Spam on the Internet: can it be eradicated or is it here to stay?

A discussion of the rise in unsolicited bulk e-mail, its effect on tertiary education, and some of the methods being used or developed to combat it. Includes an examination of block listing, protocol change, economic and computational solutions, e-mail aliasing, sender warranted e-mail, collaborative filtering, rule-based and statistical solutions, and legislation

Spam

With the advent of the electronic mail system in the 1970s, a new opportunity for direct marketing using unsolicited electronic mail became apparent. In 1978, Gary Thuerk compiled a list of those on the Arpanet and then sent out a huge mailing publicising Digital Equipment Corporation (DEC—now Compaq) systems. The reaction from the Defense Communications Agency (DCA), who ran Arpanet, was very negative, and it was this negative reaction that ensured that it was a long time before unsolicited e-mail was used again (Templeton, 2003). As long as the U.S. government controlled a major part of the backbone, most forms of commercial activity were forbidden (Hayes, 2003). However, in 1993, the Internet Network Information Center was privatized, and with no central government controls, spam, as it is now called, came into wider use. The term spam was taken from the Monty Python Flying Circus (a UK comedy group) and their comedy skit that featured the ironic spam song sung in praise of spam (luncheon meat)—“spam, spam, spam, lovely spam”—and it came to mean mail that was unsolicited. Conversely, the term ham came to mean e-mail that was wanted. Brad Templeton, a UseNet pioneer and chair of the Electronic Frontier Foundation, has traced the first usage of the term spam back to MUDs (Multi User Dungeons), or real-time multi-person shared environment, and the MUD community. These groups introduced the term spam to the early chat rooms (Internet Relay Chats). The first major UseNet (the world’s largest online conferencing system) spam sent in January 1994 and was a religious posting: “Global alert for all: Jesus is coming soon.” The term spam was more broadly popularised in April 1994, when two lawyers, Canter and Siegel from Arizona, posted a message that advertized their information and legal services for immigrants applying for the U.S. Green Card scheme. The message was posted to every newsgroup on UseNet, and after this incident, the term spam became synonymous with junk or unsolicited e-mail. Spam spread quickly among the UseNet groups who were easy targets for spammers simply because the e-mail addresses of members were widely available (Templeton, 2003)

Forgery in Cyberspace: The Spoof Could Be on You!

Spoofing is one of the newest forms of cyber-attack, a technological methodology adapted to mask the identity of spammers who have faced hostile reaction in response to bulk, unsolicited, electronic mail messages.[1] Sending Spam, however, is no longer the only reason for deception, as crackers have taken pleasure in the challenge of manipulating computer systems and, additionally, find recreational enjoyment in doing so. In this legal Note, the author’s intent is to show that criminal, rather than civil liability is the best way to effectively deter and punish the spoofer. The injury that results when a computer system’s technological safety measures fail to adequately safeguard the system affects not only the owner of the hijacked e-mail address, but also the Internet Service Provider, and the Network as a whole. Current Anti-Spam Legislation is arguably ineffective at targeting these particular types of malicious attacks, and a different legal approach is suggested

Unsolicited commercial e-mail (spam): integrated policy and practice

The internet offers a cost-effective medium to build better relationships with customers than has been possible with traditional marketing media. Internet technologies, such as electronic mail, web sites and digital media, offer companies the ability to expand their customer reach, to target specific communities, and to communicate and interact with customers in a highly customised manner. In the last few years, electronic mail has emerged as an important marketing tool to build and maintain closer relationships both with customers and with prospects. E-mail marketing has become a popular choice for companies as it greatly reduces the costs associated with previously conventional methods such as direct mailing, cataloguing (i.e. sending product catalogues to potential customers) and telecommunication marketing. As small consumers obtain e-mail addresses, the efficiency of using e-mail as a marketing tool will grow. While e-mail may be a boon for advertisers, it is a problem for consumers, corporations and internet service providers since it is used for sending 'spam' (junk-mail). Unsolicited commercial e-mail (UCE), which is commonly called spam, impinges on the privacy of individual internet users. It can also cost users in terms of the time spent reading and deleting the messages, as well as in a direct financial sense where users pay time-based connection fees. Spam, which most frequently takes the form of mass mailing advertisements, is a violation of internet etiquette (EEMA, 2002). This thesis shows that spam is an increasing problem for information society citizens. For the senders of spam, getting the message to millions of people is easy and cost-effective, but for the receivers the cost of receiving spam is financial, time-consuming, resource-consuming, possibly offensive or even illegal, and also dangerous for information systems. The problem is recognised by governments who have attempted legislative measures, but these have had little impact because of the combined difficulties of crossing territorial boundaries and of continuously evasive originating addresses. Software developers are attempting to use technology to tackle the problem, but spammers keep one step ahead, for example by adapting subject headings to avoid filters. Filters have difficulty differentiating between legitimate e-mail and unwanted e-mail, so that while we may reduce our junk we may also reduce our wanted messages. Putting filter control into the hands of individual users results in an unfair burden, in that there is a cost of time and expertise from the user. Where filter control is outsourced to expert third parties, solving the time and expertise problems, the cost becomes financial. Given the inadequacy of legislation, and the unreliability of technical applications to resolve the problem, there is an unfair burden on information society citizens. This research has resulted in the conclusion that cooperation between legislation and technology is the most effective way to handle and manage spam, and that therefore a defence in depth should be based on a combination of those two strategies. The thesis reviews and critiques attempts at legislation, self-regulation and technical solutions. It presents a case for an integrated and user-oriented approach, and provides recommendations

Service provider responsibility for unsolicited commercial communication (spam).

