Spammer, ID Yourself

IBM last week introduced technology called FairUCE, for Fair Use of Unsolicited Commercial E-mail, that blocks spam by trying to ID the sender's Internet domain rather than evaluating message content.

FairUCE aims to stop spam at the perimeter, before it becomes a burden to business networks, says Marc Goubert, manager of IBM's alphaWorks, a Web site for downloading emerging technology. FairUCE sends a query that, if an E-mail's domain is spoofed, must be answered before the message is delivered. That puts a challenge's labor and bandwidth burdens only on those marked as spammers.

But identifying spammers is an inexact science. "A lot of spam these days comes from hacked machines," says Bruce Schneier, founder and chief technology officer of Counterpane Internet Security Inc.

FairUCE creator Matthew Nelson, a software engineer in IBM's Internet group, says the challenges are insignificant in terms of the data sent and are usually refused by suspect machines. And domains can avoid inquiries for spoofed mail by publishing a Sender Policy Framework record.

"This isn't meant to wage a war or start [denial-of-service] attacks," Goubert says. "This is why we're showcasing this on alphaWorks. It's an emerging technology from our R&D labs, and what we want to do is put it in the hands of developers and early adopters who can give us some feedback."