Father of the internet says email ID will cure spam

Making mass emailers identifiable is the first step toward curing the epidemic of spam, said Vint Cerf, one of the architects of the internet.

Cerf, who co-created the TCP/IP (Transmission Control Protocol/Internet Protocol) of the internet and now works as chief corporate strategist for MCI, delivered opening remarks at the first inaugural Email Technology Conference.

The chief topic of debate at the conference was spam. Cerf said that standardising methods for authenticating email senders would ultimately lead to successful filtering - technologies that many companies that attended the conference are developing.

"Getting to critical mass with those sorts of mechanisms will be really interesting," Cerf said to an audience of technology executives attending the two-day conference.

"Starting from that angle will be more productive than anything," he added. Previously, Cerf had jokingly suggested that the industry hold public floggings of spammers as a deterrent.

Spam has skyrocketed to epic proportions since the first e-mail was sent in 1971. Back then, there were just a few geeks sending email, as Cerf put it in his presentation on the history of the Internet, so there was no one to send unsolicited commercial email.

In 1989, when the first commercial Iiternet service providers emerged, including UUnet and PSINet, the opportunity unfolded. Now, as much as 64 per cent of all email is unwanted bulk mail, according to estimates from spam-filtering company Brightmail.

Spam has risen to such heights partly because of a fundamental weakness in the Simple Mail Transfer Protocol, or SMTP, the messaging protocol that has defined email for more than two decades. Using SMTP, email recipients have no way of determining whether senders are who they say they are.

As a result, momentum is building for an email authentication standard. The Federal Trade Commission in its report on the proposed federal Do Not Email registry said the industry needs to develop a common system for verifying e-mail senders before it could work. Many major companies are also helping foster the checks and balances necessary to ID those sending unwanted email.

For example, Microsoft recently brokered a deal to consolidate Sender Policy Framework and Microsoft's Caller ID for Email - two antispam authentication schemes that look at DNS (Domain Name System) records to determine senders. Others, including Yahoo!, are testing key encryption protocols to verify senders.

Cerf touched on digital signatures as a means to encrypt and verify senders, which his company MCI has used effectively. The digital signatures, or unique codes given to each individual, are attached to email and must be authenticated to deliver the message. The system would run into problems in a public forum, he said, because of a lack of a central authority from country to country or state to state to govern the technology.

Several anti-junk mail companies announced new wares to fight the problem this week.

Cloudmark introduced a system for filtering spam that can be customised for individual corporations and improve on what's blocked. The system, called Cloudmark Immunity, builds up a spam "immunity" based on input on what is unwanted email from employees, according to the company.

Earlier this week, IronPort Systems unveiled a virus-protection filter to be integrated with its own email security appliance. The technology, called Virus Outbreak Filters, is used to detect and quarantine suspicious email or viruses before they can infect the entire network.

For consumers, Cerf suggested that everyone adopt a regimen of "cyberhygiene" to protect themselves from spam, viruses and spyware. Running filters and anti-spyware programs like Ad-aware should be a regular habit, he said, because active HTML (Hypertext Markup Language) and XML (Extensible Markup Language) have made receiving unwanted software to the PC dangerous.

"Like brushing our teeth, we need to train ourselves to run those kinds of filters often," he said.

Stefanie Olsen writes for CNET News.com