Wishful Anti-spam Thinking

Tomorrow, the House is expected to pass new anti-spam legislation.  The effort is understandable: The increasingly apparent downside of an Internet on which you can contact whomever you want, is that anyone can contact you.  The “openness” once central to the “Internet experience,” is increasingly a drawback.

However, the dilemma isn't merely that legislation likely won't rid us of spam, given the Net's global pool of scofflaws; rather, legislation like “ADV” mandates or “do-not-spam” lists doesn't address the root of the spam problem: (1) the lack of authentication of senders, and (2) the ability of spammers to shift the costs of bulk e-mail to recipients.     

Granted, such misdeeds as peddling shoddy goods, forging the name of a sender, and phony “unsubscribe” promises should be punished. Abuses like “dictionary attacks” and spoofing often commandeer unwitting computers and resemble hacking more than commerce. But to a great extent, these are already illegal and alternative market-driven solutions via technology, pricing, and industry consortia are going to become more urgent.     

Maybe that's a blessing in disguise, because spam is not a single dilemma: Kids seeing porn in the inbox is a different problem than ISPs overwhelmed with ricocheting Viagra ads.     <?xml:namespace prefix = o ns = “urn:schemas-microsoft-com:office:office” />

Moreover, the industry must coalesce to address cyber security and hacking concerns that need remedying perhaps more urgently even than spam. Actually solving such problems is a different proposition from passing a law.     

Pending legislation, for example, would impose subject-line labeling, like “ADV,” for commercial e-mail; mandate “unsubscribe” mechanisms; ban “harvesting” software; set up fines or even bounties; and contemplates an expensive (and likely hack able) Do-Not-Spam list.     

But if legislation merely sends the worst spammers offshore, we've only created regulatory hassles for small businesses trying to make a go of legitimate e-commerce, and mainstream companies that already follow “best practices” like honoring “unsubscribe” requests. Proposed legislative penalties can easily keep many small businesses out of Internet marketing altogether, for fear of a costly misstep. Is that really our goal?     

Commercial e-mail, even if unsolicited, may not always be unwelcome. Yet how might the definition of “spam” expand? Is it just “bulk unsolicited commercial” mail, or is it “anything you didn't ask for?” Many e-mails aren't commercial but are still unwanted: press releases, resume blasts, charitable solicitations. Even the signature lines we all put in our e-mails are a subtle solicitation. If we need “ADV” for advertisements, then what about “REL” for religious appeals? Notably, politicians are exempt from anti-spam legislation.     

We shouldn't discount the creativity of lawyers looking to sue the easy marks, such as the small businesses that will inevitably slip up when implementing “unsubscribe” requests, or newsletters that fail to put “ADV” in the subject line. Navigating e-mail commerce will be easier for large firms.     

Much of the Internet industry's newfound support of spam legislation seems defensive and aimed at protecting the ability to send legitimate commercial e-mail. But post-legislation, marketers will surely feel they have met federal requirements, like ADV and a street address, and therefore ISPs have no right to block their messages. (One cynic said the “CAN SPAM” bill meant that you “can spam.”) But blacklists are one of the key means of dealing with spam today. Contracts, and the right of ISPs and consumers to end unwanted relationships — not federal guidelines — should rule.     

There's some good news. If the desire is to stop spam in personal inboxes, one can do it already using “handshake” or “challenge-and-response” e-mail accounts, which typically thwart all spam. Meanwhile, the entire industry needs to get busy on standards, such as for digital signatures or “seals” for trusted e-mail as a means of helping tomorrow's ISPs block spam. It could require unprecedented industry coordination.     

At bottom, the flat fees and free e-mail of today aren't a fact of nature or a natural right. Ultimately, e-mail “postage” or protocols that allow users or ISPs and users to charge fractions of a cent for unsolicited mail would allow users to impose their own conceptions of “spam.” Emerging bonded sender programs anticipate such a sea change.    

It may be that today's system, in which originators of messages remain anonymous, is altogether inappropriate for the commercial information society of tomorrow. While the government must not outlaw anonymous e-mailing, maybe it needs to be impossible, not merely illegal, to send a commercial e-mail if the network owner can't discern who you are or charge you. If so, those are jobs for the industry that can't be replicated by passing a law.