WHITE PAPER - THE END OF SPAM

Spam, also known as unsolicited email and junk mail, has caused extraordinary damage to people and businesses. As the founder of Block All Spam, Inc., Greg Way, puts it, "It is stealing. It should be a crime with a punishment equivalent to theft." Many of our nation's leaders are acting now to introduce powerful legislation, creating laws to end spam. The first such law was recently enacted in Virginia. Everyone wants the problem solved. The solution has arrived. It is called Source Authentication. This patent-pending technology, developed by Block All Spam, Inc., absolutely stops spam in its tracks, at the email server, never allowing it to get to the desktop. And, most notably, it reveals the identity of the spammer.

Unmasking the stealth spammer through Source Authentication

LOS ANGELES (PRWEB) -- Spam, also known as unsolicited email and junk mail, has caused extraordinary damage to people and businesses. As the founder of Block All Spam, Inc., Greg Way, puts it, "It is stealing. It should be a crime with a punishment equivalent to theft." Many of our nation's leaders are acting now to introduce powerful legislation, creating laws to end spam. The first such law was recently enacted in Virginia. Everyone wants the problem solved. The solution has arrived. It is called Source Authentication. This patent-pending technology, developed by Block All Spam, Inc., absolutely stops spam in its tracks, at the email server, never allowing it to get to the desktop. And, most notably, it reveals the identity of the spammer.

Spam exists because spammers can use various methods to hide their identities. If it were easy to expose the identity of a spammer, the large majority of them would not bother to use spam as a way to make money. With new laws in place, spammers, whose identities are revealed, may face criminal and civil penalties.

When Source Authentication is adopted as an industry standard, spam will end forever. In order for spammers to distribute spam, releasing their identity to each of the recipients of their email messages will be a requirement, thereby creating a serious problem for them. Not only will we know who they are, but also we will likely know their address, phone number, place of business, how many spams they have sent and to whom. Only a few will attempt to spam in this environment. Those few, who attempt to send spam, will have their efforts thwarted, in addition to facing the consequences of their crime.

Is Your Email Legitimate?

Source Authentication technology provides us with a solution to spam beyond unmasking the spammer. It provides us with a secure sense that the sender of the email is who he says he is. Without Source Authentication, you can receive emails from people who are pretending to be other people. You cannot be sure of the sender, and it is unbelievably easy for people to fool email servers.

Almost every spam email message uses email spoofing. Occasionally, one may even receive email messages that are "From" your own email address! Imagine the havoc a spammer can cause with the ability to spoof one's identity, in addition to spoofing that individual.

This form of identity theft must be stopped. Source Authentication achieves that goal by forcing email to come from the real owner of the address that is in the "Return-Path:" portion of the email header. It is good practice to view a header for this return path statement at the top of all email message headers. With Source Authentication the "return path" cannot be falsified.

Comparison - Source Authentication vs. The Problem...

One element of Source Authentication is that the senders of email are asked to reply to the recipients by simply clicking on "reply" and then "send." Question: Is responding to reply inquiries as much of a problem as spam itself? Answer: Absolutely not. Consider how much effort it takes for that person (10-30 minutes per email session) to deal with spam every day. Spam is THE PROBLEM.

Cost of Implementation...

Since Source Authentication is an email server-based technology, it will often be implemented at the ISP (Internet Service Provider) level. Today, many ISPs have put spam-filtering systems in place. The cost to the typical ISP will be less in processing power than it takes to run most filtering systems. In side by side tests Block All Spam has found that email servers that were running filters, rules and other technologies processed LESS email per hour than the servers running Source Authentication. This results in reduced costs of equipment and resources per email account.

Cost of Development...

Compared to the costs of forever looking for and implementing filter-based, rules-based and AI-based technologies to solve this problem, Source Authentication offers a solution for a one-time development cost. Email server manufacturers will be able to redirect their energies into productive features instead of "the war on spam."

Reduces Human Error...

Inboxes with zero spam are used more productively and fewer legitimate emails are accidentally deleted. When someone gets large numbers of spam each day, it is very likely that one or more legitimate emails will get accidentally deleted along with the spam.

Cost to Business and Personal Relationships...

A case can be made that we don't want to put barriers in front of ALL senders. In these cases, the use of white lists that pre-authorize email from certain source addresses is desirable. Realizing that any email that is not Source Authenticated may not be from whom it says it is from; people must carefully choose which email they will allow to be pre-authenticated.

Eliminates the "Dual" Inbox...

In filter-based systems, we often have to check the quarantine box for valid emails because the system might make a mistake. It becomes almost a second inbox to many as they still have to plow through all of the spam that the filter detected, looking for those emails that should have been directed to their inbox. Source Authentication has no quarantine box.

WebMail Mailbox Space...

WebMail-based systems and other email servers "charge" users for the amount of space that they use. If a user gets a lot of spam, he may end up with "mailbox full" problems, thereby preventing him from getting email he really does want to read. With Source Authentication, the spam never reaches the mailbox.

A Server-Side Solution...

The email server is the point of connection where mail is moved around the Internet. Email clients simply download mail from the email server and do not have the same real-time capabilities, or even access to the same information as the email server.

