News Stay informed about the latest enterprise technology news and product updates.

Lotus' unending crusade against spam

BOSTON -- Nathaniel Borenstein's job description is simple: stop spam. Unfortunately, the job itself is anything but . As a distinguished engineer for IBM Lotus and creator of the MIME protocol, Borenstein oversees the division's antispam research, including features that will eventually be part of Notes and Domino, as well as Workplace.

@4578 A self-proclaimed former dot-com millionaire who lost "about 99.2%" of what he made when the Internet bubble burst, Borenstein also heads up the advocacy group Computer Professionals for Social Responsibility. Prior to his keynote address at this week's Open Group Conference, Borenstein spoke with about the state of Lotus' antispam efforts, the need for open standards and why spam laws alone aren't the answer.

What is Lotus doing today to win the war against spam?
We [at Lotus] don't see an easy solution to the spam problem. It's very complex because there are so many different aspects to it. Even though Notes and Domino 7 will have better spam control features, it won't stop spam entirely.

What we're doing with our research efforts today is really like being in an arms race with spammers. We've got an antispam group at IBM, and we have many initiatives in the works. Some you'll see in upcoming versions of our products, and others are long term. We're also working with antispam consortiums and other vendors on maybe a dozen different areas where there's work to be done. One of the biggest things we can do to control spam is by developing open standards.

If [Microsoft] thinks it has a cure-all, then its users are going to be sorely disappointed.
Nathaniel Borenstein
Distinguished engineerIBM Lotus, on Microsoft's antispam efforts
Why are open antispam standards important?
We have been big on antispam standards because we believe they are in the best interest of our customers. They're also the only alternative to proprietary Microsoft standards, which aren't in our or our customers' best interest. Spam isn't anything new, but it is getting worse. Why hasn't there been more industry-wide cooperation before now?
With spam, there's one thing that just about everyone can agree on: it's bad. There are so many people afflicted by it and so many geeks have been trying to find an answer that we have a situation now where there are almost too many cooks in the kitchen. It's not just a matter of getting together with the chairmen of the antispam consortia, because there are nearly a dozen groups now. They need a chairman of the chairmen!

Complicating the problem is the plumbing issue. E-mail protocols are probably the most interoperable set of protocols around, but because there are so many intricacies, it's probably the hardest set of protocols I've ever worked with. That's why it's been a very hard area to make progress. But we're committed to working with Microsoft and all the other groups on antispam standards, because that's what's most important. The United Nations has recently spoken out about the spam crisis. Is the involvement of organizations of that caliber necessary to successfully fighting spam around the world?
It's more complicated than that. The problem is that everyone at the U.N. cares and says they have ideas to stop spam, but those ideas tend to be grotesquely oversimplified. Groups like the U.N. and its ITU group have had to try to tackle spam because it's very expensive to buy bandwidth in Third World countries, and spam increases those costs. But politicians aren't the people to stop spam. The U.N. can't wave its magic wand and stop it. The U.N. should be working on tools that enable cheaper bandwidth in developing countries.

However, what the U.N. can do and needs to do is work to coordinate international laws. Now that the U.S. has CAN-SPAM and other countries are working on laws, spammers are merely being forced to create offshore data havens. International cooperation is pretty close to essential in order to make national laws meaningful. Laws aren't the only solution, but they're part of the solution. In regard to spam avoidance, are Notes users better off than Outlook users?
I don't know if it's fair to say that, because much of the antispam technology we're talking about and Microsoft's talking about isn't out yet. I think we're doing a good job of keeping our users in the forefront and giving them access to the latest technologies.

For more information

Learn how to get better R5 spam protection for free.

Read why a jail term for one spammer raises legal questions.

Read more articles written by News Editor Eric B. Parizo.

Is Microsoft taking spam seriously enough?
Bill Gates is on record as saying that spam will no longer be a major issue by mid-2005. I think that's unrealistic, and if [Microsoft] thinks it has a cure-all, then its users are going to be sorely disappointed. Hopefully, Microsoft doesn't believe its own rhetoric. But we're in this for the long haul. To stop spam over time, our goal is to develop a whole pipeline full of antispam solutions, so there will always be something new. What are some of the technologies you're developing?
We're working on multilingual filters to help Chinese users, for instance, because different languages present unique challenges. A hypothetical example is a Viagra salesman. If all his e-mails contain the word Viagra, then he needs a spam filter that doesn't block e-mail with that word in it. I recently refinanced my house, but whenever someone sent me an e-mail about it, I had to go fish for it in my spam folder because it's something that filters look for. We need to address that problem.

We're also working on something called SpamGuru, which comes out of IBM research. It combines an advanced set of Bayesian filters with advanced algorithms.

Another thing that's probably at least another year away is the development of an open antispam architecture. Third-party vendors could offer plug-ins for architectures that solve specific problems, such as specialized filters. Systems that utilize domain-based signatures are also in development. The idea is that if you can't verify that a message comes from a specific person, you can at least verify that it's from the sender's domain.

Dig Deeper on Domino Resources - Part 4

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.




  • iSeries tutorials's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

  • V6R1 upgrade planning checklist

    When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

  • Connecting multiple iSeries systems through DDM

    Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...