Antispam effort smacks of cyber-McCarthyism

Spam annoys me, but hard-line antispam zealots flat-out scare me. Of course, I'm biased on this issue. I'm a First Amendment zealot. I am convinced that no one should be able to impose prior restraints on users' freedom to originate, address and submit any messages they wish to any recipients they wish.

What's sticking in my craw is the statement of principles published by the Mail Abuse Protection System (MAPS), a nonprofit consortium that maintains a blacklist of networks with management policies conducive to spam origination or relay. Many companies subscribe to MAPS' Realtime Blackhole List (RBL), which they use to block spammers from invading their networks. You can check out MAPS' policy statement at http://maps.vix.com/rbl/rationale.html.

Not content to limit spam to its usual definition of unsolicited bulk e-mail, MAPS ("spam" spelled backwards, get it?) has called into question our basic right to send unsolicited e-mail in any quantity, even if a message were addressed to just one recipient. It's right there in the group's statement: "No Internet user has any fundamental right to send you e-mail or any other kind of traffic. . . . The automatic presumption on the part of all Internet users is that you would be annoyed by e-mail which promotes a unilateral cause (such as making money for the sender)."

The group even goes so far as to imply that sending unsolicited e-mail is tantamount to criminal behavior, saying that spam "is always theft of service no matter what its topic."

In what bizarro universe? Are we prejudging all unsolicited communications as instruments of harassment? Are we raising the possibility of class-action suits against anybody who addresses an unsolicited e-mail advertisement to more than a handful of recipients? Requiring prior authorization to send e-mail to strangers would stop electronic commerce in its tracks and strangle the culture of openness and sharing we've built on the Internet.

What the MAPS people are confusing are two different, but equally valid, rights. On the one hand, freedom of speech requires that we not stop people from submitting any e-mail to whomever they want, in whatever quantities, so long as the sender does not deliberately attempt to send a virus or cause other forms of denial of service.

On the other hand, we also have a right to block any and all mail addressed to us or routed through our networks. This is where MAPS and its blacklist play a very useful role in the online world. The consortium operates like a Better Business Bureau, publicizing spam abusers so potential victims can take defensive countermeasures.

This is all fine and dandy, but who watches the antispam watchdogs? These antispam consortia are a sort of free-floating policy-making bureau, well-meaning but not accountable to anyone in particular. Their goal is to impose on companies everywhere the consortia's conceptions of how messaging systems should be administered. If your company gets on their blacklists and you attempt to take up the matter with them, they'll just lecture you on how you should change your ways.

You won't even know when your company is placed on their blacklists - you'll only know it when your users' messages are blocked by recipients' domains. You won't be given any chance to appeal the consortia's decisions.

The consortia will, for example, tell you to turn off or severely limit use of the mail relay feature in your Simple Mail Transfer Protocol backbone network. They may have some good advice, but rather than leave it to you to implement as you see fit, they will be in a position to coerce you into compliance.

Does this frighten anybody else? This feels like the makings of cyber-McCarthyism. We're in danger of creating an unelected, quasi-governmental policy-making authority in cyberspace, one that's able to selectively disconnect, disenfranchise and ostracize any organization not recognizing its sovereignty.

Don't get me wrong. I don't want government agencies to start policing the world's e-mail systems. Private-sector watchdog consortia, policies and hotlists are the best, most scalable way to manage this issue in a distributed environment. But the antispam consortia should give suspected spammers a chance to argue their case before they get blacklisted. And the consortia should tone down their strident, adversarial rhetoric, which tends to demonize anybody who disagrees with their worldview.

Hey, my inbox is crammed full of the stuff, too. But I still think we should bring a greater sense of fairness and due process to our dealings with suspected spammers.

What do you think? Jump into the discussion and add your thoughts.

Kobielus is an Alexandria, Va.-based analyst with The Burton Group, an IT advisory service that provides in-depth technology analysis for network planners. He can be reached at (703) 924-6224 or jkobielus@tbg.com.