Spam Update

There has been a lot in the press over the last few days about spam so I wanted to reiterate and summarize my view on the subject. I continue to believe that the only way to beat the spam problem is through the use of technology, as I have written before. I see no possibility of spam legislation working. The legislation is well intentioned, spam is truly a huge problem, but it just won’t work. Included is the recent proposal for a "Do Not Spam" registry. There is little possibility of it working, partly because of the complexity of the management and security issues that would have to be addressed and partly because of the "exceptions" that would get baked into the legislation. Case in point — take a look at the new National Do Not Call Registry that was launched by the U.S. government recently. The site says that "Most telemarketers cannot call your telephone number if it is in the Do Not Call Registry". When you click on "most telemarketers" you quickly see the problem — exceptions. I’ll conclude the "why it won’t work" part of my story and then offer suggestions for what should be done.

Why Legislation Won’t Work

If you register your phone number on the National Do Not Call Registry, will it stop all telemarketing calls? No. The exception section of the registry says, "Placing your number on the National Do Not Call Registry will stop most, but not all, telemarketing calls. Some businesses are exempt from the national registry and still can call you even if you place your number on it". Exempt businesses include the following:

  • Long-distance phone companies
  • Airlines
  • Banks and credit unions
  • The business of insurance, to the extent that it is regulated by state law.
  • Political organizations
  • Charities
  • Telephone surveyors
  • Companies with which you have an existing business relationship

Anybody left out? Detect the influence of any political tinkering in this legislation? Of all the annoying unwanted phone calls I receive, all of them will be exempt. The only beneficiaries that I can see from the new registry are attorneys dealing with the complaints that will flood into the government. A "do not spam" registry would be even worse. As soon as spam gets defined in the legislation, spammers will immediately re-define themselves in ways to fall within the exceptions. The Direct Marketing Association has thousands of members who want to send email to all of us. They are legitimate companies with legitimate products and services. They do not commit fraud. The problem is that any legislation that legitimizes them will also enable the bad guys to re-define themselves to escape the legislation.

So, what can be done?

In a nutshell, the answer is to enforce existing laws, utilize spam-fighting technology, and begin the process to re-design the way email works. I’ll start with an update on the role of government and some examples of effective prosecution. Then I’ll outline a few thoughts on what I believe is most important — the role of technology.

The Role of Governments

Although I believe legislation can not work, I have not said that governments have no role. The FTC Spam Forum was a very good thing. It raised a lot of attention and focus on the issue. Orson Swindle, one of the commissioners, was aggressive in challenging the corporate world to "solve the problem". Such encouragement is good. I can’t prove that it was because of the FTC stick but it is very encouraging to have read recently that AOL, MSN, and Yahoo! have started a dialogue on how to deal with the problem. Governments have a role in the prosecution of existing laws and making the public aware of the results (with the help of the media). Governments also operate the court system and speedy trials of fraudulent activities by spammers is extremely helpful. It was quite encouraging to see that a federal judge awarded Earthlink damages of $16.4 million and a permanent injunction against a Buffalo, NY spammer. According to Patricia M. LaHay of the Associated Press, the spammer was the leader of a ring that used EarthLink services to send some 825 million pieces of unsolicited "spam" e-mail in the past year. He is now banned from sending spam ever again — and from helping others send it.

As word of more and more cases like this one get around, perhaps more spammers will think twice. Finding and prosecuting the off-shore spammers will be much more difficult and this is why we need technology solutions to block them. Hopefully, other governments around the world will begin prosecutions as part of an international effort. Spam is costly in every country and even more so in countries where bandwidth is less plentiful and more expensive.

