Formed in April last year, the Anti-Spam Technical Alliance (ASTA) yesterday released its recommendations for battling the scourge of spam.
The proposal provides recommended actions and policies for ISPs and e-mail service providers (ESPs) as well as large senders of e-mail including governments, marketers and private companies.
These recommendations target two key issues: e-mail address forgery; and stopping the exploitation of vulnerable ISPs and their customers to send spam.
According to ASTA, one of the key problems with today's e-mail infrastructure is that messages do not contain enough reliable information to enable recipients to decide whether an e-mail message is legitimate and reliably identifies the sender.
Spammers take advantage of this and commonly disguise the origin of their messages by forging the sender addresses in their e-mail using someone else's domain name. This is called "domain spoofing."
ASTA suggests that the solution to this problem lies in either the authentication of senders based on their IP (Internet Protocol) address, or on the basis of content signing.
Content signing, explains ASTA, depends on public/private keys held by the sender of a legitimate e-mail. The system works by the generation of a digital signature whenever a legitimate sender sends an e-mail message. The sender's mail server, on the basis of a private key held on the server, imprints the signature onto the message. When the e-mail is received, the recipient server checks the signature against another publicly available key in order to verify that sender's identity.
ASTA recommends that: