Accessibility links

US Consumers Declare War on Internet Spam - 2003-11-18

The computer Internet has been likened to the Old West in America. It's wide open and full of promise, but wild and largely unregulated. And among the most notorious outlaws on this cyberspace frontier are people called spammers. They clog electronic mail in-boxes with billions of unsolicited, sometimes deceptive, and often pornographic sales pitches known as spam. But, Internet providers and the federal government say they're about to ride to the rescue.

The estimated 117 million Americans who use e-mail each day are mad, really mad, about spam.

Orson Swindle, a member of the U.S. Federal Trade Commission, which has been studying ways to dry up the deluge of spam, recently remarked that spam is about to kill the 'killer app', meaning e-mail, the Internet's most popular feature.

One frustrated e-mail user, Becky Quinlan, 30, works out of her home office in Sacramento, California.

"This morning, I opened my e-mail, and in my in-box there were about 60 messages, and about 30 of those were spam," she said. "Toys, cellular phone deals, software company ads from Canada, Nigerian money schemes - everything you can think of. They'll put in the subject line, 'Regarding, [re:] your call, so that you think that maybe it's in response to a message you've sent. And then, of course, you open it up, and you see pornography, or a Valium ad, or what-not."

Ms. Quinlan says getting rid of what she calls these wily spammers is harder than hitting a moving target. They play cat-and-mouse with the anti-spam computer software that companies and consumers install to catch them. One of their tactics is to deliberately misspell product names. Another is to stick gibberish or stray punctuation marks in the middle of the subject line, so the anti-spam filter won't recognize a name and block the e-mail.

And spammers create fictitious e-mail addresses. Like an unstoppable swarm of cockroaches, the minute you zap one piece of spam, 10 or 15 others for the same product spring to life.

Woe unto the frustrated consumer who responds to spam by hitting the "do not send" button.

"That's actually one of the worst things you can do, because by replying to their e-mail, you're actually confirming that your e-mail address is valid and working and viable," said Ms. Quinlan.

Hitting the "do not send" button can be an open invitation for an even greater avalanche of spam.

In October, the Pew Internet and American Life Project released the results of a telephone survey of nearly 1,400 adult Internet users. Researcher Deborah Fallows says one-fourth of respondents said they've cut back on the use of e-mail in anger at electronic junk mail and out of fear that legitimate messages are getting lost in the pile of spam.

"It's estimated that about half of the e-mail out there now is actually spam," she said. "Fifteen billion pieces a day. It's hard to get your mind around that volume of spam. Over half of the respondents told us that they were losing their trust in e-mail because of spam. Everybody's on the same side in this fight. Everybody hates spam, and everybody want to 'get' those spammers."

Especially pornographic spammers. So upset are people about lewd images popping in front of them, their children, and their co-workers that the Pew survey states "there's a special place in Hell for pornographic spam."

For that survey, an organization called TRAC, the Telecommunications Research and Action Center, also gathered four thousand of what could be called horror stories about spam. TRAC's John Breyault says people waste valuable time weeding out spam, cutting productivity.

"We heard from a priest who said, 'I can't check my e-mail with my parishioners around any more. Think of how embarrassing it is to open up a pornographic e-mail.' A number of people said, 'I went away for a three-day vacation and came back and had 1,500 e-mails stacking up in my in-box, and my whole service had been shut down because of this. I get so frustrated, I want to cry,'" he said. Beseeched by e-mail users to do something, the U.S. Senate in late October unanimously passed what's known as the Can Spam Act, meant to reduce the flood of spam by imposing tough penalties. Leaders in the House of Representatives say they, too, are committed to punishing spammers. They say there'll be a bill on President Bush's desk by year's end.

One of its provisions will likely be a do not spam registry, similar to one that millions of Americans recently rushed to get on, aimed at curbing intrusive telephone-marketing calls.

The Senate bill supersedes 26 states' anti-spam laws, which have been largely ineffective because spammers work in other states, abroad, and, elusively, in cyberspace. The Senate measure calls for jail sentences and fines in the millions of dollars if, and it's a big if, spammers can be caught.

Paul Judge, who's the chief technology officer at CipherTrust, a Georgia-based e-mail security firm, co-chairs the industry's anti-spam research group, which is working behind the scenes on the very structure of the Internet.

"We, the anti-spam community, develop new detection techniques and deploy those. The spammers realize that they're there, so they develop ways to circumvent our technology," he said. "They become desperate enough to protect this profitable business by resorting to things like hacking [electronically breaking into] computers and using 'Trojan machines' to send their messages [like a Trojan horse snuck past electronic sentries]. As their messages are being blocked, their immediate reaction is to send more messages, so more can get through."

Internet providers say they are close to announcing an assault on spammers. Secret until now, Project Lumos, aims to shine a bright light on the nether world of spam. Thus the name: Lumos comes from a combination of the Latin and Greek words for light. One idea is to reverse the current practice of blacklisting and blocking known spammers, and instead establishing what's being called a white list of legitimate commercial sites. These good guys, as they're called, would be allowed to send electronic sales pitches encrypted with scrambled codes. Lacking those codes, e-mail sent by the bad guy spammers would not get through. Problem is, spammers are notorious spoofers, meaning they've proved quite capable of hijacking the good guys' identities.

Individual e-mail providers like BellSouth are also waging war on spammers. The director of BellSouth's Internet Group, Dale Malik, calls spammers anarchists. They laugh at rules and hurl the cyber equivalent of Molotov cocktails onto the Internet, he says - a bit like "somebody being able to hop onto a television station and broadcast any product that they wanted at any time that they like. Doesn't sound realistic, but in this medium, obviously we have that."

But, isn't one of the beauties of the Internet its freedom, its lack of regulation, its wide-open nature? On one level, it would be a shame to lose that.

"I think from a user's perspective, you'll never lose that," Mr. Malik said. "If you think about the ways in which you transit around the United States, you go from town to town, but there are driving regulations or a speed limit. It doesn't impede your progress, but it protects your safety. And I think that's where we're going to next."

He says one strategy being discussed is to hit spammers where they hurt - with sophisticated software capable of intercepting credit-card payments to spammers from gullible e-mail users. Because it's dirt cheap to send out e-mailings by the millions, it's been shown that spammers make money if just one person in 100,000 responds.

"If you follow the money, and you have a way to constrict the money, then you constrict the ability to do illegal commerce," Mr. Malik said.

A thorny obstacle in the war on spam is defining what spam is in the first place. One person may want no unsolicited mailings of any sort, but another would welcome charitable appeals and sales information from catalog and department stores.

And, there's a nightmare scenario involving the proposed do-not-spam list. Unscrupulous spammers would immediately go to work on ways to get around it. And worse, say anti-spam strategists, can you imagine what would happen if a spammer got hold of the millions of e-mail addresses on that nationwide do-not-spam registry?

VOA's Andrew Baroch contributed to this report.