Spam Wars
Spam Wars
In an unprecedented display of co-operation, rival Internet service providers Microsoft, AOL and Yahoo are banding together to wage war against spam. Stuart Finlayson reports from the front line.
"The torrent of unwanted, unsolicited, often offensive and sometimes fraudulent email is eroding trust in technology, costing business billions of dollars a year, and decreasing our collective ability to realise technology's full potential."
Microsoft Chairman, Bill Gates
Last year in the US, the estimated loss to businesses caused by unwanted commercial email, was a staggering US$8.9 billion, while a report issued by the National Office of the Information Economy (NOIE) said that spam is costing Australian business $960 per employee per year. In short, to describe spam as an inconvenience or an irritant to businesses is no longer appropriate. It is, without doubt, an absolute nightmare.
While spam has been around for a while, it has not been tackled in a concerted way. At least, not until now that is.
Recognising that the spam problem has reached critical levels, rival Internet Service Providers (ISP's) Microsoft, AOL Time Warner and Yahoo have been meeting with one another, in what is an unprecedented display of togetherness and co-operation, to come up with an effective means of preventing spammers from spreading their unwanted messages, or at least create a system whereby it is easier to catch the perpetrators. But is it already too late?
Peter Coroneos, Chief Executive of the Internet Industry Association (IIA), has played a major role in getting government and business leaders to address this problem. Coroneos told IDM why the big guns are only stepping in to do something about this now, when the problem is apparently already spiralling out of control: "It's really only been in the last 12 months that it has reached the kind of proportions where it is no longer an option to deal with it. It has really come about much more quickly than anyone anticipated.
"Although we could see the situation developing from way back and were projecting that this was going to become a major problem one day, when we were first picking it up, it wasn't really on the radar as such - more of a minor annoyance. Of course, now it has got to the point where it is a serious business problem, but that has only occurred quite recently, and that's why you are now seeing the large corporates taking it seriously."
With recent estimates putting the level of spam at somewhere around half of all email traffic, it is not difficult to see why ISP's are so keen to put a stop to it, or more realistically, keep a lid on it and prevent it becoming worse still.
As anti-spam product developer ePrivacyGroup pointed out in a study it conducted on the scourge of spam, theoretically, if there was no spam, ISP's could spend half as much as they currently do on facilities and bandwidth and still handle the same amount of legitimate traffic. So clearly the financial burden imposed on ISP's by spam is enormous, and those costs have to be passed on somewhere - to individuals and businesses that pay for Internet access.
A prime example of the enormity of the problem faced by ISP's is AOL. The company's proprietary anti-spam filtering technology is now blocking in excess of 1.5 billion pieces of junk mail every day from reaching member email inboxes, which amounts to an average of more than 40 junk emails per account daily.
An AOL spokesperson describes what the company is doing to combat the perpetrators. "Spam is a widespread problem across the Internet and it is threatening the usefulness of the medium for consumers and businesses alike. AOL believes the problem needs to be attacked on several fronts to be effective: "As part of its ongoing, comprehensive battle against spammers, AOL recently announced a sweeping series of lawsuits against individuals and companies in the US that it alleges have repeatedly sent members high volumes of unwanted junk emails using a variety of evasive means to circumvent AOL's spam filters."
AOL is filing five separate lawsuits against over a dozen companies and individuals, who the company alleges are together responsible for sending an estimated 1 billion spam emails to AOL members and generating over 8 million individual spam complaints from members: "It's critical for industry to continue to work together to come up with technology solutions and industry standards in order for the problem to be curbed," stresses the AOL spokesperson. "Spam is a complex and multi-faceted issue that requires all of the stakeholders (ISPs, Marketers, consumers and policymakers) to work together simultaneously on many fronts."
What can be done?
Spam presents unique legislative and regulatory difficulties because the Internet makes it incredibly easy and cheap to collect email addresses and subsequently send huge volumes of spam. Compounded by this is the patchwork of global regulatory regimes in place at present which make enforcement quite difficult.
Julie Inman, senior corporate affairs manager, Microsoft Australia, says the company is putting a lot of time, effort and resources into research and development around security and user-empowerment technologies in an effort to make email a more safe, secure and trustworthy experience, but admits that the battle to keep pace with the spammers has still to be won: "Unfortunately, spammers have so far managed to stay a step ahead of the anti-spam technology curve, in large part by taking advantage of insecure Internet protocols that provide weak or no authentication of senders. Because current technologies are not foolproof, they may mistakenly block legitimate emails ["false positives"].
