Spam on the Lam

Why the scourge of the Internet might be unstoppable.

MICROSOFT GRABBED headlines last month when it announced it was filing lawsuits against 15 alleged spammers12 in Washington, one in California, and two in the United Kingdomwho were said to be collectively responsible for sending more than 2 billion deceptive bulk e-mail messages to MSN and Hotmail users. Microsoft is the last of the top three Internet service providers (ISPs) making a big deal of legal action to fight spam. In May, EarthLink won the latest of several multimillion-dollar judgments against spammers, and in April America Online filed five new lawsuits.

While most might cheer Microsoft's decisive move, I and others who've been watching spam statistics for years have an uneasy feeling that Microsoft's action is too little, too late. Spam has evolved from an irritating gnat to the cockroach of the Internet. And like that primitive, 320 million-year-old survivor, spam has found a way to thrive in niches and little-known Internet protocol (IP) address spaces online, scurrying into dark digital recesses whenever someone throws on the legal light switch.

Allow me to humbly suggest three reasons why spam might be impossible to eradicate:

*Spam is endemic. By several estimates, spam is overtaking legitimate e-mail. Statistics from longtime spam filtering firm Brightmail bear this out. Between May 2002 and May 2003, spam rose from 22 percent of all e-mail to 48 percent. It's easy to calculate that by mid-summer, more than half of e-mail will be spam. Put another way: You'll be more likely to receive a spam message than an e-mail you want.

*Spam knows no legal boundaries. Spammers, including those in the U.S., frequently route messages through overseas computers. Brightmail says that of the small amount of spam that was traceable in May, 60 percent came from Europe, 16 percent from Asia, and only 11 percent from North America. My own e-mail has seen a marked increase in spam from .ru (Russia), .kr (Korea), .cn (China); and other countries unlikely to honor Washington state's pioneering 1998 anti-spam law, which forbids misleading subject lines and forged return addresses.

*Spammers are slimeballs. I'm not talking about corporate MBAs who, in preparing e-mail marketing campaigns, lobby through trade groups like the Direct Marketing Association for weak laws so spam has to be opt-out, not opt-in. Though a variety of federal restrictions are awaiting action by Congress, a national do-not-e-mail list and extension of junk-fax laws to junk e-mail would primarily be tools for dealing with otherwise law-abiding companies. The slimeballs are the violators who disguise their identity, sell questionable products, and delight in playing catch-me-if-you-can. They are the mailers of pornographic images to your 8-year-old's AOL account (19 percent of May's spam was porn, according to Brightmail) or offers of millions of dollars stuck in Nigeria if you pay "expenses" (8 percent in May was scams). Since the FTC estimated in June that 66 percent of spam is obviously fraudulent, there might simply be too many targets who are too difficult to track down.

HOPE EXISTS FOR a technological fix, and it's not filters. Like cold remedies, spam filters only mask the symptoms and don't get at the cause. Filtered spam still costs ISPs bandwidth, storage space, and time to handle complaints.

One partial fix would verify that each message really does come from the claimed sender before mail servers pass it along for delivery. Bill Gates, who in 1998 advised consumers to hit the delete key, briefly acknowledged in a Wall Street Journal commentary last month that Microsoft is "creating a system to verify sender addresses."

But that requires retooling the infrastructure of the wildly decentralized Internet, a slow process. "Right now, putting together a technological solution targeting spammers via reverse IP lookup would be very challenging," notes Mike Apgar president and CEO of Speakeasy, Seattle's fast-growing national broadband ISP"particularly given the sophistication that some of the spammers have displayed."

AND NOT ALL tech solutions work. In early June, I discovered that my e-mail to America Online addresses (including to an AOL exec) bounced. Turns out AOL had made a change in its anti-spam settings that inadvertently blocked messages from Comcast mail servers for five days.

So while lawsuits like Microsoft's might get headlines and strike fear into the hearts of newbie bulk e-mailers, they're probably no more effective at stopping slimeball spammers than the recording industry's threats have been at stopping most teenagers from trading music files.

Perhaps the only sure legal way to stop spam is to take a page from prostitution laws and make it a criminal offense to buy anything from a spammer, cutting spammers off from what they crave the mostcash. And if that doesn't sound realistic, then you begin to get an idea of how hard it might be to stop the flow of spam now that it's grown from a trickle to a flood.

Frank Catalano is a tech-industry analyst, consultant, and author. He can be reached via

comments powered by Disqus

Friends to Follow