We get far more letters each week than we can print. This week, we did a special, taking almost all of the letters about spam out to generate our front-page story. But there were many others (including blog observations we couldn't include). So here's the list from which we chose our front-page piece and the letters inside.
SPAM: CAN WE CONTROL IT? Your leading piece today, "Why spam is out of control" (Technology Guardian Thursday 09.11.06), prompts me to tell of my recent experience of spam and to suggest an additional reason for the upsurge. I am on pay-as-you-go and ordinary dial-up service. My ISP, Wanadoo/Orange (formerly Freeserve, as my email address continues to be) early in September this year changed the dial-up telephone no. and its charges and time charge periods (although I've not fully checked the differences here). One consequence or, more likely, associated reason for this change has been BT's denial of Best Friend (20% discount) or standard Family & Friends discounts (10%) to the new number (0844 instead of 0845). This will put up the cost of dial-up pay-as-you-go and of course the profits too for both ISP and BT. Since this change in service the volume of spam has increased and so has some of its character. I was already receiving a lot of spam compared to a year or two before and the volume has almost doubled. Freeserve/Wanadoo operates a spam "filter" which labels the subject line of incoming emails SPAM!, but this gives both false positives and false negatives (and inconsistently) so that each retrieved batch needs to be inspected and sorted manually. With the change of service the spam filter seems more consistent and more accurate but still requires inspection and sorting; the increase in volume has offset any gain in sorting efficiency that greater consistency might have brought. The increase in volume also increases the time online, dialed-up, which increases the cost to me and the revenue to Wanadoo and BT, the more spam the bigger profits. I am cynical perhaps, but wonder what other people have experienced. My occasional accurate counts suggest that about 90% of emails are spam, confirming the figure you quoted. The recent increase in volume is not so much an increase in character or types of content as it is in multiplication of the same message, sometimes in exactly the same configuration (addressee, sender, subject line) sent at same time, sometimes (and increasing I think) the same message with different senders, or sent at different times, or with disguised subject lines giving no hint of the true content. I also get different addressees. Outlook Express, and the way the ISP responds, retrieves all email at one go addressed to my domain name (after the @) whatever the account - i.e. the prefix before the @ - I ask it to use and whatever actually appears in the spam email. About 50% of my spam is addressed to some cod prefix, like uxbggfu or even just nn (a common and recurring one), and the rest comes to my original email address. This helps sort spam from jam. No doubt one solution to this costly and time consuming and annoying problem would be to get on broadband (even risking bot infection) with a different email address (one with only a server's domain), but it should be possible for the ISP to remove, delete before sending, all but one of multiple messages with the same content. It doesn't seem to care. (Wanadoo never thought to mention the effect of new dialup no. on BT schemes; I had to find it out the hard way, seeking to change my Best Friend no. over the telephone, etc.) From what you say it would appear to be difficult for ISPs to control spam at the sending end, but it ought to be much easier to deny delivery to spam. If bureaucratic email filters can refuse delivery to messages containing 4-letter words etc., surely there is some relatively sophisticated software around that could refuse delivery to a fairly large proportion of junk mail. I hope you can return to this problem and ask, what's in it for the ISPs to allow so much spam. George Rehin, Lewes
[The article] was very interesting. However, I have fallen victim of this in another way. Increasingly organisations are installing powerful spam filters which are blocking my legitimate emails because the adult dictionary objects to my surname. In the last few months this has caused me a lot of problems and, as a result, I changed my email address to remove my surname from it but the spam filters still object to my surname in the body of the email. Usually when one of my emails is blocked it falls into a black hole and I am not aware that it has been blocked until I phone the recipient to ask if he/she has received my message. Is there anything that I can do instead of changing my name? The IT Managers at both Richmond Fellowship and Ujima Housing Association have confirmed to me that their spam filters will not accept my name. Additionally, as you will see from the attached, I have the same problem with the adult dictionary at Gallions Housing Association. >> The message sent to [address removed]; on 2006-11-09 10:06:34 may be inappropriate. Sender: En Route [address removed] Message subject: Policy name: Global Filter name: GHA Adult Sensitive Words (Isolate) Action on the message: Quarantine(quarantine);Notification;Drop >> I will have to adopt a deliberate misspelling of my name. John Loveridge, Brighton
