RealTime IT News

DMCA vs. Spam

We learned many things about the spam problem during the Federal Trade Commission's forum. But certainly one of the more interesting is how Washington can take a topic as annoying as those unsolicited commercial emails and politicize it to the point where absolutely nothing gets done.

There's a word for that: bureaucracy.

This week's efforts to combat spam (which in my mind is the same as electronic pollution) began with the best intentions. Spam proved to be so loathed by everyone that it actually had a unifying effect, bringing together the fiercest of rivals, America Online, Microsoft and Yahoo!, which announced a joint initiative to cooperate through open dialogues to "protect consumers" from spam, which is often vulgar.

Then came even better news in the form of actions being taken. On top of bills proposed by Rep. Zoe Lofgren (D.-Calif.) and a proposal for action by Sen. Charles Schumer (D.-N.Y.), Virginia Governor Mark Warner signed a bill into law making fraudulent spamming a felony offense punishable by imprisonment. Finally!

But when it became apparent that all of the attention by the FTC and other spam-fighters amounted to nothing more than lip service, all hopes quickly diminished for any substantive change. How could you panelists not even agree on a definition for spam? All of you in Washington should be embarrassed!

What's worse is that any effort by lawmakers wouldn't require much extra work -- like a moot argument over what defines spam.

Yes, the Computer Fraud and Abuse Act (which prohibits anyone from transmitting information without authorization that intentionally damages a protected computer) as well as trespassing laws do need to be strengthened. But for the most part, there already is a well-developed legal structure in place (and regularly exercised) that would defend us against spammers -- intellectual property laws. If a logo can be considered part of a corporation's intellectual property, why can't the same argument apply to email addresses?

In fact, Microsoft's attorneys (gosh, they are good) have tried this approach in a 1998 case involving its Hotmail unit called Hotmail v. Van$ Money Pie. They prevailed but the defendants got nothing more than a slap on the wrist. Of course that case was heard well before the Digital Millennium Copyright Act (DMCA) was established and put into effect. Certainly, lawyers now have stronger ammunition.

To understand how all of this would deter spam requires a little working knowledge on how spammers operate. I used to think that spammers got email lists by sending out search spiders to crawl through the Web and scrape addresses from publicly-listed pages on various Web sites. But then, how in the world does spam end up in the inboxes of Kristen at the reception desk or Trish in accounting when their names aren't published on any public Web site?

Spammers use far more sophisticated means. That publicly listed email address is merely a foot in the door. As well as spiders, they also rely on directory harvesting, in which they blast randomly generated addresses at an e-mail server in an attempt to find the valid ones. The technique takes advantage of the sendmail message transfer agent (MTA), which by default sends auto-replies as a courtesy when messages can't reach their destination. FYI--this feature can be switched off on sendmail but for some of us that isn't much of a solution.

Once spammers have a list of addresses, then they again rely on flaws in the sendmail MTA to distribute the spam. They address the junk mail to, say, one of the bad addresses unknown to your server that they know will bounce and dump all of their harvested addresses into the "FROM:" field. I have yet to find a good reason why sendmail gives you the ability to change the "FROM:" field to anything. Because of the bounce-back, the "FROM:" field actually becomes the "TO:" field.

In addition, the spammer is freely using your equipment without authorization. Certainly some part of the Computer Fraud and Abuse Act has to apply here. Worst of all, to the rest of the world, you appear to be the spammer.

If we have learned anything this week, it is that the war on spam has become a public policy matter -- one that requires leaders around the world to take action, while recognizing the noble efforts of individual states and municipalities. The World Intellectual Property Organization (WIPO) has already created a legal system to ease enforcement. All you world leaders need to do is fine-tune your laws accordingly. And you don't need to ensure that the law pleases everyone -- that certainly didn't matter when copyright laws were established. And there is by far more consensus on the issue of spam.

Our leaders need to start pursuing stricter network security laws, not look for the definition of valid email marketing. Anti-Spam laws now need to find the balance between the greater good and the shareholder value of a publicly traded email marketing company that is guilty of spam. Perhaps this might even pave the way for more adoption of "best practices" like double opt-in marketing campaigns.

But for now, those antics in Washington amounted to nothing more than the same PR chicanery that AOL, Yahoo! and Microsoft pulled at the start of the week.

Bob Liu is Executive Editor of's News Channel, which includes the flagship Web site.

Updates earlier version