The Internet introduced the concept of email – a means of communication that arguably provides the communication base for industry in the developed world. Advertisers have not been slow to take up the opportunities offered by the Internet and the World Wide Web – in many cases subsidising web-site presence. Advertising has its place, however, and many would argue that one of the less popular side effects of fast, easy and global communication has been the exploitation of this medium for sending ‘spam’ (or junk-mail). The focus of this paper is on the role of Internet Service Providers (ISP’s) as the principle gatekeepers between the Internet and email-users. Legislation recognises this role and addresses the problem of spam. Other approaches to tackle the problem come from self-regulation and software applications (filtering technologies). This paper outlines some preliminary research that assesses the potential of eliminating illegal Spam whilst at the same time allowing companies to use e-mail as a marketing tool, based on cooperation between the Law and the IT Sciences

Preemption of State Spam Laws by the Federal Can-Spam Act

Unsolicited bulk commercial email is an increasing problem, and though many states have passed laws aimed at curbing its use and abuse, for several years the federal government took no action. In 2003 that changed when Congress passed the CAN-SPAM Act. Though the law contains many different restrictions on spam messages, including some restriction of nearly every type that states had adopted, the Act was widely criticized as weak. Many of the CAN-SPAM Act\u27s provisions are weaker than corresponding provisions of state law, and the Act preempts most state spam laws that would go farther, including two state laws that would have banned all spam. Despite these weaknesses, this Comment argues that when properly interpreted the CAN-SPAM Act leaves key state law provisions in force, and accordingly is stronger than many spam opponents first thought. First, the law explicitly preserves state laws to the extent that they prohibit falsity or deception in any portion of a commercial electronic mail message or information attached thereto. Though Congress was primarily concerned with saving state consumer protection laws, this language can be applied much more broadly. Second, the law is silent on the question of state law enforcement methods. State enforcement can be, and frequently is, substantially stronger than federal enforcement, which is largely limited to actions by the federal government, internet service providers, and state agencies. The Comment concludes by arguing that this narrow interpretation of its preemption clause is most consistent with the CAN-SPAM Act\u27s twin policy goals. By limiting the substantive provisions states may adopt, the Act prevents states from enacting inconsistent laws and enforces a uniform national spam policy. At the same time, narrowly interpreting the preemption clause permits states to experiment within the limits of that policy, in hopes of finding the most effective set of spam regulations

The Benefits and Costs of Online Privacy Legislation

Many people are concerned that information about their private life is more readily available and more easily captured on the Internet as compared to offline technologies. Specific concerns include unwanted email, credit card fraud, identity theft, and harassment. This paper analyzes key issues surrounding the protection of online privacy. It makes three important contributions: First, it provides the most comprehensive assessment to date of the estimated benefits and costs of regulating online privacy. Second, it provides the most comprehensive evaluation of legislation and legislative proposals in the U.S. aimed at protecting online privacy. Finally, it offers some policy prescriptions for the regulation of online privacy and suggests areas for future research. After analyzing the current debate on online privacy and assessing the potential costs and benefits of proposed regulations, our specific recommendations concerning the government's involvement in protecting online privacy include the following: The government should fund research that evaluates the effectiveness of existing privacy legislation before considering new regulations. The government should not generally regulate matters of privacy differently based on whether an issue arises online or offline. The government should not require a Web site to provide notification of its privacy policy because the vast majority of commercial U.S.-based Web sites already do so. The government should distinguish between how it regulates the use and dissemination of highly sensitive information, such as certain health records or Social Security numbers, versus more general information, such as consumer name and purchasing habits. The government should not require companies to provide consumers broad access to the personal information that is collected online for marketing purposes because the benefits do not appear to be significant and the costs could be quite high. The government should make it easier for the public to obtain information on online privacy and the tools available for consumers to protect their own privacy. The message of this paper is not that online privacy should be unregulated, but rather that policy makers should think through their options carefully, weighing the likely costs and benefits of each proposal.

War Against Spam: A Comparative Analysis Of The US And The European Legal Approach

Unsolicited commercial mail (also known as spam and junk mail) can inconvenience tens of millions of Internet users and impose huge costs on Internet Service Providers. Realizing the need to boost competitiveness and consumer confidence, the European Union (EU) and the United States have instituted various legal frameworks and policies to regulate unsolicited commercial mail. The EU has adopted an opt-in approach to spam mail, which means e-marketers need to seek the permission of consumers before they send out commercial emails, while the US CAN SPAM Act takes an opt-out approach. The EU\u27s opt-in regime is viewed as offering greater safeguards against spam mail. Despite the EU Directive and the US federal law, the barrage of junk e-mail continues to grow. This paper discusses the issue of spam mail and makes a comparative analysis of the two legal approaches and their implications on the industry and private citizens

The Cost Impact of Spam Filters: Measuring the Effect of Information System Technologies in Organizations

More than 70% of global e-mail traffic consists of unsolicited and commercial direct marketing, also known as spam. Dealing with spam incurs high costs for organizations, prompting efforts to try to reduce spam-related costs by installing spam filters. Using modern econometric methods to reduce the selection bias of installing a spam filter, we deploy a unique data setting implemented at a German university to measure the costs associated with spam and the costs savings of spam filters. The applied methodological framework can easily be transferred to estimate the effect of other IS technologies (e.g., SAP) implemented in organizations. Our findings indicate that central IT costs are of little relevance since the majority of spam costs stem from employees who spend working time identifying and deleting spam. The working time losses caused by spam are approximately 1,200 minutes per employee per year; these costs could be reduced by roughly 35% through the installation of a spam filter mechanism. The individual efficiency of a spam filter installation depends on the amount of spam that is received and on the level of knowledge about spam.propensity score matching, treatment effects, spam filter, spam