"The world is so dreadfully managed, one hardly knows to whom to complain." While novelist Ronald Firbank wrote these words at the beginning of the 20th century, they ring even more true in the 21st. As spam, adware, and other abuses of the Internet become evermore prevalent, the need to have a meaningful way in which end users can report this abuse has grown exponentially, not to mention network administrators' need to have an automated system to facilitate these complaints. This is the problem that George Davey, network administrator at Des Moines University, has set out to solve through the development of a new protocol, dubbed the Iowa Internet Abuse Logging Protocol (IIALP). "There exists a void on the Internet," says Davey. "The void is that end users don't have a way to complain. The idea is to design a protocol to specifically fill that void while simplifying and automating the process."
Here's how it might work in the future: Say you receive an unsolicited email, or spam; to complain you'd simply right click on that email and then fill out a form that requires a username and password. After you lodge your complaint, it goes to your ISP's local IIALP server where it gets condensed and sent off to a root server. Once there, the root server attempts to contact the abusing network's local server and network administrator, letting them know that a complaint has been lodged and giving them a link to query it. When they query it, the root server shows them the condensed record as well as statistics with information like how many complaints have been lodged against an individual abuser or the network as a whole, and offers a link back to the full complaint on the originating server. "It won't stop the spammers," says Davey. "The most powerful thing that IIALP can do for spam is help quickly identify the Internet zombie machines that are sending out the spam." It's been estimated that 60% of the world's spam comes as a result of zombie machines—computers that have been taken over and are used by spammers without the knowledge of their owners.
While Davey is not the first to attempt something like this, none have succeeded before. "There are four reasons why similar systems have failed: Their scope was too narrow; they focused on proprietary software; their solutions were too costly; and/or they were usually just a simple set of Web sites," he says. IIALP trumps these previous attempts by being developed as open source, which should help to keep overall costs down, and its being a protocol puts it in the same category as familiar and powerful predecessors like HTTP and FTP. But perhaps most significantly, IIALP "is an open-ended tool that can be used to complain about anything," says Davey, from spam, to ad-ware, even to non-Internet areas of abuse like junk faxes.
IIALP is able to do this because it's template-based. "The number of types of complaints that can be introduced in the future is infinite," says Davey. "Whenever you see a new type of abuse, you just create a new template." These can be customized for local use in enterprises, or Davey envisions a consortium that will approve universal Internet assets (the data items used in templates, like IP addresses or phone numbers) that can be used by everyone.
Some dissidents have voiced warnings that this system could be abused through the same zombie machines that it is trying to document. "Obviously, anything on the Internet is open to abuse," says Davey. "We believe this system will have a good chance to survive because we're designing into the core components the simplest but most effective and widely used authentication methods." One of these methods is using GIF images of words that users must read and then type in along with their username and password (a common deterrent to automated emailers). Davey also points back to the fact that IIALP will be open source and can be patched and upgraded in the future to repair any seams in its armor.
Davey hopes to have a test server running some time in August, and plans have something for users to interact with by the end of the year. Much of the timeline rests upon whether or not Davey is able to raise grant money and establish formal relationships with other universities, organizations, and/or companies. In the meantime, he's working on integrating features like an XML translator module—which will make all IIALP information searchable, something the enterprise is very interested in—into the core spec.
While IIALP may seem like a way to bring the hammer down on Internet abusers, Davey firmly states that he's "not in favor of legislation over the Internet or in favor of blocking. Even though this could be used as a blocking tool, we retain blocking as a last resort." Instead, Davey likens IIALP to taking the duct tape off of the mouths of Internet users. "It's human nature that if you get hurt, you want to complain," says Davey. And in the next year or two, you just might get that opportunity to do so and maybe even have something come of it.