"That is why we believe legislation should balance the need to promote robust filtering solutions with the commercial interests of legitimate businesses; legislation should allow consumers to receive email from 'trusted senders', while allowing consumers and filters to more easily block unwanted spam.
"One of the proposals we're [Microsoft] looking at in terms of legislation would require an ADV tag be included on the subject line of email from senders who do not meet certain best practices; for example, recipient affirmative consent, pre-existing business relationship with the recipient or participation in an approved self-regulatory program. Ultimately, such a provision would also provide a safe harbour (liability protection) for good faith efforts to block spam and supporting the broad adoption of anti-spam filtering technology by ISPs and email providers."
AOL's spokesperson agrees that catching the spammers is a difficult task, but not a hopeless one: "Part of the challenge is that spammers are always changing their tactics and trying to find new ways to work around the systems that AOL and other companies and individuals are putting in place to fight spam. But that doesn't mean that the clever spammers are impossible to catch. To this end, AOL is fighting the spam problem on several different levels, and we are hopeful that this aggressive and multi-faceted approach will help curb the problem and put some of the most egregious spammers behind bars."
The effort to crackdown on spam in Australia has really started to gain momentum in recent months, with the government, national associations, email filter providers and other major companies involved in a variety of campaigns to rid our inboxes of spam and introduce tougher penalties for those responsible for delivering it.
One such company who has been actively fighting the war on spam is, Yahoo! Australia/New Zealand.
Throughout May and June this year, representatives from Yahoo wound their way from Sydney to Canberra, via Queensland and Victoria, travelling around 4,000km in their big purple and yellow bus, stopping at a host of large and small communities on the way, with a petition calling for national legislation to outlaw spamming.
Rachel Watt, producer of Yahoo! Australia/New Zealand Mail, says: "We are giving people the opportunity to let us know how they feel about spam and fill out a petition, which we are then going to pass on to Senator Alston's office [Minister for Communciations, Information Technology and the Arts]."
"At Yahoo, spam is one of the biggest gripes we hear from our users. The problem is too big to just focus on anti-spam technology - we think there needs to be legislation introduced as well."
Watt adds, that Yahoo has been investing heavily in tools to prevent spam overwhelming their users: "We spend a lot of time and resources building tools and technology to combat spam. With Yahoo Mail, we have Spamguard, which is really effective at picking up spam but can only do so much, so we have a lot of our engineering resource spending on building tools to stop spammers getting into our users' inboxes. We also try to educate our users on how to set up blocking addresses and filters so they can protect their inboxes as well."
Incidentally, in March this year, Yahoo's Spamguard caught five times more spam than it did in March 2002, amounting to billions of messages every day, which illustrates how rapidly the threat is growing. As things stand, it is notoriously difficult to catch those responsible for sending spam.
There are a number of reasons for this, as Watt explains: "Spammers have a lot of tricks up their sleeves. They move quickly and change servers quickly. Also, to the untrained eye, they'll send spam that looks like it is coming from another place by changing the header. This is dangerous, as a lot of people will see an email, thinking it comes from a valid address and click on it, which then validates their email address and they end up on a list which gets sold over and over again and they subsequently get bombarded."
Microsoft's Julie Inman agrees that spammers are slippery creatures, a fact which she says means that any effort to combat the problem must be all-encompassing: "Spam is a difficult nut to crack because some of the most insidious spammers are either quick to circumvent technological methods aimed at stemming spam or they are essentially operating in a "safe haven" where the laws are not sufficient or are not enforced.
"As such, Microsoft believes that the only way we can really stem the scourge of spam is by taking a truly holistic approach to the problem; through industry initiatives and self-regulation; by providing technological tools and consumer education and by strengthening laws that deter spammers and provide for adequate enforcement mechanisms. This will ultimately involve cooperation between industry, government and law enforcement and will also require educated and informed users."
IIA's Peter Coroneos, recently addressed the US Federal Trade Commission forum on spam in Washington DC, where he spoke about what Australia was doing to combat the problem. He says that if spam is allowed to grow at such a rampant rate, the consequences will be dire for email: "There is no doubt that spam is affecting every country and the problem is growing. Without the technological measures currently in place, the utility of email would be seriously compromised. Email is still the killer application of the Internet - if it goes, the major reason for people staying online will go with it. We cannot afford to let that happen."