Revenge of the e-mail tax
Holding back the spam tide may require shaking up the world of e-mail. Harbaugh calls for striking at the heart of how spammers ply their trade; currently, spam is blasted to the masses in three ways: via registered e-mail servers, mail servers that allow anonymous forwards, and botnets of subverted computers.
With registered e-mail servers, many ISPs block servers that send messages in violation of the CAN-SPAM Act. But the law only applies within the U.S., and spam is legal in many countries. It's also difficult for ISPs to preemptively block spam without opening themselves to liability charges. "The only practical way to stop this kind of spam is charging per message," says Harbaugh. "If ISPs are being charged per message, it gives them a real economic incentive to patrol their networks and stop spammers quickly."
Charging for messages is a sensitive issue. It's likely that junk-mail advertisers will happily pay fees and push out even more spam. And then there's the thorny idea of taxing the Internet. "The Internet is free to everyone," Forrester's Wang says. "Besides, spam is not getting worse ... the majority of the threat now lies in the Web channel -- not e-mail channel -- such as fake Web sites and hacked real Web sites."
Undaunted, Harbaugh also wants to take a hard-line approach to mail servers that allow anonymous forwards. His suggestion: make all mail servers comply with security measures that block anonymous forwarding. By some estimates, a server that doesn't block anonymous forwarding will be exploited by spammers within minutes. Revised SMTP protocols would make it easier to trace people who are illegally sending spam. And message charges would provide a financial incentive for people with mail servers to follow the new rules.
Last, botnets have hijacked a million computers that send countless spam usually without a computer owner's knowledge. These compromised computers need a firewall (which is readily available and free) that stops outgoing SMTP. Yet fines for computer owners who don't install the firewall would be difficult to levy, since many of the compromised computers are home computers.
"There would be political consequences," admits Harbaugh, as he considers a potential newspaper headline: "82-year-old grandmother charged [US]$21,000 for having a virus!" But ISPs could block outgoing SMTP for their residential customers, he says, especially if spam sent from compromised computers is costing ISPs money in the form of message charges.
While a message charge is futuristic fodder, it's this kind of thinking that will ultimately undo spam -- not necessarily a more effective e-mail appliance.
And there's no question that IT security risks and budget burdens caused by the spam boom have forced companies to make spam reduction a priority. Companies are now willing to try new things even at the risk of upsetting users. For instance, some companies block all incoming messages from EarthLink, MSN, and other providers that host spammers, even if it means they block legitimate e-mails, too.
"There's definitely still room for innovation," says Harbaugh. "Anything that the anti-spam vendors use is generally bypassed by the spammers in relatively short order. So it might be more accurate to say that innovation is critical and ongoing."