Despite better email filters, new legislation, and high-profile legal action, spam volume continues to grow rapidly. Signs that email is reaching a breaking point:

* Three-fourths of email is spam. Forrester was right: We predicted that spammers' response to filtering would be to increase volume. But we underestimated spammers' tenacity when we said that spam would subside later in the year. Two spam-filtering services quantify the problem: Postini reports that 76% of the email it processes for its clients is spam, while Brightmail reports that the number of spam attacks has grown 50% to 9 million per month this year.
* Spammers are becoming more sophisticated. Spammers have invented phishing: creating fraudulent emails and sites that look identical to known brands like Best Buy and Citibank to trick consumers into providing credit card or bank account information. They also invented Trojan horse programs, which sneak onto a consumer's computer and send email on a spammer's behalf.
* ISPs are choking. Spam volume imposes millions of dollars in costs on ISPs and email providers for better filters, software development, bandwidth, servers, and storage. One Web email service we spoke with recently told us: "It costs us millions of dollars to filter and store this stuff. We have no choice but to be more aggressive in blocking spam at the gateway and not even let it into our network."
* Consumers are losing patience. The Pew Internet & American Life Project reports that 25% of consumers say they have reduced or stopped using email because of spam. Legislators have responded to constituents' pressure by passing laws in 36 states and elevating the issue in Congress. ISPs have responded to complaints with such tactics as turning off HTML graphics to avoid displaying offensive images.

THE CAN-SPAM ACT WON'T MAKE A DENT IN SPAM
State laws have done nothing to slow spam's growth so far. The CAN-SPAM Act of 2003 will be no different. Today's legislation will fail because it doesn't address two realities 1) Email is virtually free, and 2) unscrupulous individuals can easily hide from law enforcement. Here's what to expect as a result of the CAN-SPAM Act:

* Spammers will move offshore. Spammers' consciences aren't bothered by defrauding people out of thousands of dollars or selling bogus herbal remedies. They won't stay up at night worrying about breaking laws about spoofed headers or harvesting email addresses. Postini has seen increases in spam coming from Asia and Latin America this year. The trend will accelerate.
* ISPs will bring more John Doe lawsuits. By outlawing false headers and misleading subject lines, the law's provisions will give ISPs a more straightforward basis for suing spammers. In prior cases like EarthLink's successful prosecution of the Buffalo spammer, ISPs needed to have evidence of related offenses such as credit card fraud. But the suits will remain anonymous as spammers continue to hide their tracks using open relays and fraudulent headers.
* Legitimate marketers will improve practices at the margins. The law codifies many practices that legitimate marketers already follow. But it also requires affirmative consent. Marketers will need to clean up email address practices like negative opt-ins that read: "Check here if you do not want to receive emails from us." These changes will create minor improvements.

SENDERS MUST PAY FOR EMAIL
Current solutions for spam still have one big problem: they put the burden of cost on the receivers of email -- ISPs, businesses, and consumers. This is the wrong approach -- and it won't work. The best solution to spam is not legal, technical, or regulatory -- it's economic. It's time to charge for email, making those who send bulk email volumes pay for the resources their campaigns use. The right approach addresses three issues:

* The business implementation. Forrester believes this problem calls for a structure analogous to payment solutions company Visa: A member-owned association operates the network managing transactions among card issuers, cardholders, and merchants. For the email payment system, large and small ISPs, marketers, and email marketing services companies would be member-owners. A governance board would establish the technology standards, set the rate marketers would pay for email, and oversee the registries' operations.
* The technical implementation. To know whom to charge, the industry must adopt a system of secure, verified identities, akin to Yahoo!'s proposal to use domain keys or the Email Service Provider Coalition's Project Lumos. High-volume emailers would attach their identity to each message, and a central registry would validate for ISPs and companies that the message comes from a legitimate sender (see Figure 1). The identity validation system also lays the groundwork for the accounting system: As the recipient ISP checks the identity, the registry can count how many messages are received by each organization, how large the message is, and calculate and send payments.
* The money flows. The charge for sending email needn't be high -- even one-quarter of $0.01 per message would crush spammers' business model. Forrester believes the bulk of the money generated should go to ISPs and email inbox providers like Hotmail -- which incur the storage, bandwidth, and filtering costs today. Individuals using email for low volumes of personal correspondence would pay only if they exceed a reasonable threshold -- say, 1,000 messages per month -- the same way they pay for additional email storage today on MSN or Yahoo!.

Jim Nail - Forrester

Powered by CityMax.com