Canning Spam is Not a Slam Dunk

Toronto Star
February 24, 2003

Ever watch a horse in a barn as hundreds of flies buzz around its ears and snout and eyes?

There's not much he can do, really, other than whip his tail around, shake his head, or perhaps take a suicidal dive into a ravine. Pigs and hippos prefer to submerge themselves in mud.

That's kind of the way I feel about spam, or what's more politely referred to as unsolicited commercial e-mail.

I don't think I'm going out on a limb here by saying most Internet users get spam, and most hate spam. The stuff takes time to delete. It clogs in-boxes and Internet connections. It uses up the network bandwidth of corporations and service providers. Generally, it's offensive and obscene, which is particularly problematic when it reaches children.

A recent survey from Internet security firm Symantec Corp. found that 63 per cent of respondents received more than 50 spam messages a week. That sounds a bit conservative to me I get a weekly dose of about 50 Nigerian scam e-mails alone but whatever. The bottom line is that spam is a menace to society.

There have been calls for legislation to curb the volume of spam. Several U.S. states have such laws and Canada is currently looking at that option as part of a discussion paper released last month. Industry Canada is looking at shifting the burden to Internet service providers and Web users themselves, who would presumably use technologies such as spam-filtering software to combat the problem.

Indeed, there's a view out there that technology not legislation will be the only effective answer to this problem, considering most spam originates from unreachable overseas locations.

But is technology that panacea? I'm not convinced, at least not with today's products and services. Neither is David Stark, director of public affairs at NFO CF Group in Toronto.

NFO CF is a social and marketing research firm that conducts surveys, asking Canadians what they think about banking, voting or shopping over the Internet. It's the kind of information a technology reporter such as myself would find valuable when writing about our industry.

A typical survey might include 4,000 e-mail invitations sent to people who have previously agreed to participate in such surveys. A third may choose to respond, and their names are entered into a cash sweepstake.

Recently company researchers have noticed an increasing number of e- mail invitations being bounced back with error messages. In a batch of 4,000, all 37 messages that went to Cogeco cable modem customers were returned, as well as all 13 sent to AT&T Canada accounts and three sent to accounts.

A total of 97 out of 1,218 sent to Hotmail Web-based accounts were also returned.

With the AT&T Canada accounts, the bounced-back messages read as follows: "Error ... the delivery of this e-mail has been blocked by AT&T's automated virus and unsolicited bulk e-mail filters."

Stark says that, as instructed, he sent an e-mail inquiry to AT&T customer service but has yet to receive an appropriate reply.

"Sure, what they're doing is reducing the amount of spam, but it's also reducing the amount of legitimate e-mail," he says. "Everything we send is legitimate. Recipients have agreed to receive e-mails from us, and through this technology, Internet service providers are denying their customers from receiving communications they wish to receive."

For its part, AT&T admits that, short of having somebody read each e- mail message, the automated system it has in place isn't perfect. "I'm told in general it's virtually impossible to filter out only the bad ones and let in only the legitimate ones," said company spokesperson May Chiarot.

This imperfection could easily begin to have a material impact on NFO CF's business.

Stark admits that the absolute number of rejected e-mails isn't huge so far less than 1 per cent. But he wonders about the potential for this problem to grow as more ISPs and individual consumers begin arming themselves with anti-spam technologies, such as McAfee's SpamKiller or freeware such as SpamAssassin.

It's a concern that's also shared by the Canadian Marketing Association. Simply put, there is still too much room for these technologies to keep out what's legit and let in real spam that has been cleverly disguised as legitimate, opt-in marketing pitches.

Take SpamAssassin, which applies a base of rules to a "wide range of heuristic tests on mail headers and body text to identify spam." What are those rules? Well, if your e-mail mentions you have a "privacy policy" or can "opt-out" or claims to be selling anything, it is flagged as spam.

The reason these words are screened is because spammers intentionally try to use these claims to disguise their messages as legitimate. The flawed logic in this is obvious, particularly when you consider that some privacy laws and self-regulatory organizations require that companies highlight their privacy policies.

"It just bothers me that we're doing the right thing, putting our opt-out clause at the bottom of the e-mail, and yet those words are being flagged," says Stark, pointing out spammers know how to get around these rules.

There are also online blacklists that companies can use, such as SPEWS, which stands for Spam Prevention Early Warning System. After calling Cogeco with his concern, Stark discovered that the cable company uses the SPEWS list to shut out spam.

He figured he could simply contact and get his company's Internet Protocol addresses removed from the screening list. What he found is that SPEWS is just an automated system that is regularly fed by systems administrators and ISP postmasters from around the world. There's nobody, really, to contact. Consider it a kind of star chamber that aims to oversee anarchy on the Internet anti- spam vigilantes doing their part for the greater good of the online community.

Only problem is the judges of this "star chamber" can sometimes get it wrong.

"They say too bad, tough for you, you can't contact us," says Stark. "There's no way for somebody to take immediate action."

All of this doesn't make the debate on spam any easier. E-mail filtering firm Brightmail Inc. claims that 41 per cent of the 40 billion e-mail messages it sifts through each month falls into the spam category. How do we know for sure that those 16.4 billion messages are truly unsolicited?

Is this a case where we hate spam so much we're forced to take the lesser of two evils? Must legitimate companies become the sacrificial lambs that keep the volcano of spam from erupting?

Maybe we should take the simple route, a lesson from the pigs and hippos, by throwing ourselves into a pool of mud.



[ ]