Orange (formally Wanadoo and Freeserve) is one of the ISPs which do filter port 25 - annoyingly in my case as it means I can't use my university's mail servers to send emails. Orange force all outgoing mail on port 25 through their own mail server - you have to use your Orange login details in order to send emails through it. Due to this, I'm not able to connect to my universities SMTP [mail sending] server while at home. I can bypass it of course, being a somewhat tech savvy student by utilising a VPN [Virtual Private Network] - but that's complicating the issue at hand. The only reason I need to send emails through my university's SMTP server is that it rejects emails sent from my university address to others at the university [if that email] did not originate from its own server. Philip Parker, Carnoustie
Spam *is* technically sortable, and relatively easily (no need for everyone to ditch Windows just yet), but sorting it would put the anti-spam businesses out of business as well as the spammers and the realtime black hole list maintainers would lose their ego trips, so where's the motivation for that to happen? My two quick suggestions: Option 1: X.400 - mail technology from the 1980s, ignored today because it pre-dates the Internerd era, but designed from the ground up to have security built in (the military still use it where it matters). X.400 needs a bigger email client and mail server than POP/SMTP stuff, because X.400 is a mail system that inherently knows how to handle authentication, certification, and lots of other good stuff that the POP/SMTP world doesn't. POP/SMTP has barely changed since the era of the teletype, when 128kB was a lot of memory and Windows didn't exist. X.400 was designed by the telecom industry (people who know who to make things work reliably), intended for use on what were then "real computers", many of which would be rather less powerful than today's mobile phones and PDAs. Imagine if phones worked the way POP/SMTP email does (or doesn't)... The end result is that when an X.400 mail arrives the recipient can tell whether it comes from where it appears to be from, they know it hasn't been tampered with since it was sent, and it has other features too such as possibilities for secure/non-deniable "delivery receipts" and "read receipts". The X.400/X.500 world also knows how to keep "what is John Smith's email address" (the directory) separate from "who is John Smith's ISP" (the connectivity provider) in a huge distributed environment but that's another story for another day. X.400 can of course interoperate with POP/SMTP but you lose many of the advantages if POP/SMTP is still in the picture. Option 2, the less "emotionally uncomfortable" one: widespread use of authenticated SMTP, which would for most users (and ISPs?) be a trivial change to their existing setup. If ISPs all offered authenticated SMTP so there was no legitimate need for port 25 to be open because there's no need for Joe Public to use port 25, port 25 could be blocked as per your article and as per some ISP's practice. The botnets wouldn't be effective because without the required authentication information from the end user, the botnets wouldn't be able to send mail. That answer doesn't provide the end to end security that X.400 has but it would be quick and simple to do this one. It might need some changes (to get authentication info from the user) to some legitimate apps which today have trivial access to be able to send emails, but wouldn't that be a price worth paying? See any technical difficulties with that? Ask your favourite ISPs how tricky that would be? Spam makes money for spammers and also for a whole PC-centric "anti-spam" ecosystem. Spam isn't (just) a technical problem, the technical solutions exist, but they're not going to happen till there is economic motivation for them to happen (which needs something a bit stronger than unenforceable anti-spam laws). This isn't the time/place for me to explain the technology, I'm afraid, but feel free to ask someone who really knows. For obvious reasons you have to ask someone with no financial or emotional interest in maintaining the status quo though. Which obviously rules out folks like Graham Cluley, and also rules out many ISPs. For X.400 you probably also need to ask someone over 40, someone old enough to remember when it was in use outside the military. I've had a yahoo email address since the mid 1990s. It gets tons of spam because I accidentally put it out unmunged on a news posting, and once addresses are out they get traded between spammers. I also have a forwarding address at the Institution of Electrical Engineers which I have only given to reputable contacts. Unfortunately it seems one of those contacts has recently had their address book raided, because in the last week or two the IEE address is starting to get spammed. That's a nuisance already, and it's going to get worse. Something needs to be done, and the solutions being proposed by the vested interests may be good for them but they are far from ideal for the end user. John Wallace, Birmingham
A very interesting article. However, you missed out on one way of preventing your computer from becoming a botnet. Ensure that its operating system is OSX. Jonathan Duckworth, Stroud
