no human interaction including opening the email after it's received into Outlook. Hopefully such things have been plugged but will more be found? I just can't trust that text only viewing is going to do it unless the email sent was originally text only formatted. The right-text/html formatted mail goes through to much code before being stripped back to text for my viewing. Mind you, I also have to admit guilt. I'm the lucky one that gets to open spam questioned by the staff at work. I probably have the most hardened systems in the office and can always open it through a non-MS system if it's really interesting.

Neon Samurai
Neon Samurai

Sounds like it might be a DNS issue. Have you tried putting the applicable .b9 domain and IP in your local hosts file?

santeewelding
santeewelding

Downloaded Firetrust Benign for $29.99 last night. Although I'm having problems appending ".b9" to my mail-server name (kills my connection), I'm looking forward to it.

CharlieSpencer
CharlieSpencer

but I interpreted the post title as a proper noun, like "Ford Taurus". I'd never heard of the product, and thought it was something new from the Next Evil Empire (tm).

cutedeedle
cutedeedle

In 2006 I signed up for Yahoo's "Plus" account strictly to set up throwaway e-mail addys. It's really handy for e-mail accounts when you're not sure about the merchant/newsletter/contact and you don't want to use your real addy. I've tracked down companies who have either sold my e-mail address to others, or their databases have been hacked. I can trace such activities by the company name embedded within my customized e-mail addy on my Yahoo account. When this happens I always contact the offending original company and let them know what happened. Invariably I get excuses, denials, anything but "we're really sorry and we'll fix this." So, that e-mail addy gets deleted and it takes care of the problem. I've just kept Mailwasher Pro because it's so cool and useful and I only paid for it once -- no yearly fees. I, like you, assumed that techies read these posts and everyone understands that "Google" is now commonly accepted as a verb.

lars_honeytoast
lars_honeytoast

I meant search for Mailwasher on Google. I often say, "Google this..." instead of "Search for this on Google". I guess I am slowly assimilating to popular society's phrase usage. Is there hope for me? To reply to your statement: We use mailwasher at the office as an add-in with Outlook to avoid the annoyance of Spam. It's great for the work environment and home environment, if you're spammed at home, I'm not so I use it at work only.

CharlieSpencer
CharlieSpencer

Yes, the title made me think he was recommending a product from Google. Your post made his much clearer. Oddly, I don't receive spam at home; maybe a piece a month. Yeah, I get mail from web vendors I've purchased from, but I don't consider that spam. I'm very selective about who gets my address, don't participate in social networking, and never post it 'in the clear'.

cutedeedle
cutedeedle

What the poster suggested was a Google (better yet, Scroogle) search on "mailwasher" and you'll find this: http://www.firetrust.com/ I've used Mailwasher Pro for several years and never need to use Outlook's junk mail filter -- MWP does everything for me. I highly recommend it.

CG IT
CG IT

and it's, the for lack of a better term, ignorance of the average consumer that marketing, sales and criminals take advantage of.

Neon Samurai
Neon Samurai

Unsubscribe to an email from an unknown outside of a reputable mailing list you have intentionally subscribed to and you can pretty much bank on your spam levels increasing. (edit); additionally, fax spam must only be stopped for up to six months unless laws have changed. When faxes where sheik, the trick was to receive a request for unsubscription, set a six month timer against the phone number and resume spamming when the blackout time had passed. I nearly wrote a system to do just this though it was a job I was happy to see fall through.

JCitizen
JCitizen

but friends of mine who work there say the USPS hasn't a clue how to run the systems they got now. They get hacked occasionally too! I'd sooner trust the big brown to run a new system like that! However, I doubt most would want to pay extra. My hotmail works fine; I rarely get any spam at all. My ISP server based email is another story. Fortunately we have postini and a service to delete all mail that gets past postini, BEFORE we download it. That keeps 99.999% of the cr@p outta my PC in the first place. =D

Neon Samurai
Neon Samurai

Be it Apple or Microsoft claiming absolute usability with no learning curve. Selling information machines as toasters has to be one of the greatest marketing coups in the industry. The cost drop is another interesting angle to it all. Willful ignorance is still rampant also though. "oh, I can't learn to do that, I'm to set in my ways" is a very common response to suggesting better ways to use the work tools provided to non-IT staff (and, sadly, some IT staff).

