Declaring war on spam: the fight against unwanted e-mail.
The cost of dealing with spam is enormous. According to figures from Little Rock-based Internet service provider Aristotle Inc., the overall loss in terms of time lost in the workplace has been $14 billion. And this is all because of a few extra pieces of mail.
ISPs such as Aristotle are now faced with putting together expensive countermeasures for their customers.
"We're definitely in a war against spam," said Carl Shivers, a systems administrator with Aristotle. "Some people have gotten off the Internet completely. They say they're going back to mail."
But most businesses don't have the luxury of abandoning e-mail, so they are paying the price until defensive technology and legislative solutions catch up with the problem. Some companies, like Acxiom Corp., have a full-time employee whose sole responsibility is to sort e-mails to make sure nothing important was bumped out by an automated spam filter.
The problem is that no matter what procedures are put in place, those doing the spamming try to win by sheer volume. It can take just one buyer from 100,000 e-mails for a spammer to make a profit. One million spam messages cost $500-$2,000. Sending direct "snail mail" to a million addresses would run more than $200,000.
The U.S. Federal Trade Commission in 2002 recorded 2,048 Internet fraud and identity theft complaints from Arkansans that amounted to about $1.3 million in losses--virtually all of it from e-mail spam.
Point of Attack
There is not just one way to get into an e-mail account, and spammers have a number of techniques. Dictionary attacks--such as running a list of first names with domain names--occur almost constantly. Others use software to scour Web sites for e-mail addresses. Even following "unsubscribe" instructions in a spam e-mail, which seems like a common-sense thing to do, can be risky because it confirms to the spammers that the particular e-mail address is active.
There are also some online businesses, although they are usually small, that sell e-mail addresses to spammers.
With the federal government enacting its "do not call" list in the summer of 2003, former telemarketers are believed to be turning to spam to get their message across, and businesses are fighting the spammers through every means possible.
Spam filters and blockers are the main components of the defense against spam.
Spam filters developed by Yahoo!, available to SBC-Yahoo! DSL subscribers and simple Yahoo! e-mail users, were implemented in 2003. They are able to deflect "Web beacons"--essentially invisible tags in e-mail that can notify a spammer his e-mail was opened and confirm an account is active.
Aristotle is also using a variety of techniques to slow the onslaught.
The company can "squelch" spam, in which software in effect polls incoming e-mail to Aristotle before it goes on to people's e-mail boxes.
If too much e-mail seems to be coming from a single, suspicious source, the squelcher basically tightens up the spammer's bandwidth. "It gets so slow that it's not profitable to be delivered any more," Shivers said.
Another technique uses software that seeks keywords in subject lines, such as "banking," "sex," "XXX" or other known spamming patterns, and blocks the e-mails. Also available are "white lists," where users list only those e-mails they'll accept.
Spam can still get through, however. Up to 15 percent makes it through Aristotle's defenses--which scans 7 million-8 million e-mails a week. If the company were to prevent more, it could start eliminating legitimate e-mails.
Allied Technology in Little Rock has instituted its own monthly service that uses a multi-tiered system to block unwanted e-mail and send good e-mail.
"It is much more customized than, say a canned solution that you buy once and install," said Matt Humphries, owner of Allied Technology Group. "We can have different levels of security. You can have something very stringent for a CEO of a company that you wouldn't use for lower levels."
The service, which was implemented in September, uses a number of factors, so instead of a "blacklist" that blocks one type of e-mail, a particular message would go through a number of checkpoints before either being discarded as spam or let through.
Companies from across the country are using Allied's new system. Bill Lee of Wizards Yachts Inc. in Santa Cruz, Calif., said his spam was getting out of control.
"It was really unbearable," Lee said. "I had been getting over 500 spam a day on my account, and for me to have to go through and make sure I was not throwing away good e-mails took half a day."
Lee said that so far fewer than 10 spam e-mails are getting through per day, but more importantly, he believes that he is receiving every legitimate e-mail that he is sent.
Law on the Books
One major asset people now have is a new law passed by the Arkansas Legislature in July 2003. Arkansas joins 30 other states with anti-spam laws.
The new law's key provisions include requiring e-mail marketers to clearly list their name or business name, address, the domain name from which they operate and an opt-out choice.
Marketers who mass e-mail without those elements will be considered spammers under the law and can be prosecuted as class B misdemeanor offenders, face penalties of up to $10 per spam violation or $25,000 per day of spamming, whichever is less, and face lawsuits primarily from ISPs. Offending spammers could potentially owe hundreds of thousands of dollars when considering the millions of e-mails they may send out in a short period of time.
The law would also require those sending unsolicited commercial e-mail to provide an opt-out choice and makes it illegal for spammers to send e-mail from interstate and foreign sources if they contain false, misleading or deceptive routing information or forged e-mail addresses.
With an estimated 30 percent of spam hitting Arkansas from outside of the country, identifying and getting to some spammers is not an easy task, but the combined expertise of ISPs, technology companies and the federal government should aid investigations.
Also being developed are federal laws, one of which would allow FTC-imposed fines, allow states to prosecute and require spammers to provide a valid return address so recipients can opt out. Several other anti-spam bills are moving through the Senate and House.
Part of the problem with legislation, however, is that large amounts of spam come from foreign countries. About 68 percent of spam money offers are from outside of the United States, which makes it hard to track down many spammers and enforce the laws.
But with everything being done to combat spam perpetrators, there are still problems nearly every day. Dennis Simpson of Computing Solutions Inc. of Little Rock points to an organization that can turn on what would essentially be a "Caller ID" for spam. The Internet Corporation for Assigned Names and Numbers formulates and enforces policies for the Internet.
"Much as a computer must obey the rules of its operating system, all Internet service providers must obey the rules of ICANN," he said. "All addresses that appeared on your e-mail would actually be from the sender, and the deeds of abusers would be seen and could be blocked. Spam blockers could be effective."
Although technology companies and legislators are doing what they can to combat the growing problem of spam, it still occurs for a good number of innocent workers. The solutions are slowly being put into place, but until then, most will have to continue to wage the battle themselves.
|Printer friendly Cite/link Email Feedback|
|Date:||Dec 15, 2003|
|Previous Article:||From a distance: online classes offer convenience.|
|Next Article:||Can you see me now? The technology of videoconferencing is revolutionizing many industries.|