IBM touts its new FairUCE anti-spam technology as a drastic improvement over current spam filters, but some in the commercial e-mail industry view the technology with skepticism.
FairUCE differs from existing spam filters because it tries to catch “spoofed” or forged e-mail addresses instead of scanning text in the body of the e-mail for red-flag words that identify spam. The new technology is a stopgap measure until the full implementation of e-mail authentication practices, which many view as a final solution to the spam problem, IBM said.
IBM offers FairUCE for free at its Alphaworks Web site, where early adopters of IBM technology can preview software in its developmental stage for free. FairUCE can be downloaded at alphaworks.ibm.com/tech/fairuce.
FairUCE works by tracing the IP address — the Internet address — of the computer that sent the e-mail. It matches the IP address against a “white list” of approved addresses that are known to be legitimate.
It also checks whether the originating IP address matches the IP address of the domain in the e-mail's “From” header. If the addresses don't match, that would indicate the e-mail header has been forged. It's a red flag for spam, said Amit Patel, emerging technology strategist for IBM Alphaworks.
FairUCE does not “spam the spammers,” or send spam back to those who send it, as had been reported erroneously in some news stories about the technology, Patel said. But it gives users several options on how to react to spam. One is to block domains known to originate spam, Patel said.
FairUCE also uses a challenge-response system, whereby it sends a message back to potential spammers demanding that they identify themselves before passing an e-mail along to the user. Users can set FairUCE to demand a human response to the challenge, or challenge-response can be handled on the machine level with no human interaction required.
However, FairUCE comes too late despite IBM's claim that it is a stopgap until e-mail authentication is established, said Trevor Hughes, executive director of the E-mail Service Provider Coalition. FairUCE would have been useful four years ago, but the e-mail industry is well on its way toward adopting authentication standards, he said.
FairUCE is available only on Linux computers, meaning that only a minority of computer networks can use it. IBM plans to migrate FairUCE to the far more common Microsoft platforms, but by then authentication may be in full swing, Hughes said.
“There's no need for a stopgap solution,” he said. “There is a need for consensus and support for the authentication solutions we have today.”
With FairUCE, IBM essentially puts several anti-spam solutions that have worked independently in the past together into one solution, said Ragy Thomas, chief technology officer of Bigfoot Interactive. Though FairUCE is a clever package, the need for it is questionable, he said.
The industry appears to be coming together behind two e-mail authentication schemes, Thomas said. One is represented by the existing SPF and SenderID standards while the other is found in standards under development by Yahoo and Cisco. The two companies are working to eliminate differences between their standards.
“There was some divergence early on, but it seems to be coming together,” Thomas said. “The right thing to do right now is to rally behind one or both those standards.”
However, there is no firm date for when all commercial e-mailers will publish their domains on authentication systems, Patel said. Furthermore, several competing authentication systems exist, and no one knows which one will prevail, or when it will prevail.
Even on the anti-spam side of the fence, there is doubt about FairUCE. Steve Linford, founder of UK-based anti-spam organization Spamhaus.org, did not like the concept of challenge-response anti-spam systems. Challenge-response is “bad for e-mail communications and breaks e-commerce” because it can stymie legitimate e-commerce servers trying to send invoices and product updates, he said.
In FairUCE's defense, Patel said that legitimate e-mailers should have no problem with challenge-response. FairUCE challenges only spoofed e-mail and e-mail not originating from a domain on the “white list.”
Scott Hovanyetz covers telemarketing, production and printing and direct response TV marketing for DM News and DMNews.com. To keep up with the latest developments in these areas, subscribe to our daily and weekly e-mail newsletters by visiting www.dmnews.com/newsletters