A steady rise in distrust and discontent has been spreading in the ranks of the Internet community and spam is at the root of this problem. Confidence, worldwide, is wavering as the cyber ways and e-mail systems are put under a steady wave of attack from ‘spam gangs’ and the viruses released on the networks on such a regular basis. But is this shift in confidence enough to put at risk the future development of Internet communications and could this, in turn, affect the development of e-commerce?
So what is spam? Most Internet users today will come into contact with spam on some level, if only as a daily irritant clogging up inboxes. As varied as the content is, spam can be broken down into three basic groups, all sharing the characteristics of unwanted and unsolicited junk e-mail.
Malicious spam Generally fraudulent or illegal in nature, the aim of these e-mails is often to deceive. They range from “miracle cures” and “get rich quick with no risk” schemes to the often laughable “sex enhancement” aids. Some scams have even gone down as Web legends, such as the infamous ‘Nigerian Letter’, which has milked many millions of dollars from well meaning, if naïve, people.
E-mails containing adult content are not only offensive but, worse still, sent with no regard for the age of the person on the receiving end. The virtual world is no longer a safe place. It has become just as perilous for our children as the real world today.
Advertising Spam This includes e-mails from legitimate businesses, investments companies and mail order catalogues etc., which are trying to sell products or promote their services. Often the user has unintentionally ‘opted in’ to a mailing list and then finds that it is almost impossible to ‘opt out’. Many companies who choose to successfully develop their businesses on-line use e-mails as a legitimate form of e-marketing. Unfortunately they can now become unfairly tainted with the same brush.
Friendly Spam So called, because these are jokes, humorous links and chain letters inflicted on you by your own nearest and dearest. By continuing to forward these e-mails yourself, you are actually playing into the hands of the spammer and increasing his e-mail address base for him!
Spam accounts for half of all e-mails sent daily around the world. It is hard to escape and like a weed, it re-emerges at a faster rate than it can be eradicated. To prove the speed at which these spammers work, an experiment took place where a new e -mail address was posted on a popular Internet chat site. It took just 9 minutes for the spam messages to arrive.
The sheer volume of these unsolicited e-mails which flood the Web comes at a very high price on many levels. It has been estimated that it costs EU and U.S companies more than $11.5 billion a year in lost time and productivity. This, from time spent reading them and the increased bandwidth required, to the storage costs to deal with them.
Spam can also have serious ramifications on a company’s reputation. When transmitting emails with inappropriate content to company resources, be it racist or sexist, employers are exposed to offensive material. This has given rise to a huge number of lawsuits. 27% of Fortune 500 Companies have been forced to defend themselves against claims of sexual harassment as a result of inappropriate i.e., pornographic, e-mails doing the rounds within the office environment.
But perhaps the most worrying emergence for companies today and the virtual weapon of the future, are the viruses that piggyback in on this spam. Over the past few years there have been one after another, attacking systems around the world – from the largest networks to the single PC.
The LoveLetter. The Blaster Worm. The SoBig Virus. The MyDoom. Each virus worst than the last and causing chaos and devastation for the world communications network. It is estimated that 51% of all corporations have had a virus disaster, not only costing many millions but also causing considerable unease about the use of e-mail as a secure communication mechanism.
So why and how, do these ‘spammers’ do what they do? As with many things, the answer is pure and simple – monetary gain. As with many things that operate on the wrong side of the law, it can be highly profitable. Profit is made on a commission basis for products/services sold and, although the response is often low, so are their overheads. For example, if a profit margin for a product is $1 and they only get a 0.1% response rate on 10 million messages sent, they can still make $10,000.
How do they obtain and then target these 10 million e-mail addresses? The answer is cheap and easily obtainable mailing lists and tools. E-mail addresses are harvested by spammers in numerous and often highly unscrupulous ways. Spammers are skilled at interception, using infiltration techniques or simply buying cheap e-mail lists on CDs. Spammers can randomly trawl through the millions of accessible addresses, using spambots to crawl the Web for any @ signs, going through company servers and even taking addresses from user newsgroups and chat sessions.
Not only does this contravene all rights to privacy, it sets a whole new precedent for security risks. The many publicised cases of credit card number theft and e-mail fraud scams are causing growing uneasiness and are a public relations nightmare for on-line banks. Likewise they are causing considerable distrust amongst on-line shoppers.
