Eye on Spam, Part 1: Unbeatable Scum?

It’s been nearly a decade since spammers and their enemies began evolving competitively. As with the classic cheetah/gazelle model originally formulated by Darwin, each time one group becomes a little faster or more agile, its adversaries develop traits for outwitting and outrunning it.

Only in the spam wars, the anti-spam gazelles have a little problem: The cheetahs seem to be winning.

The number of unsolicited commercial electronic messages received by the average American in 2001 was 571, according to Jupiter Media Metrix. By 2006, Jupiter says, that number will increase to 1,400, with more than 206 billion spam messages going out over the course of the year. Though these numbers are notoriously difficult to calculate, every survey and ISP record points to dramatic increases in spam, sometimes as much as 300 percent year over year.

The Spam Resistance

One reliable indicator of the problem’s magnitude is the size of the anti-spam effort. The range of tools available to ISPs and consumers in the fight against spam grew considerably during the Web bubble.

“There are a huge number of individual projects,” according to Tom Geller, executive director of advocacy group SpamCon Foundation. “Some of them are technical, some are complaint focused, some are running statistics.”

The list includes reporting tools; complaint generators; block-lists such as SpamBag.org, Spam Prevention Early Warning System (SPEWS), and Mail Abuse Prevention System (MAPS); advocacy and legal support groups; information services such as the Register of Known Spam Operators (ROKSO); and filters of all kinds. If you want to get a sense of the scale of the anti-spam community, just spend a few minutes browsing the posts on news.admin.net-abuse.email. It’s truly staggering.

A Play for Self-Regulation

Simultaneously, heavyweight Web marketers and interactive ad players have been scrambling to distinguish their services from the bad guys, as well as to counteract growing calls for government controls on digital marketing.

In one of the biggest such moves, the Direct Marketing Association (DMA), through its subsidiary, the Association of Interactive Marketing (AIM), has released online commercial solicitation guidelines in an effort “to promote high ethical standards among marketers.” The rules require that members let email recipients know how they can refuse future mailings and allow consumers to prevent the sale or rental of their addresses.

“The guidelines demonstrate that industry self-regulation is working,” said DMA president and chief executive H. Robert Wientzen. “The guidelines are fair to consumers and marketers alike.” (Contrary to Wientzen’s remark, it’s not clear that self-regulation is what all members of the DMA want, something we’ll examine in part two of this article.)

The DMA rules require that members give opt-out information for sold, rented, or exchanged consumer information. Additionally, every email must reveal the marketer’s identity, and the subject line must be “clear, honest, and not misleading.” Marketers must also offer a detailed disclosure of each sender’s use of customer info, offline contact information, and a statement of adherence to the standards.

ISPs, for their part, are feeling real pressure from network administrators and their customers to block spammers from their email servers — pressure that goes beyond the typical complaint and reporting methods. Many spam-supporting ISPs are even finding themselves on the receiving end of denial-of-service attacks.

Still Not Enough

All of this is insufficient for the gazelle to protect itself, however.

“Technical approaches are unlikely ever to eradicate spam,” according to David Sorkin, associate professor of law at the John Marshall Law School. “[This is” partly because of the time and resources that spammers devote to their activities and partly because of the inherent openness of the Internet and email protocols.”

As Sorkin points out, the costs of implementing technical solutions can only increase with time, given the lack of deterrent these efforts pose to spammers and the continuous increase in unsolicted email traffic.

There are also drawbacks to many technical solutions. Spam filters tend to block some legitimate email along with the intruders, an uncomfortable compromise for anyone who relies on email for personal or business reasons. This is also harmful to marketers, who may be blocked either because of a filter error or because their company’s SMTP server has been hijacked by spammers for mail relay purposes.

Additionally, it’s important to note that block-list services are held to no standard of accountability. This can only be bad for legitimate email marketers, who may be block-listed due to an innocent sending error or a policy change on the part of the block-list service.

This happened recently when MAPS, known for its Black Hole list of documented spammers, created a new list to keep track of marketers that don’t verify a user’s addition to its database with a separate email. Suddenly and without warning, numerous formerly legit email marketers found themselves ranked alongside unscrupulous spammers on a list trusted by ISPs and online consumers. Not surprisingly, many were outraged.

“Our lists are nothing more than our opinion about their email practices, each fully backed up by documented fact,” says Anne Mitchell, director of legal and public affairs for MAPS. “We simply publish that information, much like Consumer Reports or a restaurant reviewer.”

None of this is good news for online marketers, all of whom are dependent to some extent on the accuracy of spam filters and the definitions chosen by services such as MAPS to get their messages out.

An unannounced policy change on the part of a block-list or a filter error can be disastrous, in terms of both sales and PR. When that happens, it doesn’t matter whether a marketer’s permission policy is opt-out, opt-in, or the so-called “double opt-in” (a.k.a. “opt-in with verification”). It’s a situation many find intolerable.

For these reasons and others, consumer groups and email marketing interests alike are hopeful that the worst perpetrators of spam can be sued out of business. It’s a daunting proposition, given the huge number of spammers and the difficulty in tracing them, but a number of precedents have already been established, which may point to a future victory over spam.

In part two of this story, we will look at the FTC’s potential role in fighting illegitimate marketing practices and consider several key laws and cases that will influence future legal battles.

Read Part Two of this article.

Related reading