What was illegal — and enabled this prosecution — was not spam per se but rather the tactics. According to Ms. LaHay, the Buffalo spammer kept the spam flowing through Internet accounts opened with stolen identities and credit card numbers. They used fake email addresses — which they changed every couple of days — to keep investigators off their trail. According to Earthlink, their spam included offers for herbal Viagra, weight-loss products and get-rich schemes, one of which was "hire me to spam for you’". In another suit, Earthlink was awarded $25 million in damages from another big junk e-mailer in Tennessee. America Online has also been suing spammers, winning a $6.9 million judgment in Federal court against an Illinois company for sending pornographic spam. In fact, Ms. LaHay reported that AOL has won 25 spam-related lawsuits against more than 100 companies and individuals. Verizon Communications settled a spam lawsuit against a Michigan-based company that prevented them from e-mailing Verizon Internet customers. The suit also gave Verizon unspecified damages. Many more suits are pending. Whether the suits make a big dent or not, it is a certainty that spam will not go away. Technology remains the key element of the solution.

At the Federal Trade Commission spam Forum in Washington, two FTC commissioners spoke — one suggesting caution on any legislative initiatives and the other saying "it can’t hurt". I think it can hurt and likely will if passed. I spoke on a panel along with seven attorneys. All seven urged Federal legislation. I was a lone voice; speaking out for patience to allow for technology to address the problem.

Technology That Works Today

There are many short term technology areas that can make a huge impact on the spam problem. Internet service providers (ISP’s) can do a lot more than they have been doing and it is encouraging to see that the big players have started working together. This will surely have a positive impact. Employers can do more also. Companies such as Cloudmark and Brightmail have technology that can enable the corporate mail servers to block spam or at least flag it as "probable spam" to allow employees to use a filter or rule to delete it automatically if they choose to. At the consumer level there are numerous solutions out there. I personally use Cloudmark’s Spamnet. Cloudmark "catches" millions of spam emails for it’s users every day. My 2,000+ spam emails per week end up in my junk mail folder. I glance through the folder once every ten days or so and then delete the contents. Rarely do I find emails that were "false positives"; i.e. emails that I really wanted. Maybe one in a thousand. I am more than willing to forgo that one in order to not have to be bothered with the other 999.

CBS MarketWatch reported that PC Magazine has studied what you can do about spam. In a test of four “spam slammers,” CloudMark’s SpamNet ($4.99/month subscription) was top rated, followed by Matador 2.0 ($29.95/program), SpamCatcher ($19.95/program), and IHateSpam ($19.95/program), when ranked according to the percent of spam dumped into a quarantine folder. Each of the programs maintains a database of spammers and incorporates users’ feedback on what’s identified as spam to filter e-mails. “Keep in mind, though, that these products are far from perfect. They occasionally block messages they shouldn’t, and if you don’t regularly visit your quarantine, you’ll certainly miss a small percentage of important mail,” the magazine concluded. That has not been the case for me as I mentioned in the prior paragraph. The bottom line is that these spam fighting programs really work and I recommend everyone adopt one.

The other good news on the technology front is that venture capitalists and the technology whizzes of the world are engaged. Startup companies are focused on spam elimination as a significant business opportunity. Computer scientists are energized by the challenge. Venture capital funding is flowing to spam-oriented companies and we can expect to see continuous improvement in the capabilities of the technology that they create.

Long Term Changes Needed

Long term, the way in which email works needs to be re-engineered. The Internet Engineering Task Force (IETF) has formed a research group called the Anti-Spam Research Group (ASRG) to come up with creative and profound changes in the way email works at the core. The ASRG focuses on "the problem of unwanted email messages, loosely referred to as spam" and their premise is that an individual or organization should be able to "express consent or lack of consent for certain communication and have the architecture support those desires". The ASRG plans to investigate the feasibility of a new architecture for email that "allows different systems to be plugged in to provide different pieces of the solution".
I am sure the solution will include some form of authentication (as I have argued before). Once the real identity of an email sender is rendered explicit you have a lot more options for how to treat that email. (There are numerous other benefits from digital ID’s beyond reducing spam). I am optimistic about the long term fix but, needless to say, what is being undertaken here is enormously complex and it will take time. To get the protocol changes adopted as a global standard and then be globally implemented will take years.


Congress will be back from vacation in September. We will probably get legislation. You can just feel the momentum in Washington. The political pressures are significant and even though I see little chance of legislation working, I also see little chance of avoiding it. Let’s just hope it doesn’t make things too much worse. In the meantime, we should be using anti-spam technology at multiple levels. It works.

Disclosure: I have no investments in any anti-spam technology companies.