A survey published by consumer group Transatlantic Consumer Dialogue (TACD) revealed that 52% of respondents, wary about the spam they might receive were as a result, either shopping less on-line or not at all. This has an obvious knock-on effect to those bona fide businesses which are losing money and, as a result, customers.
A further survey showed that only 17% of respondents thought that existing spam filters worked well and 21% didn’t even know if their email had a filter. This shows that users can already do a lot more to help themselves, just by utilising what they already have available to them.
So where does the responsibility lie and who will have to pay the price? The Paris based Organisation for Economic Co-operation and Development, speaking in Brussels this week, called for all governments around the world to come together in a unified international effort. They stated to the hundreds of delegates attending that:
“Spam is not the problem of a single country… It is a worldwide problem… It is increasingly clear that domestic efforts must be supplemented by internationally coordinated strategies to address the cross-border challenges posed by spam…”
It is indeed a global issue, a plague that leaves no e-mail user or country untouched. It is estimated that only about180 people working in ‘spam gangs’ are responsible for all of the spam generated in the US and Europe today. Yet they have a whole world in which to hide and are, therefore, incredibly difficult to locate. Often based in countries unregulated by current laws and legislation to deal with spam, they certainly do not adhere to any current Codes of Practice.
The EU and the US to this date have already passed a number of anti spam laws. The EU has taken the “opt in” approach, making it illegal to send unsolicited emails unless specifically user requested. The US has taken the less aggressive “opt out” approach, where the user must be the one to inform the sender they no longer wish to receive their e-mails.
Neither option have the clout needed and only half of the EU countries have incorporated these ideas into national legislation. Even if where laws exist only small fines are given when flouted. It is obvious that not only is a much tougher approach required, but all major players must come together. Only a global crack down will defeat this spam and leave no place for the spammers to hide.
The first line of defence must surely lie with service providers and software developers as they step up their efforts to develop better filters and defences and rewrite their systems to work against spam. In Davos, Switzerland, Bill Gates, the founder and Chief Software Designer of Microsoft announced, “In two years’ time spam will be a solved problem”.
Current research involves authentication and the identification of e-mail senders. Yahoo! is presently developing a concept to “secure mail” with an open source platform called ‘Domain Keys’. The idea behind this involves a secure private key being inserted into the header. The recipient system then checks whether the public key corresponds to the apparent sending domain using the Internets Domain Name System. If the public and private keys correspond then the message will be delivered, if not it will be destroyed.
Another approach is to have an e-mail solve a ‘quiz’ or ‘puzzle’ to determine whether or not it is legitimate, i.e. sent by a human and not a mass spam generating machine. To get around this problem, spammers would have to invest in hugely expensive equipment to handle their mass mailings.
Gates believes there is a more effective way to eradicate spam in the form of an e-mail postage plan or a “spam tax”. The research project goes under the code name ‘Penny Black’. This is derived from the name of the first postal stamp used in Britain in the 1830s (check) and the turning point when the sender started to pay for the cost of the postage instead of the letter recipient.
This postage plan is already in its development stage at Goodmail in Silicon Valley and is seen as the way forward by Microsoft and Yahoo!, although neither are yet ready to commit to the plan.
This plan would be implemented in the following way. The recipient of the e-mail decides whether or not it is a legitimate message. If it is, then the sender will pay nothing. If the recipient decides that it is spam, then the sender will be made to pay the ‘postage’. To set this system up would involve many changes to the one already in operation today. It would require secure management of e-mail and an even more secure payment system.
So with these new technological standards that would identity the sender and charge high volume mailers, spamming would no longer be free or anonymous – two of the key reasons why it has become such an extreme problem.
But while an e-mail postage plan could indeed be a viable solution, could it ultimately result in the loss of free e-mail access for all surfers? Not surprisingly this idea has resulted in harsh opposition from those who believe that the access to free e-mail should remain a fundamental concept and idealism of the Web.
So what is the answer? Governments, the technology leaders and developers and even the daily Web surfer will have to work together and assume the burden of responsibility and the cost of clearing up the chaos that spam has created on the Web. Ultimately this epidemic will only be stopped with a unified global effort.