Spam: The name's the same, but we're still not sure what it means
Three columns and hundreds of e-mails later, I'm more convinced than ever of my original contention that we need a good, generally agreed-upon definition of spam if we're going to do anything useful about curbing it. That thought expressed in an earlier column (see "Sloppy talk invites sloppy solutions,") drew a lot of suggestions for what constitutes spam. These ranged from very broad to very narrow.
Some of the suggestions: "If one is sending more than 20 e-mails of the same, I'd count that as spam." "With e-mail, anything I haven't asked for is spam. Period." Spam is "e-mail you receive after you have requested to be dropped from their mailing list." Spam is "if the header has been forged, relays raped to get it sent, fake addresses used with no connection to the advertised/article, or, of course, if the 'this is not spam' or S.B. 1618 is invoked." "Is it both bulk and unsolicited? If yes, then it is spam. And that includes programs that insert your name at the top of the e-mail to make it look like it is personal."
Some writers proposed even more complicated criteria. Others were more simplistic and more subjective. My personal favorite: "I know it when I see it."
However, what brought home the necessity of coming up with a good definition -- one that we can all agree on -- were two bills filed in the U.S. Congress. Although both purport to limit spam, they are more of a testimony to Congress' ability to ride the coattails of a hot-button issue than they are meaningful limits on spam. Both bills apply similar definitions: unsolicited bulk e-mail that falsifies domain or header information, date or time stamp, originating e-mail address, or other identifiers. The Senate bill goes even further and proscribes subject lines that are misleading. Under the bills, senders would be required to remove recipients from mailing lists upon request, and failure to do so is a violation.
What will these bills accomplish? They will be a minor inconvenience to the dedicated spammers and a major thorn in the side for legitimate businesses. If I were a spammer, how would I get around the bill? The fastest way is to simply move operations to a different country. Then I'd have nothing to worry about. But what if I wanted to stay in the United States? Simple. I go to a state where I can incorporate for less than $100 -- there are a bunch of them -- and set up Spamguy Inc. I get my spam together and mail it out, using proper headers and whatever else will keep me within the law. Predictably, many people will write back asking to be removed. I don't have to remove them because I simply dissolve Spamguy Inc. and spend another $100 or less to incorporate Spamman Inc. Next week: Spammerman Inc.
The effect of the two bills is to force me to spend an extra $100 every week to continue business as usual, always staying within the letter of the law. How will legitimate business suffer? First, it's much harder for them to disappear. They will be forced to defend themselves against spam accusations, no matter how ill-founded. All too common, as any legitimate opt-in e-mailer can tell you, are the people who sign up, give their e-mail address, request a mailing -- and then promptly forget that they've done so. When the e-mail finally arrives in their inbox, they begin foaming at the mouth and screaming "spam." Next are those people who sign up using one e-mail address and then change addresses, having the mail from the previous provider forwaarded. When they go to the unsubscribe page, they can't unsubscribe because they enter the wrong address. Again, they start screaming "spam."
Adding the mail-to address at the end of each mailing has only limited effect on this phenomenon. And God help the business that runs afoul of SpamCop or any other of the self-appointed spam vigilante groups. Acting on nothing more than one person's suspicion that something is spam -- without any corroborating evidence or good working definition of what constitutes spam -- these vigilantes can, and have, forced businesses to waste time and money defending themselves and have jeopardized legitimate, well-run e-mail campaigns. Spam, as I said in my first column on the topic, is a complicated issue. Use a definition that is too broad -- "I know it when I see it" -- and you risk hamstringing legitimate businesses. Use a definition that is too narrow, and you merely inconvenience the spammers, who will find a way around it before the ink on the law has dried. If you want to discuss this further, check out our forums, or you can write to me directly at ethics_matters@infoworld.com.
» posted by ITworld staff
InfoWorld
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