Your article says: > Hart wishes that ISPs would simply block all unauthorised traffic on port 25, which computers use to send email. > He argues that any port 25 traffic not destined for an ISP's own mail server and accompanied with an authorised user name and password should be rejected. However, neither of the UK's most popular ISPs, BT Retail and NTL, block this port, although they do scan for bot-like activities on their own network. No. Bad idea (unless I have totally misunderstood how this works). You know the email services such as Hotmail or Yahoo. Most (all?) of them have a webmail interface, but many of these (such as the one I am using to send this mail) also allow POP3 [mail download] access so customers can read/send their mail using a mail program rather than the html interface. If some ISP started blocking port 25 access and I was no longer able to send my mails via my email program, I would first put in a strongly worded protest and then start looking for a new ISP if they did not stop immediately. A change of use of that magnitude would allow me to terminate my contract immediately. Several mail providers impose an upper limit as to how many mails you can send in a certain period of time. Think 100 mails a day or something like that. *That* should help a bit. Andrew Williams, Frankfurt
This was a fascinating article, well researched and clear. Why, though, in the conclusion was there no mention of avoiding kind of malware such as the Stration worm by using a non-Windows operating system? I know the vast majority of users use a Windows PC but Apple Macs and PCs running Linux are nowadays easy to use and master. In particular Ubuntu Linux is well within the reach of an average user. In addition, the cost benefit and increased system stability means that I for one have made this my preferred solution. Mark Tweedie, Coventry
Re: "Why Spam is Out of Control" May I remind Charles Arthur of his piece in Gruaniad Unlimited Technology of 12th Jan 2006, where he blithely wrote that "spam has had its day" I notice that, curiously, this article in not linked to or referred to in today's piece, and indeed seems to have been removed from the Grauniad's servers (unless Google is having a bad day). I put it to Charles that he is an mercurial loon. Yours-quite-clearly-right-all-along David Davis, Brighton [The article is online. In retrospect the idea that spam is "past its peak" is clearly wrong - Charles Arthur, Technology editor]
Not a comment but a question: It's obviously a bad idea to have your email on a website as the netbots can pick it up. But do they read the code or just the text? Colin Taylor, Dumfries [They read any text with an "@" in as an address - Technology Ed.]
Perhaps it's time for the IT security industry to bite the bullet and secretly design & deliver their own worm / Trojan that will hunt out & clean up spam-bots? Yes, lots of hand-wringing over that idea - but this could be one of those occasions when the forced administration of medicine is just what the millions of patients really need. Michael Russell, no post town given
Your article on increased spam activity concludes: "and turn on Automatic Updates in Windows". Doesn't seem logical. We've just read that the latest bot versions have disguised themselves as Windows updates. It's the logical thing to do, if you are a hacker good enough to program this. I hate automated updates. I hate things happening in the background without me knowing. I want Microsoft to give me a list of updates marked clearly by date so I can see which ones I have already got. I want to go to their website and pick the update myself. So I know where they are coming from. I don't let my machine talk to anyone without me knowing. That's where the tiny personal firewall comes in. It shows you how many applications (Microsoft and other) nonchalantly try and connect to some server on some dubious errand. What really helps is using non-English applications. My Firefox speaks Finnish - if a "patch" speaks English, I know it's a hoax. My main bank account is in Finland - if someone sends me an e-mail from "Visa" and speaks English, I don't have to open it. But your article is right - usage of spam and spyware have exploded. My spam ratio this time last year was, maybe 5:1; now it's 25-30:1. When I'm on the dialup, I get pinged about 10 times a day. Happened maybe once a week last year. Irene Moser, Melbourne, Australia
>> ISPs and PC vendors need to do a lot more work to educate people into protecting PCs that are connected to the internet. Currently it seems that the vast majority of PC owners have no idea of the problems so they just carry on regardless. The article contains a guide to checking to see if your PC is being controlled in this way. Everyone with a PC connected to the internet[1] should be encouraged to go through this procedure and then to install decent firewall software. http://blog.dave.org.uk/archives/001139.html
>> One thing I didn't get the chance to talk about in the article was weird, hashbuster spam with no apparent payload, as outlined at http://www.boingboing.net/2006/08/09/classical_literature.html . Conspiracy theories abound, suggesting that spammers are simply trying to confound bayesian filters, but Occam's razor suggests that these are misconfigured spam emails, or misfires where botnets already have the text designed to fool the search engines, but don't get to talk to the mothership and receive the actual payload. http://www.itjournalist.com/?p=76 (Danny Bradbury's blog)
