I came across a thoughtful and well-reasoned argument about email spam, and our inability to counter it with legal and technical responses. But, in the final analysis, it was like reading about the workings of a disease organism that we haven't got a cure for. The only solution? Don't catch the disease in the first place.

Paul Jamieson

[from Legal Affairs - $t0pp^ng $p@m!!] Legitimate businesses that use e-mail as a marketing tool support spam reform because their communications are often lost in the avalanche. Consumers and businesses that rely on e-mail for transactions and communication overwhelmingly dislike spam for the same reason and make their displeasure known to elected officials. Internet service providers, or ISPs, such as Yahoo and Earthlink, oppose it because junk e-mail taxes their networks.

Nevertheless, five months after the effective date of a sweeping federal law imposing stiff civil and criminal penalties on spammers, well over half of all e-mail is still spam. There is just as much if not more spam now than there was before the legal barriers were erected. What gives?

The short answer is that legal measures may be largely powerless to affect the spam problem because the architecture of e-mail is resistant to traditional methods of government regulation.

[...]

Identifying purveyors of spam, then, is challenging. Of the 222 defendants of recent CAN-SPAM lawsuits filed by the four largest ISPs, only seven were named, because the plaintiffs' attorneys couldn't figure out who they were going after. And even if spammers could be identified, many are beyond the jurisdiction of American law. AOL reported that, one week after the new statute went into effect, approximately 10 percent of the 2.4 billion spam e-mail messages it was receiving daily had shifted in origin to offshore locales.

The economics of spam are so favorable to spammers that no matter how high regulation erects the barrier to entering the business it wouldn't be high enough. Direct mail and telemarketing require companies to spend a lot of money—to pay people to spend time on the phone, and for printing messages and sending them through the mail. But spam puts nearly all the costs on recipients, ISPs, and the companies that built and that run the "pipes" through which e-mail travels. Sending an e-mail promoting Viagra to 500,000 users costs a spammer about the same as sending it to 50.

[...

The author goes on to suggest that the private sector regulation through "the code of cyberspace" may be our only hope.

..]

The government's CAN-SPAM law doesn't undermine these solutions [code-based solutions, authentication proposal like challenge-response, email postage, and so on] each of which holds great promise, and several of which could also be used to help protect other technologies—such as cellphones and instant messaging—likely soon to face spam onslaughts. But CAN-SPAM doesn't help, either.

To solve the spam problem, the federal government should create incentives for the private sector to develop solutions. It could subsidize effective technological solutions to spam, much like what the government does to subsidize the availability of Internet access in the nation's schools and libraries. Or it could require that a company license any truly effective solution to anyone who wants it. Government could also be more aggressive in supporting industry consortia, including the recognition of an industry standards-setting body that would develop practices to combat spam and share the best ones. If it turned out that the best anti-spam strategy required ISPs to employ a particular method of authentication, the government could mandate compliance with that standard.

[It's great to talk about sharing future solutions, but let's get them first, ok?]

In the meantime, as e-mails pile up that come from the ostensible fortune-wielding children of "Nigerian dictators" and from network administrators asking us in vaguely worded messages to open attachments, it's clear that we are far from having a good solution to spam. Until the government figures out a new way of working effectively with programmers, we will just have to keep hitting "delete."

Ultimately, I am only more motivated to push ahead with the "just say no to email campaign."