|
||
 |
||
|
Spam e-mail has become such a nuisance and drain on productivity that people have called for legislative solutions—only to find that politicians are spamming, too. For instance, California gubernatorial candidate Bill Jones caused a flap this year when his campaign e-mailed unsolicited ads and deluged people’s inboxes across the country. Spam has been multiplying faster than smartweed in summer. Gartner Inc. (www.gartner.com), the research group, estimates that spam has increased by a factor of 16 over the past two years. Brightmail Inc., a company that makes filters to block spam (www.brightmail.com), says such e-mails now account for between 10% and 30% of all traffic online. As individuals try to fight back through legislation and technology, spammers become ever more clever. Some send out electronic feelers to collect Web addresses from the Internet. Others have computers generate almost every conceivable combination of name and dot-com address. Spammers hide the origins of their messages by sending them through overseas servers or boldly hack into individuals’ machines and hijack them into service to broadcast spam. To find out how to slow spam—or whether such a dream is even remotely possible—Context arranged for a conversation between two experts: Wayne Crews, the director of technology policy at the Cato Institute (www.cato.org), a public-policy-research foundation; and Laura Atkins, president of the SpamCon Foundation (www.spamcon.org), which seeks to reduce the amount of spam on the Internet. The short answer is: Don’t get your hopes too high.
WAYNE CREWS: Spam is a growing scourge. We all are bombarded with solicitations for toner cartridges, porn, instant credit, and work-from-home schemes. The muck has become so bad that if my son is in the room I ask him to turn his head when I check my e-mail. The issue is how to shift the costs of spam back to spammers. At least with bulk mail, the sender has to pay postage. Do we make spammers pay through legislation? Or is there some way that technology can do the job? A couple of years ago, Congress was all excited about legislating. In the House, a bill to limit spam passed 427-1. It was never voted on in the Senate, though, and now there is more skepticism. Many legislators feel people can better deal with spam now. Many favor a less-restrictive approach, which would let Internet service providers define how their services can be used and then sue spammers who violate those terms. I favor giving ISPs those rights. The question is whether that requires federal legislation, and whether it would impinge on free speech. There also is a question of whether, if you pass antispam laws in the U.S., the spammers would just move overseas. LAURA ATKINS: Of course, you are never going to convince a legislator to outlaw the ability for him to use e-mail to contact a lot of people with political ads. But spammers cause another serious problem: The sheer volume of unsolicited e-mail they send is causing technical problems and soaring costs for many ISPs, which have to buy bigger machines to handle the load. The spam houses tie up huge amounts of a network. A group of network operators has speculated that they spend at least 40% more on equipment to handle all the spam that comes in. Last weekend, I got 130 spam e-mails from a single sender in Chile. Sometimes, I receive so much spam that my mailboxes fill up, and legitimate e-mail is turned away. CREWS: I have seen new numbers from Brightmail, an antispam software provider, saying that something like 10% to 30% of all e-mails are spam. But remember, among the 5,000-plus ISPs out there, some are spam-friendly. They make contracts with bulk mailers. ATKINS: The bottom-line issue is that spam doesn’t pay for content on any Web site. Even though spamming is surely a multibillion-dollar industry, it doesn’t help pay for my mailbox. It doesn’t pay for my mail server. Spam raises the price that we pay for connecting to the Internet. I have yet to see any legislation come out of any of the states or the federal government that would address the cost issue. Legislation obviously isn’t a panacea. Every time the people fighting spam come up with a new technical or legal means to stop it, the spammers find a new way to keep going. For instance, the new way to spam is basically to crack individual users’ machines. Spammers take over an unwitting person’s machine and use it to send spam. CREWS: We are almost talking about trespassing. ATKINS: Absolutely. But most law-enforcement agencies won’t get involved with that sort of trespass, unless you can demonstrate that you have suffered a certain dollar amount of damage. The last I heard it was $50,000. A home computer user won’t be able to demonstrate that. So, essentially, there are no legal ways to go after the person who broke into your machine. Much of this activity originates in South Korea and China, which is causing another tragedy: A lot of major ISPs have started to ignore any mail that comes from South Korea or China. CREWS: Is the solution digital signatures? TRUSTe, which is a nonprofit Internet standards body [www.truste.com], has offered a proposal that basically would certify the legitimacy of a sender. In other words, if I don’t know who you are, your e-mails won’t reach me. ATKINS: That is one approach for bulk e-mail, but it feels to me like blacklisting and could shut down spontaneous one-on-one conversations. If I see a cool Web site and want to send an e-mail to the author, I wouldn’t be able to do that because the person wouldn’t yet know me. CREWS: Some people will say they only want e-mail from those they know. Others will be more open. They will allow that first contact, and if they get spammed they will put the sender on a junk-mail list that blocks future e-mails. The signatures could be used by ISPs, too. They could say to ABC Fertilizer Co., for example, that if it couldn’t bother to get a digital signature superimposed on its e-mails, then they wouldn’t forward the messages because they couldn’t distinguish those messages from all the spam coming through. It could be an important tool for ISPs to control their load. ATKINS: I agree. America Online Inc. [www.aol.com] has a fairly active group that already does this kind of blocking. If you are an AOL user and you get e-mail you think is spam, you send it to AOL’s spam box. AOL has some heuristics for then deciding which senders to block. CREWS: It works as a type of “opt-out.” What do you think about a general opt-out system for commercial messages? ATKINS: Although some people argue that e-mail should be allowed to anyone who doesn’t specifically opt out of a mailing, opt-out doesn’t work very well. If half the small businesses in the U.S. sent me one e-mail this year, that would be 13 million e-mails that I would have to opt out from. The other problem with opt-out is that it can overwhelm people who own their e-mail systems. I have a friend who has his own domain. He gets hundreds of thousands of machine-generated e-mails a week to addresses that don’t exist and that never have. There is no way he can opt out because there is no such address at his machine. CREWS: Actually, there is an easy way to opt out. I have filters on my computer that will block out anything that is, for instance, going to undisclosed recipients or large numbers of recipients. Individuals can also use a nifty challenge-and-response system called “MailCircuit.com.” You have a MailCircuit e-mail account into which you dump your list of friends, family, and work contacts. Any e-mails from them come right through. Anything else gets a challenge from the system. That e-mail is held and its sender is sent a note saying, “Because of the proliferation of spam on the Internet, this e-mail will not go through until you reply with the following password in the subject line.” The person does that, and they only do it once, then they are added to the safe list and the e-mail goes through. Because most spam is automated, spammers aren’t going to be able to type in those passwords. ATKINS: I worry, though, about overburdening senders. Like many people, I have multiple e-mail addresses, and there are lots of people I don’t know who want to contact me for legitimate reasons. So using a system such as MailCircuit.com would create a lot of work. CREWS: Well, there has to be some way to force senders to bear the cost, whether that is through some kind of electronic postage, or certification seals, or challenge-and-response systems. What sustains spam is that the cost of sending the stuff is so low. Even a small response rate can sustain spammers. Something has to intervene so that spamming doesn’t pay. ATKINS: Still, I am more and more pessimistic that technical means will be able to eliminate spam in our current framework. CREWS: It will be interesting to watch. Somehow, we have to move toward a system where the default is that we receive only the e-mails we want in our inboxes.
|
