by J.D. Falk
Director of Product Strategy, Receiver Services
Hey there, fellow spam fighters. Read this quick, because any second now all those infected machines that were powered down over the holidays will boot up, get fresh orders from their bot masters, and start sending spam again. Most of ’em already have.
We’ve published a bunch of predictions recently, because that’s apparently the cool thing to do. Here are our thoughts on how those same trends (plus a few more) will affect you, the spam fighter, as you work to reduce how much unwanted crap your users see in their inboxes.
Email Still Isn’t Dead
You’ve seen the stats: Facebook and Twitter aren’t replacing email, they’re sending email. This will continue in 2010, and become more complex now that Facebook wants application developers to ask users for their email addresses in order to send them notifications them directly.
This’ll be the year when your bosses finally give you the resources to get serious about outbound spam from your users (including those same Facebook app developers).
If it’s not already in your budget, send ’em MAAWG’s Common Best Practices for Mitigating Large Scale Bot Infections in Residential Networks, and Best Practices for the Use of a Walled Garden, and remind them how much good press Comcast got for their Constant Guard walled garden pilot project.
Whiskey Tango Foxtrot? Oh, apparently we’re talking about “not spam” votes, user reputation so you know whether their votes are worth counting, panel data, and all that stuff. Apparently some people in the deliverability consulting industry have just now realized that you’ve got logs, and aren’t afraid to use ’em.
But this kind of data is far more important for reducing outbound spam. Oh, you’re not yet mining log files to determine whether a particular webmail session is controlled by a human or a bot? You’re not watching authentication logs to catch modems hopping between IP addresses? You’re not tracking how many new accounts were opened with the same stolen credit card? In 2010, you’ll start.
DKIM & Reputation
DKIM has been around for a while now, but very few of the big brands have been willing to lock down all of their outgoing mail & ensure that it’s all signed — which they must do before you can safely block the unsigned stuff. This’ll improve somewhat in 2010 as new tools become available (including one from Return Path), but there’ll still be thousands of name-brand domains for the bad guys to spoof — and they will.
Meanwhile, the marketers are getting hot for domain reputation. What they may not realize is that it’ll only help them if they’re sending mail that already deserves a good reputation. You’ll keep working on it in 2010 to help reduce false positives, but your big honkin’ IP reputation system ain’t going anywhere — and neither is ours.
International characters in domain names
Υер, thiѕ’ll fоοl mסѕt uѕеrѕ.
Your users already love to complain, and it’s never been easier to send those complaints to the people responsible. This year, we expect the IETF will remove the cruft from ARF and finally elevate it to an official standard.
Sharing is Caring
Now that you’ve created an informative postmaster site, established a complaint feedback loop, and started using our Certified whitelist, you’ve done enough for the email marketing industry. The rest is up to them (perhaps with our help.)
Instead, we predict that ISPs will share more ideas and information with each other in 2010 through MAAWG, the ETIS anti-spam cooperation group, the Anti-Phishing Working Group, maybe a couple others. We’ll also see more cooperation between those groups.
Another way you’ll be sharing is through our reputation network — the same network which powers the Sender Score, the Blacklist, and other data-driven products. This gives you a window into the larger world so you can see what your peers are suffering, rather than reacting only after the same thing starts hitting your own network.
IPv6 Doesn’t Matter Yet
Though the first few spam messages have been detected, there still won’t be enough email transferred over IPv6 networks in 2010 for you to need to rejigger your tools. That said, you should still start getting ready because in 2011 somebody big — probably Google or Comcast — will start moving over.
One idea we’ve heard floating around is to require a valid DKIM signature on all mail sent over IPv6, and establish a default-deny regime whereby only authenticated mail from whitelisted domains is accepted. Again, it won’t happen in 2010, but perhaps in a few more years.
Interactivity (it’s in the GUI for you and me)
We’ll see more experiments in 2010 as your pointy-haired product managers (hey, I kinda resemble that) chase the elusive shiny and try to make desktop, web, and mobile MUAs feel more like social networking. This could be very cool if it takes off, because if users only see messages from their chosen “friends” then they’ll never see the spam. I don’t think this’ll become commonplace in 2010, though. Maybe in 2012, after the Mayan calendar converges with IPv6 address notation and dread Cthulhu rises from the deep to consume our minds.
Hipsters have begun to rediscover Hormel’s SPAM™, and eat SPAM™ musubi ironically. In 2010 they’ll realize it actually does taste good (as long as you don’t think about what it’s made of), so SPAM™ will start to explode like bacon, peaking in 2012 right before dread Cthulhu consumes our minds (see above).
Now stop wasting time on blogs, and get back to work.