It’s actually unlikely. Industry experts say it would be suicidal for a company with a valuable brand name to dabble in spam, which is about as reviled a sales tool as the intrusive dinnertime telemarketing phone call. Still, spam is now thought to account for one in 10 e-mails over the Internet. As a result, ISPs must buy more hardware to handle the load, and consumers may eventually foot the cost in higher ISP bills down the road. The good news is that relief is on the way. Companies and e-mail providers are doing an increasingly good job of blocking spam at the front door, thus liberating consumers from the task of monitoring it themselves. Last month a federal antispam bill that would give individuals and ISPs legal grounds to sue spammers passed a congressional subcommittee–coming closer to law than in any previous attempt.
So how do spammers get your e-mail address? A typical strategy is to write a program that harvests valid e-mail addresses from public forums like newsgroups and member directories of ISPs, such as America Online’s massive one. These directories are open because, like the telephone white pages, they’re intended to let you find e-mail addresses of long-lost friends and family. Another common tactic is what’s known as a dictionary attack, in which a spammer creates possible addresses using every name in the book, in myriad permutations: JoeA@hotmail.com, JoeB and so forth.
Spammers then mail out e-mail pitches–buy viagra online! get rich quick!– in huge batches; it costs no more to send thousands of messages than to send one. AT&T WorldNet says it rejects 10 million to 12 million e-mails a day because the addresses don’t match real users’–a sure sign that spammers are at work. AOL estimates that 30 percent of the e-mail it delivers to its 22 million users is unsolicited bulk messages. To fight back, AOL has created its own spam-blocking software, as have Hotmail and Yahoo!
Yahoo’s solution, called SpamGuard, automatically routes spam into a bulk-mail folder and holds it there for 30 days before purging it. This hold-and-purge feature allows users to review the alleged spam in case Yahoo’s software accidentally sent a note from Mom into the spam basket. In February AT&T WorldNet, the third largest ISP in the United States, with 1.6 million subscribers, rolled out an antispam technology from Brightmail Inc., which sets up dummy addresses in order to attract spammers and then block them.
The law is becoming another powerful tool. For years ISPs and other plaintiffs had to resort to suing spammers under statutes enacted for other purposes, such as antitrespassing laws or the federal Computer Fraud and Abuse Act. Recently, a handful of states–including California, Washington, Virginia and Rhode Island–have enacted spam laws. AOL has sued more than 40 spammers successfully, and won millions of dollars in judgments under Virginia law. “We have not lost a case,” says AOL’s Randall Boe.
But not all plaintiffs have been as fortunate as AOL: in March an Oregonian who was sued for spamming Washington residents won his case, after his attorney successfully argued that the state spam law violated the Constitution’s commerce clause, which limits the right of any state to regulate business in another. “We believe federal legislation is necessary,” says Ian Oxman, president of ChooseYourMail.com, a permission-based e-mail marketing company that runs a site called MadAboutSpam.org. “Today you can do something legal in one state that will get you sued in another.”
This may be why the new federal antispam bill is winning support from Internet users and ISPs, according to the Coalition Against Unsolicited Commercial Email, a grass-roots antispam group. The bill does not outlaw the sending of unsolicited commercial e-mail; it does provide legal grounds for receivers of spam to sue if they’ve said “No, thanks,” but continue to receive it. ISPs can simply post a no-spam policy and sue if it’s violated. It’s not an airtight solution: if the bill becomes law, spammers could move offshore, to places like Singapore, Russia and the Czech Republic, as some have already done. It’s a predictable outcome. As the saying goes, the Net interprets a blocked path as damage, and routes around it. Unfortunately, the same applies to spam, too.
