Making Spammers Pay

Jon Larimore, president of Washington, D.C., metro Internet service
provider ZZAPP!, faces the same problem every provider around the
world faces — allowing access to legitimate mass-marketed e-mail for his customers.

“Our problem is that in our attempts to comply with our subscribers’ firm
desire for
spam-free mailboxes, however selective the spam blocking system being used,
it will tend to occasionally block advertising which is not spam,” he told internetnews.com. “From a purely pragmatic standpoint, and because we’re fulfilling
our subscribers’ wishes, it really doesn’t matter much to us whether the
occasional valid advertisement a subscriber actually wants to see fails to
reach them.”

Larimore uses a combination of seven DNS-base black lists as well as his
own list of in-house IP blocks to keep known spammers from peppering his
server with millions of junk messages. His customers have repeatedly said
they’d rather miss the occasional legitimate message than find spam in
their inboxes.

One e-mail gateway company has come up with a novel approach to separate
spam by making them pay.

IronPort has come up with the Bonded Server program, a “white” list for
Internet service providers (ISPs), carriers and Web e-mail hosts to
institute while turning up their spam filters to weed out the chaff from
the wheat, so to speak.

There are three ways a server can block out unwanted e-mails: a black
list, a white list and/or a filtering program. A black list consists of
IP addresses that are barred from sending e-mails on to the customer; the
white list does the opposite, it allows only certain IP addresses from
passing through the server. A filtering program, like those developed by
companies like SendMail and Postini, blocks e-mails by keyword, volume or
any number of controls.

The problem with black lists is that they sometime net legitimate
e-mailers. For example, if a Web host allows one of its customers to send
out a million spams, many real-time black hole lists (RBLs) will put the entire
IP block used by that domain on the black list, shutting out that Web host’s
other customers.

Filtering programs, on the other hand, present their own set of
problems. They are very effective at stopping spam at the server —
sometimes too effective. E-mail marketers that blast out a million
messages to their customers could trigger the volume filter, putting that
e-mail into the “bulk” e-mail folder with the spam.

Called “false positives,” these legitimate e-mails likely won’t see the
light of day, or get read by users who just routinely dump their bulk
folder without reading any of the messages therein. Because of the outside
chance one of these false positives may be a critical piece of information
or a legitimate mass-market e-mail, many companies either don’t put in a
filter at all, or keep the settings low enough on the filters to make sure
they don’t miss that important e-mail.

The bonded server program, according to IronPort CEO Scott Weiss, resembles
a white list, in that companies that send out e-mail blasts through them
are accepted as legitimate e-mailers.

The incentive for marketers to join this list is the fact that ISPs or other
hosts are now free to crank up their filtering programs. When that
happens, most mass e-mails, as well as the spam, will be sent right to the
bulk folder.

The caveat to that, of course, is that marketers agree to play by the rules
of the game; if they don’t, they pay. Weiss said his company is still
working out the details as far as pricing, but expects it will correspond with
the size of the e-mail blasts the marketer sends out.

The trick, Weiss said, is finding a pricing point that makes it painful
enough for marketers to abide by the program, without making them put up
too much cash up front. Regardless of the price, though, he doesn’t expect
too assess much in the way of fines.

“It’s a bit of a moron test for spammers,” Weiss said. “If there’s any
money changing hands, its people testing the system because if you’re a
legitimate marketer there’s no way you would sign up just to lose money and
send out mail.”

Weiss said proceeds gained from these fines will be donated to non-profit,
anti-spam organizations like TRUSTe.

Dave Steer, a TRUSTe spokesperson, said the IronPort approach is similar to
one of their own programs, the Trusted Sender, which separates legitimate
e-mail from spam and welcomes other ideas.

“We have also been looking for other ways, including ongoing discussions
with IronPort, to expand privacy protection across the network in the
context of the Trusted Sender
program,” he said.

The success of the bonded server program relies heavily on the
participation of those companies that traffic in e-mail — not only the
major firms of the Internet world, but the thousands of ISPs
and corporations that make up the bulk of e-mail recipients.

“Once the program gets adopted by the big players, once they sign on,
that’s when it really rolls out,” Weiss said. “We’ve been in active
discussion with all those players; it just makes too much sense on both
sides for something like this to come into play.”

But if ISPs and the rest don’t want to play, the program is dead in the
water before it begins. Like a black or white list, the program only works
if the host agrees to put the bonded server list on their servers. If they
don’t, it doesn’t give mass e-mail marketers any incentive to sign up for
the program.

So far, reaction to the IronPort program has yielded a positive buzz among ISPs.

“I firmly support our capitalist economy, I have no problem at all with
genuine “opt in” e-mail advertising, and obviously would much prefer not to
block that which our subscribers have specifically and purposely asked to
receive,” ZZAPP!’s Larimore said.

IronPort recently entered the second phase of its beta tests, from 350 to
1,000 users, to run scalability and server tests on the system. Included
in the second wave of testers are some of the biggest e-mailers in the U.S.
— Nasdaq, eBay and The Motley Fool are included in this round of
testing. To date, IronPort has been testing with MTV, PayPal and Warner
Music, to name a few.

IronPort expects to launch the bonded server program to the public sometime
in the fourth quarter.

News Around the Web