Best Practices Best Tool to Fight Spam

Global Internet group says focusing on people by closing down open relays and educating users, not focusing on technologies such as spam-filtering, is the best way for ISPs to fight spam.

by ISP-Planet Staff [June 27, 2002]

The Global Internet Project (GIP) is an international group of senior executives committed to fostering continued growth of the Internet. GIP members come from leading Internet-centric companies representing the telecommunications, software, hardware and financial services sectors. Based in Arlington, Virginia, the Information Technology Association of America (ITAA) serves as GIP headquarters.

Panelists representing government, academia, law, and business recently converged at a workshop hosted by GIP. All participating parties expressed concern over the growing use of spam by fraudulent commercial enterprises.

Vinton Cerf, Senior Vice President of Architecture and Technology at WorldCom, Inc. warned that as the pace of technological innovation increases, producing ever-faster computers and broadband Internet access, spam is not only a growing problem, but is one of the most serious threats to the trust in and use of the Internet.

"Increased bandwidth will not trivialize the cost and nuisance factor of spam, either at the ISP, business or individual user levels," Cerf stressed. "Spammers will always take advantage of the latest technology to optimize their outreach, so that in the future, we may be bombarded by huge amounts of high resolution video and graphics. Technological advances will never outgrow the negative effects of spam."

Assessing the cost of spam
The scope of the problem was recently captured by Brightmail Inc., which detected a 600 percent increase in spam from May 2001 to May 2002. It is estimated that 27 percent of all e-mail today can be classified as "spam."

Research firm eMarketer estimates that 76 billion spam e-mails will be sent worldwide in 2003, at an average cost to the spammers of 0.00032 U.S. cents per message. Dubious spam "clearinghouses" offer spammers millions of e-mail addresses at low costs.

Spam is also increasingly a problem for users of wireless connections, in particular those in Japan and Europe where the i-Mode and SMS messaging systems are popular. Expensive and slow connections make spam over wireless networks particularly costly and burdensome to users.

Fewer laws, more effective enforcement
There was a strong consensus at the workshop that spam will never be completely eliminated, but that a series of measures must be taken in order to minimize its broad and negative impact on economic and personal productivity, and to address the nuisance and the issues concerning invasion of privacy.

GIP Chairman John Patrick applauded Orson Swindle, chief of the U.S. Federal Trade Commission, remarking that new legislation will not stop spam, but that effective enforcement of existing laws that address fraud and deceptive practices both in the online and offline worlds, an area where the FTC is working hard, can have a positive impact.

"What is needed is more high profile prosecution of those using spam to engage in fraud or other criminal activity. This would be a deterrent to future would-be spammers," Patrick said. "Greater efforts must be made to demonstrate that fraud and deceptive practices on the Internet carry a high risk of capture and prosecution."

The FTC is addressing consumer complaints daily and is taking actions against deceptive commercial e-mail and spammers who don't honor their "remove me" claims.

Best practices best answer
Workshop participants made a strong statement that a multi-faceted approach was crucial to address the burgeoning problem of spam. By leveraging the abilities of Internet service providers (ISPs), software companies, employers, consumers and government; spam can be most effectively addressed. ISPs must further limit open relay connections, which provide loopholes for spammers.

ISPs, e-mail clients and operating system creators should help educate end users and provide warnings about spam. For example, ISPs should teach subscribers that "if it sounds too good to be true, it is." Other opportunities include educating users about how to secure personal computer connections and how to report spam to e-mail abuse coordinators and government authorities.

Moreover, ISPs do and should continue to effectively address consumer complaints about spam and block user accounts of mass-spammers. Millions of spam messages are already stopped daily. However, Vint Cerf cautions that ISPs should not be engaged in filtering unsolicited mail strictly based on content.

"Businesses and end users must be educated and be provided the technology tools necessary to establish their own definitions of spam, and create their own threshold for how much mail should be filtered out," Cerf recommends. "Users may subscribe to 'blacklists' of spammers, and filter out messages based on content and other criteria. In the future, users may take advantage of digital identification technologies to establish their own personal 'white lists' of approved e-mail senders—similar to how instant messaging buddy lists are created, based on personal preferences."

Universities, other institutions, and organizations also attempt to stop spam at their gates, in order to protect their students and employees.

Ms. A. Jill Reese, a workshop participant who is a coordinator at the University of Maryland, cautions that "expecting only the end user to filter spam shifts the economic burden of bandwidth usage and spam control squarely onto the often ill-prepared end user's shoulders. The University is experimenting with methods to prune the flood of spam without violating First Amendment rights."

Businesses also need to be educated on how to differentiate between legitimate commercial e-mail based on existing customer relationships, and unsolicited "spam" messages.

Industry should strive to develop universally accepted best practices to guide enterprises, ISPs and consumers.

— End