Tennessee resident K. C. “Khan” Smith owes the internet service provider EarthLink $24 million. According to the CNN, in August 2001 he was slapped with a lawsuit accusing him of violating federal and state Racketeering Influenced and Corrupt Organizations (RICO) statutes, the federal Computer Fraud and Abuse Act of 1984, the federal Electronic Communications Privacy Act of 1986 and numerous other state laws. On July 19, 2002 – having failed to appear in court – the judge ruled against him. Mr. Smith is a spammer.
Brightmail, a vendor of e-mail filters and anti-spam applications warned that close to 5 million spam “attacks” or “bursts” occurred in June 2002 and that spam has mushroomed 450 percent since June 2001. This pace continued unabated well into the beginning of 2004 when the introduction of spam filters began to take effect. PC World concurs.
Between one half and three quarters of all e-mail messages are spam or UCE (Unsolicited Commercial Email) – unsolicited and intrusive commercial ads, mostly concerned with sex, scams, get rich quick schemes, financial services and products, and health articles of dubious provenance. The messages are sent from spoofed or fake e-mail addresses. Some spammers hack into unsecured servers – mainly in China and Korea – to relay their missives anonymously.
Starting in 2003, malicious hackers began using spam to install malware – such as viruses, adware, spyware, and Trojans – on the unprotected personal computers of less savvy users. They thus transform these computers into “zombies”, organize them into spam-spewing “bots” (networks), and sell access to them to criminals on penumbral boards and forums all over the Net.
Spam is an industry. Mass e-mailers maintain lists of e-mail addresses, often “harvested” by spamware bots – specialized computer applications – from Web sites. These lists are rented out or sold to marketers who use bulk mail services. They come cheap – c. $100 for 10 million addresses. Bulk mailers provide servers and bandwidth, charging c. $300 per million messages sent.
Jupiter Media Matrix predicted in 2001 that the number of spam messages annually received by a typical Internet user will double to 1400 and spending on legitimate e-mail marketing will reach $9.4 billion by 2006 – compared to $1 billion in 2001. Forrester Research pegs the number at $4.8 billion in 2003.
More than 2.3-5 billion spam messages are sent daily. eMarketer puts the figures a lot lower at 76 billion messages in 2002. By 2006, daily spam output will soar to c. 15 billion missives, says Radicati Group. Jupiter projects a more modest 268 billion annual messages this year (2005). An average communication costs the spammer 0.00032 cents.
PC World quotes the European Union as pegging the bandwidth costs of spam worldwide in 2002 at $8-10 billion annually. Other damages include server crashes, time spent purging unwanted messages, lower productivity, aggravation, and increased cost of Internet access.
Inevitably, the spam industry gave rise to an anti-spam industry. According to a Radicati Group report titled “Anti-virus, anti-spam, and content filtering market trends 2002-2006”, anti-spam revenues were projected to exceed $88 million in 2002 – and more than double by 2006. List blockers, report and complaint generators, advocacy groups, registers of known spammers, and spam filters all proliferate. The Wall Street Journal reported in its June 25, 2002 issue about a resurgence of anti-spam startups financed by eager venture capital.
ISPs are bent on preventing abuse – reported by victims – by expunging the accounts of spammers. But the latter simply switch ISPs or sign on with free services like Hotmail and Yahoo! Barriers to entry are getting lower by the day as the costs of hardware, software, and communications plummet.
The use of e-mail and broadband connections by the general population is spreading. Hundreds of thousands of technologically-savvy operators have joined the market in the last five years, as the dotcom bubble burst. Still, Steve Linford of the UK-based Spamhaus.org insists that most spam emanates from c. 80 large operators.
Now, according to Jupiter Media, ISPs and portals are poised to begin to charge advertisers in a tier-based system, replete with premium services. Writing back in 1998, Bill Gates described a solution also espoused by Esther Dyson, chair of the Electronic Frontier Foundation:
“As I first described in my book ‘The Road Ahead’ in 1995, I expect that eventually you’ll be paid to read unsolicited e-mail. You’ll tell your e-mail program to discard all unsolicited messages that don’t offer an amount of money that you’ll choose. If you open a paid message and discover it’s from a long-lost friend or somebody else who has a legitimate reason to contact you, you’ll be able to cancel the payment. Otherwise, you’ll be paid for your time.”
Subscribers may not be appreciative of the joint ventures between gatekeepers and inbox clutterers. Moreover, dominant ISPs, such as AT&T and PSINet have recurrently been accused of knowingly collaborating with spammers. ISPs rely on the data traffic that spam generates for their revenues in an ever-harsher business environment.
The Financial Times and others described how WorldCom refuses to ban the sale of spamware over its network, claiming that it does not regulate content. When “pink” (the color of canned spam) contracts came to light, the implicated ISPs blame the whole affair on rogue employees.
PC World begs to differ:
“Ronnie Scelson, a self-described spammer who signed such a contract with PSInet, (says) that backbone providers are more than happy to do business with bulk e-mailers. ‘I’ve signed up with the biggest 50 carriers two or three times’, says Scelson … The Louisiana-based spammer claims to send 84 million commercial e-mail messages a day over his three 45-megabit-per-second DS3 circuits. ‘If you were getting $40,000 a month for each circuit’, Scelson asks, ‘would you want to shut me down?'”
The line between permission-based or “opt-in” e-mail marketing and spam is getting thinner by the day. Some list resellers guarantee the consensual nature of their wares. According to the Direct Marketing Association’s guidelines, quoted by PC World, not responding to an unsolicited e-mail amounts to “opting-in” – a marketing strategy known as “opting out”. Most experts, though, strongly urge spam victims not to respond to spammers, lest their e-mail address is confirmed.