CharlieSpencer
CharlieSpencer

While I'm often the first to hand out a yellow card for gross excessive stupidity, some of these folks still just don't know. I can't blame someone for making a mistake when he's never been told what he's doing is dangerous. I've said it before, but it goes back to when PC prices dropped to where they were affordable for everyone, along with the manufacturers pitching their products as entertainment devices. When PCs cost a couple of grand (that was once real money, kids!), people didn't mind spending another $200 at the local tech school to learn how to use it effectively. Who's going to spend that kind of money on a $400 system?

Michael Kassner
Michael Kassner

They are notifications. I then go to the bank's web site and take care of business.

Neon Samurai
Neon Samurai

.. but is it signed and encrypted? (granted, a one-way report is far less suspect than email requesting a response).

CharlieSpencer
CharlieSpencer

Nope, whether measured in terms of quantity or of value.

santeewelding
santeewelding

Debits and credits regularly approaching equality?

CharlieSpencer
CharlieSpencer

I get notified about my monthly statements that way. The key factor is that I requested this mail, so I'm on the lookout for it.

Neon Samurai
Neon Samurai

That is one area that very little should be done through email if anything and baud forbid it be with unencrypted email. I mean, I've sent questions to my bank contact but the answers are always discussed by phone. Even ING, which is pretty much web banking only contacts me by paper mail.

bboyd
bboyd

I've always thought internet and other remote drug dispensing systems are wrong. We have pharmacists to help up not make stupid choices like drugs with conflicts. Answering questions about what is safe and how to take them. and yes it is worth the cost. Not that I hope for internet nannies for john Q public. But financial transactions are in the same venue, they are at increased risk when done remotely. Our system, credit debit and interbank, is not secure enough in the USA for general use in my opinion. All in all I wait for the day the phone app overwhelms the banking system with illegal transactions to Pakistan and premium text messages to Russian companies. All hail vicodin spam!

CG IT
CG IT

with Cloud Computing and it's going to change the way IT is as a whole.

Michael Kassner
Michael Kassner

You feel that the drug vendors are making enough money to pay all the bills and make a profit. I wonder who is buying that stuff.

CG IT
CG IT

protocol but more importantly, a change in how PCs work using mail. Which is where the IT industry as a whole is marching toward with Cloud Computing and smart devices rather than PCs. Changing how PCs work is problematic because almost all applications created are web enabled. But Smart devices are going to change all that. So really not much reason to put effort into chaning how PCs work. But changing the ability of spammers to spoof/spook email would be a big step in defeating spam from non legitimate sources. The regulatory efforts of allowing only legitimate sources send mail is a step in reducing spam. ISPs have make efforts to stop this by only allowing firms with static addressing to send mail via SMTP basically legitimizes the mail. Since static addresses are the same as physical addresses, you know where the email came from. Mail servers do have some security avenues to use. Reverse lookups on domain names which will reject mail if the originating source isn't the same. But there needs to be a regulation on email where only legitimate sources which are defined as static addressing can use it. But I'm of the opinion that really not much needs to be done because of where Information Technology is moving towards. That is smart devices and Cloud Computing. Gone are PCs which can be part of a botnet and used to send out mail. Gone are PCs that can be compromised. The consumer will use the Cloud for virtually all their Internet use and obtain applications from the Cloud Provider. They will no longer buy applications at a store or online, rather buy apps provided by the Cloud Providers. The Smart Devices don't have an operating system like Windows rather have firmware like WinCE. In the next 10 years, computing as we know it is going to change dramatically and the IT industry as a whole will change. IT will become like telecoms or rather IT and Telecoms will merge into one industry.

Michael Kassner
Michael Kassner

How would you go about regulating email, CG IT? I was trying to come up with something, myself. I would appreciate hearing your ideas.

Editor's Picks