This technology is and should be implemented on the email server and not on the email client, or desktop. There are volumes of reasons why this is the case, but to name a few:

1. Email servers, by design, make real-time processing decisions involving email on the Internet. Email clients simply connect to email servers at a user's convenience. It is not very practical to have email clients making decisions, creating email messages and doing other processing that should be done in real time on the server side.

2. It is entirely inefficient for email clients to be downloading and processing spam mail and then simply not presenting it the software user.

3. It is a far simpler approach to implementation, to simply update an email server, than to update all of the client software packages that connect to email servers. This reason is especially highlighted by the fact that the technology belongs on the server in the first place. It is just as illogical to implement this technology on the client side as it is to consider updating all email clients instead of all email servers.

Mail Harvesting Fails Against Source Authentication...

Source Authentication does build a white list in order to minimize the inconvenience placed on senders to reply to Source Authentication. A sender, in most cases, will only need to reply once because of this. The argument that harvesting email addresses from web sites or newsgroups serves to identify email addresses that are "authorized" does not work since the system is designed to protect against spoofing email addresses. Source Authentication uses an impenetrable defense against a harvested email address attack.

Source Authentication Allows Receipt of Newsletters and eCommerce Receipts...

One of the major failures of other anti-spam technologies is the inability of them to easily work with legitimate automated email, such as newsletters and eCommerce confirmations or receipts. With Source Authentication, these are not problems.

Source Authentication Eliminates Filtering Mistakes...

Filters are prone to error and the task assigned to a filter program is nearly impossible. A filtering system is asked to differentiate a spam email from a normal email based on the data the spammer himself provides. Filtering systems "read" mail, check IP addresses, check domain names, check email addresses, look at headers, look for specific text or phrases, use point systems, and so on. The underlying principal is flawed: when bad data comes into an application it means the information the application will present is going to be unreliable. Filters make mistakes and delete or otherwise "hold" valid email incorrectly while sometimes passing spam along to the recipient.

Source Authentication is Superior to Weighted Value-Based Systems...

A spam "cocktail" approach of constantly changing parameters as to what weight to assign what technique or portion of the email, requires going through endless trial and error. This technique usually ends up with no resolution of the problem and it is not a scientifically sound approach.

What weighted value-based systems really are is a compilation of many techniques that don't work by themselves. Therefore, the solution is to give each one a partial weight in factoring a total decision. On the surface this seems ideal, because AI systems use this concept. In fact, even the inventor of Source Authentication used the weighted value technique to attempt to block spam at many points over the last 6 years.

The problem is that, regardless of how many individual incomplete solutions are thrown at a problem, there still is no answer because of the pure volume of solutions and the weight analysis of each solution.

Source Authentication is the ONLY solution that is capable of putting an end to spam.

Source Authentication is not Challenge Response...

Source Authentication stays within the SMTP protocol and only requires that the sender reply to the email. Source Authentication does not require the email sender to go to a web site to confirm that he is human, by being able to visually see something on the web site and in some cases enter a code. Source Authentication has the advantage that computers may also reply and thus authenticate the email as being legitimate, without forcing the sender to be a human being. Human source emails are not the only valid emails.

There needs to be a clear distinction in name between other similar technologies and this technology.

For those who are extremely technical there is a "challenge response" characteristic of Source Authentication. One can make a rational point that the reply email is a "challenge" and the computer or human reply to that email is the "response." While it is technically correct to say Source Authentication uses a challenge and a response to authenticate a source email, there is more to Source Authentication than the term "challenge response" implies.

But, for the differences seen at the user level it is clear that we should not label "Source Authentication" a "Challenge Response" system simply because some of the characteristics found in the two technologies have some similarities.

For example, VHS and DVD systems can both be used to play a movie on your TV set but they are given different names because they are different technologies. They could be called "movie players" because they both do that, but no one does.

Source Authentication Works for All Networks...

Unlike other solutions, Source Authentication works across all networks, and can be implemented by any email server manufacturer, for use by all. Source Authentication is designed to recognize itself when sending and receiving replies from other email servers. This is critical, because the solution to spam must be one that is compatible with ALL email servers. If other solutions are implemented, "mail loop" problems will be more frequent on the Internet.

The entire Internet needs a solution that is as self-compatible as the SMTP protocol itself. Source Authentication accomplishes this by staying within the SMTP layer for handling replies and recognizing itself.

"We must solve the spam problem now," says Way. "We cannot let spam bring the Internet to a screeching halt."

Greg Way, inventor of Block All Spam, founded InfoDial in 1992 and has a history of providing innovative solutions. He pioneered eCommerce with credit card processing and shopping carts in 1995. He invented the "Internet Check" in 1997. In the years since 1997, he has focused his attention on new Internet solutions including email anti-spam techniques in his effort to eliminate spam from our email accounts.

For further information, go to www.sourceauthentication.org or call 800/925-0921. Block All Spam, Inc. is located at 23705 Vanowen St., Suite 230, West Hills, CA 91307.

PR CONTACT -

David Kaye or Roni Kaye - KPR, Inc.

818/368-8212

dave@kprinc.com or roni@kprinc.com

BLOCK ALL SPAM CONTACT -

Greg Way

541/385-8900

gway@infodial.net

###