In the escalating battle against spam, it may look like the bad guys are winning right now. But the war’s not over. Antispam warriors are developing new weapons to fight unwanted junk e-mail and legislators are debating strict new laws that could send spammers to jail.
DEALING WITH UNSOLICITED junk e-mail costs businesses billions of dollars in lost productivity and threatens to ruin consumer confidence in the Internet, government officials say. Here’s a look at what Internet experts believe are 5 promising ways to end spam in the future.
LAWS AND LISTS
A half-dozen new get-tough-on-spam bills are currently being debated in Washington which would up the ante against illegit e-mail marketers. Already, 33 states have antispam legislation, but a federal law would make it easier to bring legal charges against deceptive junk e-mailers, government officials say. Among the proposed measures: forcing marketers to allow people to easily remove their e-mail addresses from bulk lists; banning fake return e-mail addresses; and requiring Internet marketers to disclose their online and offline addresses. Software that scans Web sites for e-mail addresses to add to lists would also be prohibited. There’s also a movement to set up a “no-spam” registry similar to the Federal Trade Commission’s do-not-call list for telemarketers.
Howard Beales, head of the FTC’s Bureau of Consumer Protection, told a congressional committee Wednesday that the feasibility of a do-not-spam list was uncertain. Consumer advocate Ray Everett-Church, however, believes a carefully secured registry could work.
“If you’re on the list and someone sends you something, they’re toast,” says Everett-Church, founder of founder of Coalition against Unsolicited Commercial E-mail.
“That’s a cut and dried thing that any court in the land can understand.”
Laws alone won’t wipe out unwanted junk e-mail, but tougher criminal and civil penalties could be a strong deterrent, legal experts say.
David Kramer, an attorney with the Wilson, Sonsoni law firm in Palo Alto, Calif., says a law similar to the junk fax law is the way to deal with spam. The junk fax law allows consumers to sue companies that send them unsolicited faxes.
“Spam is no different than junk fax mail,” says Kramer. “It shifts the cost of the message from the sender to the recipient. It’s an enormous drain on corporate productivity.”
“Spoofing” is the latest nasty trend in spam. E-mail filtering company SurfControl warned Internet users earlier this week about “brand-spoofing spam,” which pretends to be e-mail from a major corporation in order to trick people into revealing their personal financial. Over the last few months users have received spam masquerading as e-mails from Best Buy, eBay and Sony.
“Spoofing is a continuing thorn in everyone’s side,” says Everett-Church.
One way to foil spoofing would be a “trusted sender” technology which would help identify each piece of e-mail, says Vincent Schiavone, chief executive of technology firm ePrivacy Group. An encrypted digital signature would carry a code recognized by an Internet provider’s computer servers and would prevent spoofers from hijacking corporate e-mails. Any e-mail not carrying the digital signature could be prevented from reaching the user.
AOL already tags its official communications with a blue envelope and background. But all the major Internet services and providers should adapt the trusted sender signatures, says Schiavone.
“They don’t do it because the ISPs can’t agree on the way to do it,” Schiavone claims.
How about charging to send e-mail? Congress has also discussed a sliding fee scale to send e-mail. People could send a certain amount of messages each month for free and then would be charged a fraction for every 10,000 or more, bringing an end, it is hoped, to spammers who send out tens of millions of e-mails daily at virtually no cost.
An e-mail toll is a great idea, say Internet experts, but it’s not clear who would get the money. “Bad guys wouldn’t pay because they’re pretending to be you,” says ePrivacy’s Schiavone.
“How would you make the charge?” asks Orson Swindle, an FTC commissioner. “It’s a really complicated thing.”
The most radical way to solve the problem would be to change the underlying way e-mail is sent, that is, rewrite the Internet protocol. E-mail was developed long before the Internet was commercial and wasn’t designed to anticipate massive abuse by people like spammers. Top Internet engineers are already looking at ways to make it impossible to forge e-mail addresses while preserving the anonymity of individuals who send e-mail.
“Deployment of a new protocol would take years,” says Laura Atkins of the SpamCon Foundation, a consumer advocacy group. “But the pain of spam might finally hit the threshold that the pain of changing the protocol would be less painful than suffering from spam.”
Enhancing the Internet backbone to prevent unscrupulous spamming could take three to five years. Martin Nelson, analyst with Ferris Research, a San Francisco technology firm compares tweaking the Internet protocol with “changing the wheels on a vehicle running 200 miles per hour.”
Nelson is optimistic that anti-spam solutions will eventually eliminate 95 percent of all unwanted junk mail, reducing the problem to something similar to the virus industry.
“Viruses used to crash networks and be a huge problem,” he says. “Now most organizations are protected against them. It’ll be the same with spam.”
Internet service providers are probably blocking 80 percent of unwanted commercial e-mail messages, says Swindle. But to win the battle against spam, a filter needs to be 95 percent effective, says Nelson.
“To filter effectively, an ISP needs a solution that employs a number of different techniques, black lists and whitelists and pattern matching,” says Nelson. A whitelist only allows approved addresses to reach you; a blacklist blocks known offenders.
A new generation of antispam technology being rolled out by some of the major Internet service providers could do that, Internet watchers say. For example, filtering technologies being employed by AOL, Netscape and others are more able to learn what the user consistently deletes as spam and then automatically reroute similar commercial messages to a separate folder.
That’s the type of filter that will be featured in the next version of AOL, says spokesman Nicholas Graham. AOL 9.0 subscribers will also be able to choose to see e-mail only from others in their buddy list or address book. Images will be blocked in messages from unknown senders so that users won’t see inappropriate pictures when they open the e-mail.
Internet provider Earthlink, which has approximately 5 million subscribers, boasts its “SpamBlocker” can eliminate spam “virtually 100 percent.” The system uses the “challenge-response” technique which requests proof of identity from an unknown e-mail sender. When an e-mail arrives from a source not in the user’s address book, a message automatically goes back to the sender asking for verification that it isn’t spam. If the person responds, the e-mail is delivered. Earthlink’s vice president of product development Jim Anderson says there’s no indication that spammers have figured out a way around the month-old technology.
The problem with challenge-response is that it can double the amount of traffic on the Internet and isn’t scalable for larger ISPs, experts say.
Microsoft, which has used antispam software company Brightmail’s filtering technology for its Hotmail accounts for several years, is now developing its own spam-fighting software. Chairman Bill Gates recently e-mailed corporate customers that an updated version of Microsoft’s e-mail program Outlook will include smart filters. These filters, Gates said, would learn and adapt to spammers’ ever-changing methods and create an antispam system unique to each individual.
(MSNBC is a Microsoft - NBC joint venture.)
Beyond relying on their Internet providers to block unwanted e-mails, consumers can choose from 40 to 50 anti-spam solutions. In its August issue, Consumer Reports magazine provides its first rating of junk-e-mail blocking software, naming SAProxy, MailShell’s SpamCatcher Universal ($20), Spam Sleuth from Blue Squirrel ($19) and Symantec Corp.’s Norton Internet Security 2003 ($69.95) as the top commercial filters for consumers.
Reuters contributed to this story. The Associated Press and Reuters contributed to this report.