>> I work for an email security software vendor that specializes in defending against the high concurrency loads created by botnet attacks. Botnets are _the_ problem facing the global email system these days. At the recent MAAWG conference in Toronto (http://maawg.org), I spoke to numerous operators of large email receiving networks such as Road Runner and Outblaze and all report that volumes are up substantially. Combatting this new kind of spam traffic is going to take a new approach (read a paper by our director of research here: http://www.onlamp.com/pub/a/onlamp/2006/10/12/asynchronous_events.html) but one thing is clear regardless: hosting email is no longer for the timid. The botnet issue requires a serious amount of work on the part of ISPs to resolve. Blocking outbound ports on cable and DSL networks is a very challenging proposition for a large service provider, since it involves setting up complex customer support systems to deal with all the "exceptions." I think that service providers inevitably will have to deal with the fact that they are the source of most abuse — lest they be blackholed by large email receivers at the Autonomous System level. It's just a question of how long it will take service providers to do this. I spoke with Time Warner's anti spam manager recently and he said it's in the pipe, but will take a "long time." Until then, cross your fingers that the botnets don't become even more sophisticated. Ken Simpson (comment on http://www.itjournalist.com/?p=76)
>> The customer support issues would end up being huge, I guess. I know that some ISPs are putting in outgoing traffic analysis to try and stop spam before it leaves their servers, but as the spam gets more complex and the volumes per machine reduce, I imagine that's going to be harder to achieve. One thing they should be able to do is block dynamic IP addies, which of course are where most of the botnet traffic comes from. The problem is that this is apparently more difficult than it looks. TQM3 told me that some ISPs keep all their IP addies dynamic but reassign them to 'static' customers by referring to a MAC address. That makes it very hard for the blocklists to keep up, and they end up having to treat all of that ISP's address blocks as static and then trying to pick out offending addresses on a piecemeal basis. (response to Ken Simpson by Danny Bradbury on http://www.itjournalist.com/?p=76)
Could you please correct the address where we can find our IP addresses. The reference in 'Why spam is out of control' in todays edition is incorrect. Please email it to me so I can see if I am in trouble. Tony Grimley, no post town given [sorry, it was an editing error. The correct address is http://noc.net.umd.edu/cgi-bin/netmgr/whoami]
DAB AUDIO STANDARDS I think this is a very interesting article. But isn't the truth that internet radio has already outmoded any type of DAB radio? I can pick up an internet radio from Dixons for £100 which, with wi-fi in my flat, will play any of over 2500 radio stations from around the world with high quality sound. And, of course, I can play the same stations on my computer already anyway. The reception on DAB radio regularly cracks up, the extra channels largely all sound like Virgin radio anyway, and the licensing system seems to preclude any sort of innovative broadcasting. I guess that the DJs of the 60s who started on pirate radio stations would not choose to perform on DAB these days: they'd go straight to the Net. Unless DAB both improves its coverage and licences creative broadcasting, it's doomed before it's really taken off. The former may happen; the latter I don't think is likely. Colin Keatinge (no post town given)
If my experience is anything to go by I am not surprised. The quality is woefully short of what I have been enjoying for years on analogue. I bought a Pure DAB radio a year ago, and suffer from 'splashy' sound and occasional descent into silence. I have two Freeview boxes, and radio reception via that means is also unreliable (as is TV on occasions, with sound failure and pixellation of the picture). Analogue TV and radio ain't broke. Why fix them? Robert Caldicott, Banbury
>> I've been complaining about the poor quality of the DAB/Eureka 147 standard for over 9 years now, so it's heartening to see that World DAB is dumping MPEG 2 and moving to AAC. Of course, there are many other issues with digital radio, such as the pernicious influence of intellectual property and the creeping privatization of the airwaves, but one step at a time, right? The focus of the Guardian report is on the fact that Britain - as one of the few countries to have had a significant DAB roll out - now has an obsolete standard, and a lot of (rather expensive) radios that won't work with the new standard if/when it is adopted there. I'm particularly struck by the statement from the Digital Radio Development Bureau that "If people didn't like [DAB radios] they wouldn't buy them and we'd be dead in the water." Of course, since governments are pushing digital radio adoption - and planning eventual elimination of the analogue signals, as with TV - it's not a level playing field. People, for the most part, have been satisfied with analogue radio (particularly when it's enhanced through the use of RDS) but 'progress' demands that radio be digitized. Just like our 'stupid ould pencils' I suppose..... http://funferal.org/mt-archive/001225.html
