Collateral Damage

New efforts to combat spam may also be killing e-mails future.

THE MOST underappreciated casualty of the spam epidemic is not your clogged inbox, your wasted time, or even the burden placed on bewildered lawmakers. Its the very reliability of e-mail itself.

I first became aware of this disquieting fact last summer after the SoBig and Blaster worms flooded the digital ether. Id just wrapped up a speaking engagement and was asked by the organizer to e-mail him my notes. I did so. A week later, he asked again for my notes. I again attached them to an e-mail and hit send. That didnt work either. It took a third e-mail sent from a backup account to finally get through.

Id have written this off as a one-time quirk if I hadnt started hearing similar stories from friends and colleagues about delayed e-mail, mysterious error messages, and missives that simply did an Amelia Earhart. It became clear that the dirty little secret in the escalating war between spammers and anti-spammers isnt that your e-mail may never get read. It may never get delivered.

There are three forces at work, each negatively reinforcing the others.

First is sheer volume, which overwhelms bandwidth and mail servers. While many stats showed spam crossed the 50- percent-of-all-e-mail threshold around last May, the real number may be much higher. As anti-spam firm Solid Oak Software notes, that percentage only counts mail thats destined for a real, working e-mail address. It doesnt include attempted deliveries to invalid addresses, over-quota mailboxes, and other undeliverable mail. Solid Oaks figures? Spam, including illegitimate e-mail, accounts for more than 90 percent of all e-mail traffic.

That volume comes from many sources. Sure, mass-mailing viruses are to blame, spawning bastard progeny from your unsuspecting Outlook address book. But some anti-spam companies themselves are hardly blameless.

Take challenge-response services. Theyre designed to make sure, by responding with a challenge message to each new sender who tries to contact you, that theres a real human being at the other end and not spambot hiding behind a fake return address. Every time the service intercepts an e-mail on your behalf, it automatically sends out an e-mail response seeking to verify that the sender is a real person. The original sender must then respond in turn; and then the original e-mail gets delivered to you a cycle that at least doubles the traffic generated by the initial e-mail.

It gets worse: Seattle-based SpamArrest, a well-known challenge-response provider, reserves the right in its privacy policy to contactfor internal and marketing/promotional purposesanyone who happens to send an e-mail to one of its subscribers. Thats right. Anytime you unwittingly e-mail someone who happens to subscribe to a challenge-response spam filtering system, you may be implicitly giving permission to be spammed by the anti-spam service itself. (Thankfully, I havent yet been on the receiving end of SpamArrest anti-spam spam, but the convoluted irony of it makes one pause.)

The effect of this surging volume is predictable. Interland, one of the largest Web hosting and e-mail providers for small and medium-size businesses, advised customers in September that their messages may experience a delivery delay of anywhere from one hour to three days, due to tripled traffic from viruses and spam.

THATS ASSUMING they get delivered at all. Because the second contributing factor is overaggressive spam filtering. Im not talking about the filters you install on your personal computer to toss suspected spam into a special folder. Its the filters you dont know about, set up by Internet service providers (ISPs), that blacklist entire mail servers.

Heres how it works: Joe Spammer sends thousands of unwanted messages from a mail server at ISP A to a mail server at ISP B. Company B, noticing huge amounts of spam or undeliverable mail coming from Company As server, puts up an automatic block to reject all incoming e-mail from that server for hours, days, or forever.

If you also happen to send your e-mail through the server the spammer used, you may suddenly find that e-mail to certain people doesnt get through. Comcast customers discovered last June, for example, that e-mail sent to AOL subscribers bounced for four days; AOL was blocking Comcast. Since then, Ive been affected by temporary, automated server-to- server blocks between Comcast, Interland, and other ISPs.

These blocks usually end automatically after a few hours. But in the meantime, senders get cryptic error messages (Permanent failure: other address status) and dont know whether their missive arrived or not. Theyre innocent bystanders caught in the spammer/ anti-spammer crossfire.

The third and most damaging hit to e-mails reliability? Lack of feedback. Too much volume and overaggressive filtering by themselves might be tenable if senders had a clear idea of the effect on e-mail.

But generally they dont. There are those incomprehensibleor nobounce messages. There are mysterious, malleable limits on how many addresses you can include in a single e-mail or how often you can connect to send e-mail before your own mail is blocked as spam. (In September, for example, Comcast instituted limits but didnt provide much numeric guidance as to what it takes to stay within them.)

Unlike a dropped cell phone call, with e-mail theres not always an indication that communication failed. And that leads to a death spiral of overcommunication: Did you get my e-mail? Wheres your e-mail? Please send me a confirming e-mail. Its almost as if you should just phone ahead.

Fueled by the intensifying arms race between spammers and anti-spammers, the combination of crushing volume, undisclosed filtering, and inconsistent feedback is making e-mail about as dependable as putting a message in a bottle. E-mail, once widely heralded as the Internets killer app, may ultimately wind up killing itself.

Frank Catalano is a tech-industry analyst, consultant, and author who has lost two business e-mail addresses to spam. He can be reached via

comments powered by Disqus

Friends to Follow