MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_01C612A6.F8FA1D50" This document is a Single File Web Page, also known as a Web Archive file. If you are seeing this message, your browser or editor doesn't support Web Archive files. Please download a browser that supports Web Archive, such as Microsoft Internet Explorer. ------=_NextPart_01C612A6.F8FA1D50 Content-Location: file:///C:/0E2B4C8D/bw_out_out_damned_spam.htm Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset="us-ascii"
AUGUST 11, 2003
Out, Out, Damned Spam
Junk e-mail accounts for roughly half of all network traffic. = Here are five ways to beat it back
It was May, 1978. Lauren Weinstein was among those developing an early vers= ion of the Internet when an e-mail popped into his box. It was the first spam e= ver -- a pitch from Digital Equipment Corp. sent, literally, to everyone on the fledgling Net. "People thought it was a little bit annoying but sort of amusing," Weinstein says.
It's not amusing anymore. Junk e-mail accounted for an estimated 49% of net= work traffic in June, according to Brightmail Inc., a San Francisco manufacturer= of anti-spam software. These days, spam attacks Weinstein's computer every two seconds. And the Internet pioneer, founder of the Privacy Forum in Woodland= Hills, Calif., is trying to save the revolutionary communications medium he had a = hand in creating 25 years ago. The open architecture that made the Internet a transformative technology also has spawned the rapidly growing junk e-mail menace. "It never occurred to us that the tools we were developing for ourselves in this highly trusted environment would ever end up in the hands= of the world's population," he says.
As anger at spam has increased, so have efforts to stop it. A confusing thi= cket of lawsuits, state and federal legislation, industry initiatives, filtering software tools, and spam-blocking companies has emerged to deal with the threat. While Congress weighs nine anti-spam bills, 34 states have enacted = junk e-mail laws. Frustrated companies such as America Online, UPS, and Microsoft are hauling spammers to court.
Some of these moves are good ideas; some are bad. None of them, on their ow= n, can eliminate spam. But a combined legal and technological attack could go a long way toward turning the scourge of spam into an occasional nuisance. He= re's how to do it:
1. REWRITE THE RULES
The first step is beefing up laws against spam. Rules against snake-oil sal= es pitches, get-rich schemes, and other types of fraudulent come-ons already a= re on the books. Federal legislation sponsored by Senators Conrad Burns (R-Mon= t.) and Ron Wyden (D-Ore.) would go further and raise the standards for spammer= s by requiring them to describe their messages accurately in their subject heade= rs, use real return addresses, and include working opt-out links.
That's a good idea, but it does little to slow spam. A more effective way t= o do that would be to let people choose whether they want to receive it. Both Ja= pan and the European Union have passed tough "opt-in" laws that requi= re commercial bulk e-mailers to receive permission from consumers before sending them unsolicited messages. Because of the power of the direct-marketing lobby, as well as constitutional free speech concerns, this approach is a nonstarter = in the United States. But a Do-Not-Spam registry, modeled after the one that w= as recently created to block telemarketers, would run into fewer such problems= . It would enable consumers to opt out of receiving unsolicited e-mail simply by logging on to a centralized Web site.
Nobody expects a Do-Not-Spam registry to be a panacea. Dishonest businesspe= ople would continue to hide their identities and flout the law. Only responsible bulk e-mailers -- bona fide, law-abiding companies -- would follow the rule= s. How big is this group? Little hard data exist, but an April study by Australia's National Office for the Information Economy found that 18% of s= pam comes from blue-chip corporations.
2. CRACK DOWN
Once new laws are on the books, they must be enforced. Internet service providers and the Federal Trade Commission have hauled dozens of spammers i= nto court since the late '90s. Every big case so far has brought a penalty. On = July 21, the FTC settled with a California teen who faked return addresses on e-mails that he dangled as bait to lure consumers to legitimate-looking business Web sites. There, they were duped into giving up credit-card numbe= rs.
Such policing is important and will have to be stepped up. But it is inhere= ntly limited. Prosecuting the small-time operators in the U.S. isn't likely to r= ise to the top of the docket for state and federal law enforcers with limited budgets. And using courts to crack down on bulk e-mailers is like playing whack-a-mole: knock one down and another pops up.
One solution: Give users the right to sue spammers directly and set minimum statutory damages of, say, $100 per offending message -- just as was successfully done in the 1991 law against junk faxers. This "right of private action," proposed by Senator Charles E. Schumer (D-N.Y.) and others, would torment spammers with a hailstorm of private claims. Of cours= e, Third World violators would be tough to reach. But litigators say many bulk e-mailers are domestically based, and advocacy groups such as the Spamhaus Project already do a good job of tracking down the biggest offenders. "Only when you distribute the enforcement broadly enough will it put enough fear into spammers' hearts to make them stop," says John Mozena, vice-president of the Coalition Against Unsolicited Commercial Email, a consumer-advocacy group.
