dcsimg
RealTime IT News

Spam at the Breaking Point: A Time for White Knights

E-mail is the killer app that made the Internet essential to millions. So why are we letting spammers choke its air supply? Spam abuse is so widespread that I know 8-year-old children who have already mastered the habit of cleaning their in-boxes. Even in a medium-sized business, the mail administrator filters out upwards of 100 junk messages a day per employee and they're still not catching it all.

Set aside your concerns about the time and bandwidth wasted. With every snap decision made to clear out the garbage, we eat away at email's effectiveness.

And as the spam blocking business gets more sophisticated, blockers cause new problems. The blockers' pattern recognition schemes summarily dismiss millions, if not billions, of messages every day.

Have you heard someone recently complain that their e-mails didn't reach someone? I've heard this a lot and it usually turns out someone had pegged their e-mail domain as a spammer. It wasn't anything they did. It was their ISP who was blocked because the ISP's mail relay was unwittingly used by a fly-by-night spammer. The policy of spam blockers is to block first, ask questions later. If the blocked addresses are innocent, the bans are lifted. But until the block is lifted, innocent emails are dumped.

Meanwhile, the spam industry is bolder than ever. Spam brokers sell e-mail addresses by the millions. This low-rent industry even has its own newsletters where owners of junk lists advertise. I came across an ad for one of these brokers who promised a 20-percent oversupply on orders; in other words, order 5 million names and they give you 6 million for a one-time fee of $5,000. Of course, the sellers offer no guarantee that these lists have any value. Few of these names were acquired under the strict opt-in policies used by legitimate marketers.

Government regulators are doing little. Occasionally, we see action that seems designed more for public relations than enforcement. A few days ago, the U.S. Federal Trade Commission (FTC) charged a small outfit with deceptive practices for claiming its list of e-mail addresses would generate quick sales. The FTC didn't pursue these spammers for their spamming. The FTC sued over exaggerated claims about the value of the spam list. The message the FTC is trying to send to the casual observer is that they're cracking down on spammers. But look more closely and the message is that it's OK to sell spam lists, as long as you don't promise too much.

ISPs are working a lot harder. Most will delete the accounts of anyone sending spam within minutes of a complaint. (A lot of innocent people are getting caught up in those policing actions, too.) The problem is that spammers are predators. They're bouncing their junk off unprotected mail relays. Shut off one spigot and they just move on to the next one.

Give Yahoo! and AOL credit for taking a direct approach. They've put spam controls either into their e-mail client or onto their servers. Chances are, they are making only a dent, but spam brokers hate it, so that counts for something.

The real solution is likely to come from a combination of legislation and approved sender technologies.

A bill that made it through committee in the U.S. Senate (S-630) would require bulk e-mailers provide an opt-out policy and would impose a fine of $10 for every violation (that's for each individual email, not each million mailings). It sounds like it's worth trying. Some advocacy groups, such as CAUCE oppose it because it requires the recipient to request to be taken off a list. For those of us who are educated about spam, this isn't a problem. We would be happy to click on "remove" macros instead of the delete key. The danger is that the casual e-mail user would end up flooded with even more spam than they have today. But in a world where even fourth-graders know how to delete spam and e-mail clients offer spam reporting tools, it is worth a try.

The approved sender solutions, also called "bonded sender" or "trusted sender" programs, are just marketing testing with at least three companies, Postiva, Vanquish and IronPort. The products take different approaches (some require hardware servers, others are software-based) but they share the same idea: organizations doing bulk mailings would acquire some kind of digital identifier if they adhere to good neighbor policies (such as confirming that everyone on the list has agreed to receive the mailings). E-mail gateways conforming to the spec would then check for this OK-to-send ID before they relay bulk mail messages.

These products won't be free, so they can't solve the problem overnight. Of course, if they provide relief from the deluge, the market will welcome them as heroes. And we can go back to reading our email instead of cleaning it.

Gus Venditto is Editor-in-Chief of the internet.com and Earthweb networks.