learned many things about the spam problem during the Federal Trade Commission’s forum. But certainly one of the more
interesting is how Washington can take a topic as annoying as those
unsolicited commercial emails and politicize it to the point where absolutely nothing gets done.
There’s a word for that: bureaucracy.
This week’s efforts to combat spam (which in my mind is the same as electronic
pollution) began with the best intentions. Spam proved to be so loathed by everyone that it actually had a unifying effect, bringing together the
fiercest of rivals, America Online, Microsoft and Yahoo!, which announced a
joint initiative to cooperate through open dialogues to “protect consumers”
from spam, which is often vulgar.
Then came even better news in the form of actions being taken. On top of
bills proposed by Rep. Zoe
Lofgren (D.-Calif.) and a proposal for action by Sen. Charles
Schumer (D.-N.Y.), Virginia Governor Mark Warner signed a bill into law
making fraudulent spamming a felony
offense punishable by imprisonment. Finally!
But when it became apparent that all of the attention by the FTC and other spam-fighters
amounted to nothing more than lip service, all hopes quickly diminished for
any substantive change. How could you panelists not even agree on a
definition for spam? All of you in Washington should be embarrassed!
What’s worse is that any effort by lawmakers wouldn’t require much extra work —
like a moot argument over what defines spam.
Yes, the Computer Fraud and
Abuse Act (which prohibits anyone from transmitting information without
authorization that intentionally damages a protected computer) as well as
trespassing laws do need to be strengthened. But for the most part, there
already is a well-developed legal structure in place (and regularly
exercised) that would defend us against spammers — intellectual property
laws. If a logo can be considered part of a corporation’s intellectual
property, why can’t the same argument apply to email addresses?
In fact, Microsoft’s attorneys (gosh, they are good) have tried this
approach in a 1998 case involving its Hotmail unit called Hotmail v. Van$ Money
Pie. They prevailed but the defendants got nothing more than a slap on
the wrist. Of course that case was heard well before the Digital Millennium
Copyright Act (DMCA) was established and put into effect. Certainly,
lawyers now have stronger ammunition.
To understand how all of this would deter spam requires a little working
knowledge on how spammers operate. I used to think that spammers got email
lists by sending out search spiders to crawl through the Web and scrape
addresses from publicly-listed pages on various Web sites. But then, how in
the world does spam end up in the inboxes of Kristen at the reception desk or Trish in accounting when their names aren’t published on any public Web site?
Spammers use far more sophisticated means. That publicly listed email address is merely a foot in the door. As well as spiders, they also
rely on directory
harvesting, in which they blast randomly generated addresses at an
e-mail server in an attempt to find the valid ones. The technique takes
advantage of the sendmail
message transfer agent
auto-replies as a courtesy when messages can’t reach their destination. FYI–this feature can be switched off on sendmail but for some of us that
isn’t much of a solution.
Once spammers have a list of addresses, then they again rely on flaws in the
sendmail MTA to distribute the spam. They address the junk mail to, say,
one of the bad addresses unknown to your server that they know will bounce
and dump all of their harvested addresses into the “FROM:” field. I have
yet to find a good reason why sendmail gives you the ability to change the
“FROM:” field to anything. Because of the bounce-back, the “FROM:”
field actually becomes the “TO:” field.
In addition, the spammer is freely
using your equipment without authorization. Certainly some part of the
Computer Fraud and Abuse Act has to apply here. Worst of all, to the rest
of the world, you appear to be the spammer.
If we have learned anything this week, it is that the war on spam has become
a public policy matter — one that requires leaders around the world to
take action, while recognizing the noble efforts of individual states and municipalities. The World Intellectual Property Organization (WIPO) has already
created a legal system to ease enforcement. All you world leaders need to
do is fine-tune your laws accordingly. And you don’t need to ensure that
the law pleases everyone — that certainly didn’t matter when copyright laws
were established. And there is by far more consensus on the issue of spam.
Our leaders need to start pursuing stricter network security laws, not look
for the definition of valid email marketing. Anti-Spam laws now need to
find the balance between the greater good and the shareholder value of a
publicly traded email marketing company that is guilty of spam. Perhaps this
might even pave the way for more adoption of “best practices” like double
opt-in marketing campaigns.
But for now, those antics in Washington amounted to nothing more than the
same PR chicanery that AOL, Yahoo! and Microsoft pulled at the start of the
Bob Liu is Executive Editor of internet.com’s News Channel, which
includes the flagship internetnews.com Web site.
Updates earlier version