Spam, That Ill O’ The ISP

Spam, That Ill O’ The ISP

A Reality Check for Legislators
May 21, 2003

Full Document Available in PDF

Most public attention has been focused on how spam affects individual email users; less on its impact on ISPs and other administrators of large networks. But the consumer-focused approach is unlikely to solve the most serious aspects of the problem. The consumer is the end of spam’s journey; its origins lie in the policies and technologies of networks. Solving most of the problems for ISPs would probably also solve most of the problems for consumers, but the converse is not true. Therefore, this paper assesses spam and its legal and technical solutions with an emphasis on the perspective of ISPs.

We begin by navigating among several competing definitions of spam and outlining its most seriously problematic aspects for consumers, businesses, ISPs, and legitimate marketers. We go on to assess contractual, technical, and statutory solutions.

·         For end users, the best solutions are the new Bayesian content filters, which can be tailored to individual preferences.

·         ISPs, the most seriously affected, have limited and constrained the spam problem successfully using filters, litigation, and contractual solutions.

·         Spammers have been largely forced off of legitimate ISPs onto foreign relays and hijacked ISPs.

·         Many (not all) provisions of the new laws proposed thus far are too broad, but none would be helpful without vigorous enforcement.

·         Significantly stepped up enforcement levels would be necessary for any law to have a deterrent effect.

The study cites empirical research showing that laws have little deterrent effect unless there is a substantial probability that violators will be caught. Increasing the severity of penalties is ineffective if enforcement is ineffective. Many federal and state laws already apply to spam. While a few more carefully targeted laws might be justified, the most effective use of government resources would be increased enforcement. And it should be aimed at real bad actors, not legitimate businesses that have taken a misstep in posting a privacy policy or administering an email list.