3. GO GLOBAL
To discourage spammers from moving offshore, the White House needs to take = the lead in harmonizing international law and beefing up global enforcement. The 30-nation Organization for Economic Cooperation & Development is workin= g on the problem, but the Asia-Pacific Economic Cooperation forum is a vital pla= yer and needs to be at the table. The good news is that other countries are also working on this issue. EU commissioners will visit Washington in August to lobby Congress to strengthen our laws. State regulation, on the other hand, isn't working. While well-intentioned, these measures create a patchwork le= gal regime that increases corporate compliance costs.
4. BUILD A GATED COMMUNITY
In the Net's infancy, peer pressure deterred spam, with improprieties drawi= ng immediate social rebuke. But the online population boom upended that cozy virtual village. "Like in any large city, some people are going to eng= age in unlawful behavior," says Charles D. Curran, AOL's assistant general= counsel.
Cyberspace needs a new code of conduct, and it's up to industry to help wri= te it. Internet mail protocols -- the technical rules that govern how messages= are transmitted -- need revamping. Designed when the Net was small, they allow spammers to cover their tracks by forging headers, faking domain names, and bouncing e-mails off servers across the globe. New norms can be imposed by grafting changes onto Net protocols. Microsoft, Yahoo! (YHOO ) AOL, and others= are studying ways to build a so-called trusted-sender system that would give priority to known or identified e-mailers. Think of it as an exclusive gated community that would be almost spam-free.
Here's how it would work: Spammers make their mail look legitimate by faking domain names. But it's much harder to forge a domain's IP address -- the individual computer identifier that tells where an e-mail originated. Under trusted-sender rules, recipients' servers wouldn't accept mail unless they verified that the message originated from a valid domain, and the sender's = IP address matched the number associated with the domain. If they want to be trusted senders, large e-mailers such as ISPs, corporations, and institutio= ns would provide their IP addresses to a central registry. Fraudulent spammers would be zapped by the receiving server.
5. PRACTICE SELF-DEFENSE
Even with more cops and more spam-free zones, some bulk e-mailers will find= ways to sneak their pitches into in-boxes. So consumers and companies will have = to take the offensive.
The best professional filters, such as Brightmail, can block 95% of spam. At FrontBridge Technologies Inc., a San Francisco-area Internet-security compa= ny, computers check incoming e-mail against 10,000 criteria used to define spam; 500 of those rules are rejiggered every day, depending on what spammers are= up to at the moment. Because teams of human "spam analysts" keep tab= s on the trash bin, big filtering systems rarely lose a real message amid the ju= nk. When the San Diego law firm of Gray Cary Ware & Freidenrich installed a FrontBridge filter in December, "My greatest fear was that some critic= al client would get their e-mail rejected," says Chief Technology Officer= Don P. Jaycox. But after six months, "The false-positive rate is almost immeasurable."
Good filtering is expensive. But assuming that Gray Cary's 420 lawyers each spent 15 minutes a day deleting spam, Jaycox figures the firm was losing $1= 86,000 in billable hours every month. In that light, the $100,000 a year the firm spends to stop spam seems reasonable.
Effective filtering for the masses is a bigger challenge. A community of sp= am vigilantes constantly is improving free programs such as SpamAssassin. And = AOL and Microsoft are rolling out adaptable programs that "learn" how= to define spam based on what people delete. The newest filters also protect against beacons -- signals that let spammers know when a spam has been open= ed by a live user. And some computer users are compiling "white lists,&qu= ot; which allow e-mail from known senders to go into a premium in-box. But these consumer-level filters depend on technology alone. Without a living, breath= ing safeguard, chances are good that a filter will occasionally zap the wrong e-mail.
That's why many people will have to surf smart. By now, most computer users know that replying to most spam only generates more spam. Such smarts can g= o a long way toward eliminating junk e-mail. People who don't take action will suffer. Indeed, the recent flooding of many in-boxes is a sign that spammers are having to work harder. As e-mail filters get smarter, and as laws and lawsuits multiply, junk mail is harder to deliver. To maintain their already thin margins, spammers are upping their output, jamming more junk mail into= the fewer in-boxes that remain vulnerable. "It increases the pain for the = rest of us," Mozena says.
In the end, spam's greatest vulnerability is its economics: It costs very little to send out millions of e-mails, and nothing to send out a million m= ore. Making junk e-mail even marginally more expensive for senders -- by suing spammers, levying fines, or making it harder for it to find an audience -- = can be enough to tip the scales. Such efforts won't make spam extinct. But they= can kill the majority of it -- and hopefully turn spam back into a tolerable, perhaps even amusing, annoyance.
By Lorraine Woellert, with Stephen H. Wildstrom, in Washington