Getting behind the botnet, a solution?
How did we get here? How have we managed to put up with this nonsense for so long? The rise of Botnets like Rustock, Grum, Lethic and Storm have made the problem more significant, and things are only going to get worse. We seem no closer to a solution to the spam problem than ever?
Our friends at MessageLabs released their monthly Intelligence Report this week. A number of other outlets and blogs have already reported on the prevalence of the Rustock Botnet, accounting for up-to 41% of spam. The MessageLabs report also goes onto highlight the current spam rate at an alarmingly high 92.2%, up from 88% in July.
There has been much lambasting of Bill Gates since 2004 when he famously said that by 2006 "... spam will soon be a thing of the past." Gates predicted that spam would be killed through the electronic equivalent of a stamp, and at the time various vendors were dabbling in similar standards-driven methods for authenticating genuine email and its sender. If only we understood then how important the botnet would become in the global spam problem.
There is a concept in the anti-spam world called the FUSSP, an acronym for the Final Ultimate Solution to the Spam Problem; when you think have the FUSSP you may submit it to fussp.org and IETF, but there is a long list of criteria your FUSSP must fulfil - for example if your idea requires all SMTP gateways in the world to be the same or a replacement for SMTP, you have already failed.
Asking the world for the FUSSP is a great demonstration of crowd-sourcing a solution to a problem - but I can't help but think that we're missing an opportunity here.
What if, we the collective email security vendors of the world unite to form an alliance against spam, viruses and phishing. We already have the knowledge, research and technology to do this but we choose to use it competitively rather than collaboratively. In a sense we would collectively BE the FUSSP.
This is a big problem that requires a big-thinking solution, bigger than each of us can imagine individually - if we could form this coalition we might be able to win this battle once and for all.
Then again, would a coalition be as agile as the dark forces driving the dark SMTP traffic business?
Or would it simply get so bogged down by bureaucratic red tape that it never managed to realise its goals?
As per usual the greater good comes in second place and the users of email systems suffer...
please comment and lets see what you think, I would like to see if anyone thinks this could work!