GOVERNMENT STIFLING INNOVATION? Scientific research and technological development usually lead to innovation. The lead times range from a few years to decades and even longer. However, many innovations are clearly not the result of science or technology; examples are reality television shows, new taxes and new methods of making money. The latter usually have very short lead times; hence the greater interest of politicians, businessmen, journalists and almost everyone else in a hurry to become famous or get rich, which after all is the sole objective in life in western civilization of the late 20th / early 21st century. In the UK, this is the heritage of both Thatcher and Blair and their cronies, sidekicks and, indeed, challengers. As a mathematical physicist, recently retired, for the past forty years I've had an informed view of the almost total lack of interest or understanding in the role of science in modern society shown by politicians, economists and business leaders. Why these people should in the last few months suddenly pretend to be interested in science is amusing, for it is easy to see through their stratagems. They want to use science to justify policies and business plans that will, they hope, keep them in power. It's that simple. Even more striking is that these business and government leaders do not understand how science works, what methods it uses. This is apparent from the way they try to use it for their own ends in the most puerile ways. They use the single word "science", without distinction or even nuance, to cover all branches of knowledge from physics and astronomy to climate forecasting, sociology, economics and, no doubt in some cases, astrology. This is simply not good enough. They need to increase and improve their vocabulary, and at least make some effort to comprehend the difference between laws of nature and hand-waving arguments based on mere extrapolation of time series data. Anthony Dunning, Folkestone
SINGLE-PIXEL CAMERA "Plus ça change, plus c'est la même chose" ! Of course, the single-pixel camera has been around since the invention of television, a single light-detector having the incoming image scanned onto it, originally by mechanical means, and later electronically. In fact, I imagine it would be possible to simulate a TV picture by applying a suitable drive signal to the mirror array in the article. Additionally, I believe I have seen an item on imaging using random patterns, in a space gamma-ray telescope. It's interesting to see old techniques reused in new ways ... Mike Whittaker, Stapleton
MICROSOFT AND NOVELL >> Well it seems to me Microsoft is still doing what it can to destroy Linux, only this time It's the old if you can't beat em', buy em', line of thinking. Yes, I realize nobody can 'buy' Linux, however creating deals like this with all the major players will put their dirty little mitts into more slices of the pie, so to speak. If these companies really want virtual, they should just use VMware, that is where the smart money is, imho. http://www.muddysmind.com/archives/001244.html
CARTOONS My New Filing Technique... ...is brilliant. That's it really, keep on publishing it, it's the best cartoon around. Murray Goulden, no post town given
MICROSOFT WORD WITHOUT A WORD No need for macbore to have his lunch spoilt (Letters 9 November). When his mum wants to open Word docs without MS Office, he just points her to the free download of Word Viewer at http://www.microsoft.com/downloads/details.aspx?FamilyId=95E24C87-8732-48D5-8689-AB826E7B8FDF&displaylang=en which allows her to view, copy and print Word docs without owning MS Word. She could get the Excel Viewer, the Access Viewer and the Powerpoint Viewer while she's there. Then she can claim she really knows *her* way round a computer. John Dean, Oxford
ROBOTS ON THE BATTLEFIELD ("Launching a new kind of warfare, 26 October) American History still holds King George III in distain because he hired the Hessians as part of the British response to the American revolt. That sense of immorality grew not out of the cowardess of the Germans but out of the basic principle violated by their employment. The idea of human equality is based on the simple recognition of the equal frailty of every human body, its capacity for death. The use of money to buy the death of others without the reciprocal danger to the payer upsets the basic equality that makes human responsibility, citizenship, and justice possible. The ironic use of technology and money by American forces to avoid the harms they deal to others -- as again the massive hiring of secular capitalists to "handle" other war functions -- suggests how far the U.S. has strayed from the basal understands out of which it grew. The historical recognition that the growing sirens of money and technology are irresistible does not forgive or even ameliorate the hypocrisy of our indulgence. Dan Fineman, no post town given
