That call to action led to the first industry-wide meeting where attendees from every technology and business sector with a vested interest in spam began to contemplate a more holistic approach to the problem. Originally, my idea for the project --codenamed JamSpam-- was for the technology industry to work together to produce an open, interoperable anti-spam protocol that works between all email systems of a dissimilar origin (e.g., your AOL-based email account and my Microsoft Exchange Server-based account) and that stops spam while guaranteeing safe passage for legitimate mail.
Why is such a universal, holistic approach required? Consider the current war on terrorism. In this post-9/11 era, the world's governments have finally acknowledged the reality that terrorists are widely distributed, highly adaptable, incredibly tenacious and surprisingly well-organized. Sounds a lot like spammers, doesn't it?
In the case of terrorists, that reality has forced the hand of unprecedented inter-agency cooperation within and among countries. Prior to that collaboration, terrorists were slipping through the dragnet for two reasons. First, and most often cited as a failure of immense proportions on behalf of the intelligence and law enforcement communities, was the lack of information sharing among agencies. In addition, with each agency isolated from the anti-terrorism activities of the other agencies, they were unwittingly creating a situation in which their tactics were actually undermining each other.
The spam problem is no different. In the process of setting up JamSpam, I discovered no fewer than seven distinctly different communities, each taking their own approach to spam, and each paying little attention to the other:
- Developers of email clients and servers
- Developers of email security solutions that run in parallel to those clients and servers
- Internet service providers (ISPs)
- Inbox service Providers
- Non-profit privacy and antispam advocacy groups
- Individuals and organizations who depend on the reliability of Internet e-mail for everyday business communications
- Legitimate senders of high volume e-mail
Even within these communities, people and organizations are working independently of each other. The result of these fractured approaches is a field day for the tenacious spammers.
Imagine, for example, end users and corporations demanding legislative action from their local governments, with 50 states and the federal government, working independently of each other, each coming up with their own antispam laws.
This isn't a hypothetical scenario; it's actually happening. In this scenario, anyone who sends legitimate e-mail, and who doesn't want to run afoul of a law, will have little hope of successfully navigating the resulting labyrinth of conflicting legislation.
I'm highly skeptical about -- yet open to -- the idea of legislation, but failure is guaranteed if governments take a non-uniform approach. For example, while one community focuses on legislation , another community like the ISPs will see no abatement in the problem and have no choice but to use blacklists to mitigate the consequences of spam on their own business. Worse, the ISPs might begin demanding their own legislation, turning lawmakers into cat herders.
To the U.S. government's credit, the Federal Trade Commission is holding a three day forum to hear as much as can be heard from every spam-concerned constituency. Assimilating three days of data into policy and legislation will be a time-consuming if not Herculean task that is thoroughly undermined by state governments pursuing their own course of action.
Based on the results of the first JamSpam meeting this month, coming up with a consortium focused on producing an open, interoperable anti-spam protocol is not only a long way off, it may never happen. But JamSpam may take a different direction, which could not only produce the intended protocol, but also stands a chance of presenting a united front to lawmakers, the public, and, best of all, spammers.
This new direction, and consensus from the attendees, for JamSpam came as a result of some incredibly vibrant and sometimes heated debate. To encourage such free sharing of ideas, the 65 attendees representing more than 40 companies were assured that they would not be quoted in my column or any press. Meeting content was under an informal embargo to which everyone agreed. More important was the meeting's outcome.
By the end of the day, it became clear that establishing yet another standards body would only delay progress because, invariably, standards bodies require members to sign a multi-lateral intellectual property agreement. Crafting such an agreement not only takes time, but signing on the dotted line typically requires the approval of corporate legal departments, which could take even longer.
Given that effective standards groups with intellectual property policies are already in place, it was decided that the technology and business communities should work together to provide an organization like the IETF (Internet Engineering Task Force) or OASIS : http://www.oasis-open.org/ with a comprehensive cross-sector analysis of the spam problem as well as a consolidated wish list for the solutions.
Just this week, the Internet Research Engineering Task Force (the research branch of the IETF) established just such an organization with which JamSpam can liaison. Named the Anti-Spam Research Group, the group's chairperson is Dr. Paul Judge, CipherTrust director of research and development.
By ducking the intellectual property issue, this framework paves the way for everyone to start working together as soon as possible. It also paves the way to present a unified and comprehensive position for the purposes of domestic and international lawmaking as well as education of businesses, the public, and the press.
Clearly, establishing unified fronts for standards bodies, lawmakers and others parties will take a great deal of work and communication. Fortunately, the attendees to the first JamSpam meeting agreed to take the next baby step. It was evident that before solutions (legal, technological, or otherwise) could be discussed, the problem needed to be fully understood among the group from the perspective of each of the seven aforementioned communities.
In an effort to maintain this momentum and develop a normalized list of problems, the original JamSpam attendees, as well as some organizations that couldn't attend the first meeting, have committed to a follow-up meeting in which each of the communities will present their positions to the others. The meeting is tentatively scheduled to take place in the Bay Area next month.
A summary of the February 18 meeting as well as the agenda and goals for the next one can be accessed from the JamSpam Home Page. The site is open to the public.
The presenters, attendees, and participants in the first JamSpam meeting, many of whom are listed in my last JamSpam column are to be commended on the dedication they've so far shown towards working together. Since writing that column, Sendmail, AT&T Worldnet, Symantec, McAfee and several other companies have stepped up to the plate as well.
Can JamSpam succeed? Only if everyone follows through on their responsibilities and only if all of the communities-- especially the ISPs --stay fully engaged. As always, I'll keep you posted.
In preparation for the next meeting, each of the JamSpam communities have broken off into groups to develop their presentations. If you or your organization believes it can make a material contribution to this process (one that doesn't propose solutions, but rather helps to articulate the problems, issues, and challenges) for one or more of the communities, write to admin@jamspam.org. If you have other thoughts that you'd like to share with your fellow ZDNet readers, or with David, use TalkBack below or write to david.berlind@cnet.com.
