Stopping spam has become the cause du jour of politicians and government bodies that need to express righteous indignation and show constituents that they can do something to solve their problems. Schemes to blot out spam range from the creation of a national do-not-spam list, proposed by New York Sen. Charles Schumer, to Australias plan to outlaw unsolicited e-mail.
We need to do everything in our power to stop these and other bills from ever getting passed.
Ive seen plenty of problems brought on IT workers and technology developers by the unintended consequences of bad legislation. From the DMCA turning security workers into criminals to the Patriot Act forcing companies to spy on their customers, poorly designed laws have created many problems. The inadvertent byproducts of these bills would likely pale in comparison with the trouble some of these so-called solutions to spam could cause.
Probably the biggest difficulty in each of these proposals is the definition of spam. In many ways, its similar to the quandary that Supreme Court Justice Potter Stewart had with pornography: He said he couldnt define it, but he knew it when he saw it.
A common way that spam is defined in anti-spam bills and regulations is this: unsolicited commercial e-mail where no pre-existing business/customer relationship exists. On the surface, this sounds OK. If Ive done business with you, then you may send me stuff; if we havent done business before, then your e-mail to me is spam.
This definition, however, threatens a host of legitimate commercial communications that no one would typically call spam. Just what constitutes a pre-existing relationship? Could it be with any unit of a company? Do you want to spend your time going over everything your sales and marketing department sends out to make sure it couldnt be interpreted as spam by a potential customer whos in a bad mood?
Many of the other legislative solutions have glaring weaknesses as well. For example, some require ISPs to filter spam. This means ISPs will inevitably block some legitimate e-mail, which will, in turn, lead to lawsuits when recipients do not receive important messages. Some measures require accuracy in mail headers and the deployment of challenge-response systems, which will remove anonymity and make things that much harder on activists in oppressive countries or whistle-blowers in corrupt companies.
Imagine trying to run your messaging infrastructure in a world where these bills are law. Do you think filtering for viruses and spam is tough now? Wait till you have to make sure every outgoing mail isnt spam. Wait till your company gets sued or fined for legitimate commercial communications that recipients decided they didnt want. Wait till disgruntled ex-employees sign people up for newsletters and mailing lists. It almost makes going back to telephones and faxes sound attractive.
Spam is caused by technology, and technology should be used to handle it. For my personal e-mail account, I use a Mozilla e-mail client that uses Bayesian technology to learn which messages I receive are spam and which are messages that I want to receive. The best thing is that I can check the message it has marked as spam to fix mistakes. With enforced blacklists, white lists and opt-in/opt-out directories, this isnt an option.
There is a long list of corporate spam-killing products, including our Analysts Choice, Frontbridge Technologies TrueProtect Message Management Suite and SpamShark service. Others include SpamActive from Clearswift and products and services from Elron Software, Proofpoint and Brightmail.
So lets thank our government representatives for their concern, but lets let them know that technology—not law—should be used to stop spam. And when spam crosses into already-illegal areas, such as fraud, there are plenty of legal solutions available.
Lets not burn the house to kill the termites. I dont want to have to write another column in a year or two about the chaos that anti-spam laws are creating and how our only recourse is to repeal ill-conceived and hastily enacted legislation.
Jim Rapoza can be contacted at firstname.lastname@example.org.