Time to rein in spam

Wham, spam, no thank you, ma'am! Spam is out of control, and it's time to get serious about ridding ourselves of this menace.

The time and money we spend dealing with unwanted junk e-mail is staggering. According to Forrester Research, the average consumer receives 110 junk e-mails per week - more if your e-mail service doesn't screen out spam. IDC estimates that a company with 14,000 employees spends $245,000 annually to fight spam. According to Ferris Research, U.S. corporations will spend $10 billion to combat the problem this year, including the cost of lost productivity, additional equipment, software and manpower.

For me, the problem is more personal than just time and money: I have had my e-mail identity stolen and used for spam purposes. Some idiot has usurped my business e-mail address and used it as the proxy name for sending out his garbage. Now it appears as though pornographic spam is coming from me, even though the originating IP address does not belong to my company.

This seems to be the year when we get mad as hell about spam and don't want to take it (or receive it) anymore. From government-sponsored conferences, to legislation, to new tools and technologies, everyone is anxious to address the problem before it renders e-mail too cumbersome to use. Alas, there are no quick fixes.

Most of us attack the problem with technology. The most effective tool - and I use the term "effective" lightly - seems to be the spam filter. Maintaining these filters is time consuming and expensive, and spammers are constantly inventing ways to get around them.

I give low marks to a new technology approach called "challenge-response," which requires that an e-mail sender confirm his authenticity before his message is delivered to the recipient. The thought is that a spammer sending thousands of e-mails at a time won't want to confirm his sincerity to each of his targets. Not everyone will use the technology, though. A person has to activate this option in his e-mail system to challenge all incoming mail, and he can develop his own list of pre-authorized senders whose mail shoots straight through. All other e-mail is locked out until the sender answers the challenge. EarthLink has started to offer a challenge-response service to its e-mail customers.

I can't see this technology gaining general acceptance. It's too darn inconvenient for legitimate e-mail users. I encountered my first challenge last week while replying to a friend's note, and was miffed at the inconvenience, so I never sent my reply. I wonder if my friend knows how much e-mail she is missing because of this.

Federal and state government bodies are attacking the spam problem with legislation. Critics say this won't stop the problem, as laws aren't effective outside our borders, and spammers can easily move their operations offshore. Still, we need legislation to define what is acceptable behavior and what isn't. While it might not be illegal to send out millions of e-mails per day, we can make it illegal to, say, steal someone else's identity (like mine) to send out these messages.

The key to making any legislation effective is to get worldwide agreement on it. Just like nuclear proliferation, it's no good if one country supports disarmament and others don't. Unfortunately, there are too many countries that won't or can't act against spam.

Meanwhile, vigilantes are taking action against the spammers. A loose affiliation of spam-fighters attacks spammers with their own treatment: they overwhelm the spammer's servers with mail. One "soldier" attacked a spammer's operations by making all the company's phones ring at once, forcing the "marketing firm" to shut off its phones for a while. I smiled when I heard about this.

Spammers deserve all the technology, legislation and payback we can throw at them. I say, beef it all up and shut 'em all down. We have to make it unprofitable and inconvenient for them to make a living this way.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2003 IDG Communications, Inc.