[...]
Identifying purveyors of spam, then, is challenging. Of the 222 defendants of recent CAN-SPAM lawsuits filed by the four largest ISPs, only seven were named, because the plaintiffs' attorneys couldn't figure out who they were going after. And even if spammers could be identified, many are beyond the jurisdiction of American law. AOL reported that, one week after the new statute went into effect, approximately 10 percent of the 2.4 billion spam e-mail messages it was receiving daily had shifted in origin to offshore locales.
The economics of spam are so favorable to spammers that no matter how high regulation erects the barrier to entering the business it wouldn't be high enough. Direct mail and telemarketing require companies to spend a lot of money—to pay people to spend time on the phone, and for printing messages and sending them through the mail. But spam puts nearly all the costs on recipients, ISPs, and the companies that built and that run the "pipes" through which e-mail travels. Sending an e-mail promoting Viagra to 500,000 users costs a spammer about the same as sending it to 50.
[...
The author goes on to suggest that the private sector regulation through "the code of cyberspace" may be our only hope.
..]
The government's CAN-SPAM law doesn't undermine these solutions [code-based solutions, authentication proposal like challenge-response, email postage, and so on] each of which holds great promise, and several of which could also be used to help protect other technologies—such as cellphones and instant messaging—likely soon to face spam onslaughts. But CAN-SPAM doesn't help, either.
To solve the spam problem, the federal government should create incentives for the private sector to develop solutions. It could subsidize effective technological solutions to spam, much like what the government does to subsidize the availability of Internet access in the nation's schools and libraries. Or it could require that a company license any truly effective solution to anyone who wants it. Government could also be more aggressive in supporting industry consortia, including the recognition of an industry standards-setting body that would develop practices to combat spam and share the best ones. If it turned out that the best anti-spam strategy required ISPs to employ a particular method of authentication, the government could mandate compliance with that standard.
[It's great to talk about sharing future solutions, but let's get them first, ok?]
In the meantime, as e-mails pile up that come from the ostensible fortune-wielding children of "Nigerian dictators" and from network administrators asking us in vaguely worded messages to open attachments, it's clear that we are far from having a good solution to spam. Until the government figures out a new way of working effectively with programmers, we will just have to keep hitting "delete."
