KEY POINTS:
While some email marketeers were last week labelling the Unsolicited Electronic Messages Act a failure, ISPs and a major security specialist have a very different take on New Zealand's spam situation.
"When it was conceived, during the revision process and right up to it becoming legislation, the whole point was to diminish the volume of spam that New Zealanders are subjected to," said Jerry Flay of Inbox. "In that respect, it has failed absolutely."
But ihug's GM of technology, David Diprose, says the sheer volume of spam being blocked from getting to internet users email inboxes is an encouraging sign that the Act is having a positive effect.
"Last month, for the first time, we processed more than a billion emails and of these, only 15 million were 'clean'," he said, "which means our filters blocked around 985 million spam emails. That's a huge amount."
He admits that as the UEM Act is focussed on stemming New Zealand generated spam and protecting customers, it has limited effect on the volume of email that filters through from overseas.
Flay suggested a whitepaper agreement between ISPs, combined with authentication systems being put in place, but Diprose can't see it working.
"Unfortunately not, as most viruses and trojans use the customer's email program to send spam," he says.
"These email programs have the authentication information saved, so implementing authentication wouldn't help - it would only convolute the way email is processed and increase the amount of processing required.
"Even SMTP authentication between providers (rather than between the internet provider and the customer) wouldn't help either, as the majority of New Zealand spam we see comes from trojans on customers' computers.
"A whiltelist would have the same effect as authentication - it is not possible to catch all spam and viruses from trojans on customers computers, so a whitelist wouldnt help either."
Secure Computing says that a huge 15,000 new zombies from New Zealand were intercepted by its servers.
Eric Krieger, spokesman for the internet security firm says that email authentication definitely has a serious role in cleaning up cyber space.
"Currently there is no trust built in email," says Sydneybased Krieger, "when an end-user recieves and email pretending to come from their bank, they have no idea whether that information is believable or if in fact it's someone trying to steal the life savings out of their bank account.
"Spammers authenticate their emails as much as legitimate businesses do. Thus any authentication mechanism has to be used in conjunction with a reputation mechanism that can address the legitamacy of each email sender."
- NZ HERALD STAFF
