Microsoft, AOL and Yahoo unveil antispam guidelines

An industry organisation representing e-mail providers Yahoo, Microsoft, America Online and EarthLink released recommendations...

An industry organisation representing e-mail providers Yahoo, Microsoft, America Online and EarthLink released recommendations for spam e-mail.

The Anti-Spam Technical Alliance's (ASTA) Statement of Intent includes a list of suggestions and "best practice" recommendations for internet service providers (ISPs), e-mail service providers, governments, corporations and bulk e-mail senders.

ASTA recommended that ISPs shut down so-called "open relays", or e-mail servers that allow parties that do not own the mail server to relay mail through them without needing to log in first. The group also suggested that ISPs crack down on virus and worm-infected computers on their network and closely monitor features that let people automatically register for ISP accounts.

If implemented, and with the backing of ASTA member companies, the recommendations could greatly reduce the amount of spam e-mail, the group said. The recommendations are the product of more than a year of collaboration between representatives of the member companies and focus mainly on ISPs, whose networks are often used to distribute spam.

ISPs which host web pages should also remove simple programs that can generate e-mail messages, like, a popular and free program for providing feedback from a web page. ISP customers should also be required to authenticate before sending e-mail from the ISP's network, ASTA said.

For bulk e-mail senders, the group discouraged the practice of harvesting e-mail addresses without the consent of the e-mail sender, as well as other common spamming practices such as source address spoofing and sending e-mail containing information that is false or misleading.

While e-mail users have a duty to educate themselves about spam, ISPs and others with a stake in e-mail need to do a better job providing consumers with tools and information to stop spam, the group said.

Many of the technical suggestions have for long been accepted wisdom within the technical community, said John Levine, a member of the Internet Research Task Force's Anti-Spam Research Group.

AOL and most other ISPs have been following many of the stated best practices for years, he noted.

Despite that, the recommendations are still worthwhile if they can reform the small population of organisations with sloppy mailing practices, whose systems are frequently exploited by spammers, he said.

"It's too bad that the first thing you have to do is tell people not to do something stupid, but there are still a lot of small companies with mailing lists and loosely administered mail servers," he said.

ASTA acknowledged that its antispam measures have already been adopted by most "responsible organisations", but stated that group members hope to encourage broader global adoption of secure e-mail practices and reduce the number of opportunities for spammers, according to the published Statement of Intent.

Common sense recommendations such as those laid out by ASTA are a welcome relief to the internet community, Levine said.

"Generally [the recommendations] are reasonable. It demonstrates that the technical management of ISPs do understand the e-mail situation well."

Plans to stop spam have taken on a new urgency in the past year, as the volume of spam has increased and begun to eclipse legitimate e-mail traffic.

Paul Roberts writes for IDG News Service

AOL employee charged with selling entire 92 million account database >>

Read more on IT risk management