But spam is crossing technological boundaries. Japan has just legislated against wireless SMS spam targeted at hapless mobile phone users. Many states in the USA as well as the European parliament have followed suit. Ideas regarding a “do not spam” list akin to the “do not call” list in telemarketing have been floated. Mobile phone users will place their phone numbers on the list to avoid receiving UCE (spam). Email subscribers enjoy the benefits of a similar list under the CAN-Spam Act of 2003.
Expensive and slow connections make mobile phone spam and spim (instant messaging spam) particularly resented. Still, according to Britain’s Mobile Channel, a mobile advertising company quoted by “The Economist”, SMS advertising – a novelty – attracts a 10-20 percent response rate – compared to direct mail’s 1-3 percent.
Net identification systems – like Microsoft’s Passport and the one proposed by Liberty Alliance – will make it even easier for marketers to target prospects.
The reaction to spam can be described only as mass hysteria. Reporting someone as a spammer – even when he is not – has become a favorite pastime of vengeful, self-appointed, vigilante “cyber-cops”. Perfectly legitimate, opt-in, email marketing businesses and discussion forums often find themselves in one or more black lists – their reputation and business ruined.
In January 2002, CMGI-owned Yesmail was awarded a temporary restraining order against MAPS – Mail Abuse Prevention System – forbidding it to place the reputable e-mail marketer on its Real-time Blackhole list. The case was settled out of court.
Harris Interactive, a large online opinion polling company, sued not only MAPS, but ISPs who blocked its email messages when it found itself included in MAPS’ Blackhole. Their CEO accused one of their competitors for the allegations that led to Harris’ inclusion in the list.
Coupled with other pernicious phenomena – such as viruses, Trojans, and spyware – the very foundation of the Internet as a fun, relatively safe, mode of communication and data acquisition is at stake.
Spammers, it emerges, have their own organizations. NOIC – the National Organization of Internet Commerce threatened to post to its Web site the e-mail addresses of millions of AOL members. AOL has aggressive anti-spamming policies. “AOL is blocking bulk email because it wants the advertising revenues for itself (by selling pop-up ads)” the president of NOIC, Damien Melle, complained to CNET.
Spam is a classic “free rider” problem. For any given individual, the cost of blocking a spammer far outweighs the benefits. It is cheaper and easier to hit the “delete” key. Individuals, therefore, prefer to let others do the job and enjoy the outcome – the public good of a spam-free Internet. They cannot be left out of the benefits of such an aftermath – public goods are, by definition, “non-excludable”. Nor is a public good diminished by a growing number of “non-rival” users.
Such a situation resembles a market failure and requires government intervention through legislation and enforcement. The FTC – the US Federal Trade Commission – has taken legal action against more than 100 spammers for promoting scams and fraudulent goods and services.
“Project Mailbox” is an anti-spam collaboration between American law enforcement agencies and the private sector. Non government organizations have entered the fray, as have lobbying groups, such as CAUCE – the Coalition Against Unsolicited Commercial E-mail.
But, a few recent anti-spam and anti-spyware Acts notwithstanding, Congress is curiously reluctant to enact stringent laws against spam. Reasons cited are free speech, limits on state powers to regulate commerce, avoiding unfair restrictions on trade, and the interests of small business. The courts equivocate as well. In some cases – e.g., Missouri vs. American Blast Fax – US courts found “that the provision prohibiting the sending of unsolicited advertisements is unconstitutional”.
According to Spamlaws.com, the 107th Congress, for instance, discussed these laws but never enacted them:
Unsolicited Commercial Electronic Mail Act of 2001 (H.R. 95), Wireless Telephone Spam Protection Act (H.R. 113), Anti-Spamming Act of 2001 (H.R. 718), Anti-Spamming Act of 2001 (H.R. 1017), Who Is E-Mailing Our Kids Act (H.R. 1846), Protect Children From E-Mail Smut Act of 2001 (H.R. 2472), Netizens Protection Act of 2001 (H.R. 3146), “CAN SPAM” Act of 2001 (S. 630).
Anti-spam laws fared no better in the 106th Congress. Some of the states have picked up the slack. Arkansas, California, Colorado, Connecticut, Delaware, Idaho, Illinois, Iowa, Kansas, Louisiana, Maryland, Minnesota, Missouri, Nevada, North Carolina, Oklahoma, Pennsylvania, Rhode Island, South Dakota, Tennessee, Utah, Virginia, Washington, West Virginia, and Wisconsin.
The situation is no better across the pond. The European parliament decided in 2001 to allow each member country to enact its own spam laws, thus avoiding a continent-wide directive and directly confronting the communications ministers of the union. Paradoxically, it also decided, in March 2002, to restrict SMS spam. Confusion clearly reigns. Finally, in May 2002, it adopted strong anti-spam provisions as part of a Directive on Data Protection.
Responding to this unfavorable legal environment, spam is relocating to developing countries, such as Malaysia, Nepal, and Nigeria. In a May 2005 report, the OECD (Organization for Economic Cooperation and Development) warned that these countries lack the technical know-how and financial resources (let alone the will) to combat spam. Their users, anyhow deprived of bandwidth, endure, as a result, a less reliable service and an intermittent access to the Internet;
“Spam is a much more serious issue in developing countries…as it is a heavy drain on resources that are scarcer and costlier in developing countries than elsewhere” – writes the report’s author, Suresh Ramasubramanian, an OECD advisor and postmaster for Outblaze.com.
ISPs, spam monitoring services, and governments in the rich industrialized world react by placing entire countries – such as Macedonia and Costa Rica – on black lists and, thus denying access to their users en bloc.
International collaboration against the looming destruction of the Internet by crime organizations is budding. The FTC had just announced that it will work with its counterparts abroad to cut zombie computers off the network. A welcome step – but about three years late. Spammers the world over are still six steps ahead and are having the upper hand.