Anti-Spam regulations to the rescue

Welcome to the first column looking at the latest news and views in the world of IT security, focussing on some of the more interesting topical issues in the media spotlight.

Spam, lovely spam. On December 11th 2003 the UK government's anti-spam regulations came into force, so we can all forget about receiving emails from our good friends with subject lines such as 'Phentermine! CHEAPEST ON THE INTERNET', 'Get prescription medication to your door!dxsfo' and 'Try some Via$gra! Hard as a Pole in 15 minutes'. Well, that's a selection of the cleaner ones that zipped into my Inbox this morning anyway.

Nuisance junk email is also known as spam, originating from a Monty Python sketch featuring some noisy Vikings singing about spam every time a waitress in a restaurant recites menu items to customers, drowning out her and everything else.

It has been reported that well over half of Internet email is spam, and the revised rules place the regulations outlined in the EC's Directive on Privacy and Electronic Communications onto the statute books in the UK in a bid to reduce this growing menace.

The revised UK regulations will mean:

  • Unsolicited commercial e-mail (spam) and text messages (SMS) to individual subscribers will need their prior agreement so that they may only be sent if the recipient has agreed in advance. The rule will not apply where there is an existing customer relationship.
  • A requirements for firms using cookies and similar Internet tracking devices to "provide information" on their use and an opportunity for a user to refuse to accept cookies.
  • Network operators and their partners will be able to provide subscription and advertising services based on location and traffic data to their customers. There is no restriction on the type of services that may be provided as long as subscribers give their consent and are informed of the data processing implications.

Whilst this all sounds very promising, nothing has been done to address the majority of spam, which originates from outside the EU. Spamming is big business, and the senders are always going to do what they can to ensure that it gets to as many people as possible.

Meanwhile, Bill Gates has been talking up SmartScreen spam-filtering technology which Microsoft as a "patented technology based on a machine-learning approach, where decisions regarding whether email would be considered spam are made by email customers themselves and then incorporated into a feedback loop to train the filter to know what to look for".

Apparently hundreds of thousands of Hotmail subscribers have volunteered to classify millions of email messages as legitimate or as spam. It looks like someone has found a use for spam at last!

Fraud alert

Speaking of dodgy emails, NatWest recently issued a warning to ignore one that purported to be from the bank. The text of the mail is:

Dear Valued Customer,

Our new security system will help you to avoid frequently fraud transactions and to keep your investments in safety.

Due to technical update we recommend you to reactivate your account.

Click on the link below to login and begin using your updated NatWest account.

The aforementioned link takes the unwary to a site that asks for sensitive customer banking details. This follows similar 'phishing' scams aimed at customers of Barclays, Lloyds TSB, PayPal and eBay.

Alan Phillips, 7Safe Information Security
December 2003