The war on spam won't be won with a fragmented approach in which all the stakeholders are working at cross purposes. In February, JamSpam was born as forum to bring all the stakeholders together to address the spam problem in a coordinated fashion.
I formulated JamSpam on the premise that significant progress against spam will be forestalled until all of the stakeholders commit to an unprecedented level of multilateral cooperation. Since those initial meetings, some progress has been made, but not enough to have significant impact in eliminating spam. What follows is a report card on how the various stakeholders, or communities, in the battle against spam are faring. Click here for a look at our grading criteria.
The six communities are:
- Internet service and inbox providers
- E-mail client and server software providers
- E-mail security and management solution providers
- High-volume senders
- Non-profit, end-user privacy and antispam advocacy community
- End users
The standard for performance to which the communities are being held is based on the principles identified by JamSpam participants. The JamSpam principles encourage cooperation both within the communities as well as between communities. Despite the common sense that such a concerted, holistic approach makes, the various stakeholders are still primarily engaged in a series of fractured approaches that, while well-intentioned, appear to put the interests of the communities and stakeholders ahead of the greater good of stopping spam for the betterment of the entire Internet community.JamSpam Community #1: The Internet Service and Inbox Providers community consists of companies that provide Internet connectivity as well as inbox services (e-mail) to their customers. Examples are America Online, Yahoo!, Microsoft (MSN), and Earthlink.
State of the state: Traditionally, this community has engaged in one-size-fits-all filtering that is based on e-mail header-content analysis and/or a system involving public consensus on particular e-mails and their sources. Both forms of filtering attempt to establish the probability that a particular e-mail, or source of e-mail, is, respectively, spam or a spammer. If that probability is deemed to be high enough, the e-mail and/or source is either denied delivery to large blocks of Internet users or is deposited into a special inbox for bulk mail. One-size-fits-all filtering is widely regarded as the source for the growing problem of non-delivery of legitimate e-mail.
Report card: To their credit, the largest ISPs and inbox providers have been participating in JamSpam. Whereas little or no cooperation existed within this community prior to 2003, AOL, Microsoft, and Yahoo! recently announced that they would begin working more closely together. This type of intra-community cooperation is a prerequisite to any inter-community cooperation. However, the alliance has released few details about what results it intends to produce, how it intends to achieve those results, or how regional or international ISPs can join the effort.
 | ||||||||
|
|
| ||||||
|
|
JamSpam Report Card, May 2003 Internet Service and Inbox Providers
Honorable Mentions: America Online Sr. Vice President Joe Barrett for volunteering to host the next JamSpam meeting. Both Barrett and AOL technical director Brian Sullivan have agreed to contribute to the constitution framing process for JamSpam. So too have Yahoo! Mail product manager Miles Libbey and Earthlink senior product manager Stephanie Fossan.
|
|
| ||||
| | ||||||||
| | ||||||||
Grade: D The ISPs are fighting the battle and the leaders are showing promise of cooperation. For the most part, however, the ISPs are fighting the wrong battles (technologically and legally) and cooperation is primarily among a select few players within the community.
Honorable mentions: America Online Senior Vice President Joe Barrett volunteered to host the next JamSpam meeting. Both Barrett and AOL Technical Director Brian Sullivan have agreed to contribute to the constitution framing process for JamSpam. So too have Miles Libbey, Yahoo! Mail product manager, and Stephanie Fossan, Earthlink senior product manager. Internet inbox provider Kobo.biz is the first and only member of this community to offer significant hard dollars to the JamSpam cause.JamSpam Community #2: The E-mail Client and Server Software Providers community consists of companies that provide end users and companies with the software needed to send and receive e-mail. Examples are Microsoft, IBM, Novell, Sun, Oracle, and Qualcomm (Eudora).
State of the state: In response to an outcry from customers buckling under the crush from spam, makers of e-mail client and server software are struggling to add antispam capabilities that give end users and administrators of e-mail servers more granular control over filtering. However, competing on antispam features rather than cooperating on the development of interoperable antispam protocols is short sighted. Spammers have routinely found ways to circumvent the filtering utilities. Also, a lack of coordination with filtering at the ISP level means that these end-user-based utilities don't even get the chance to act on some e-mail, thus revealing one of the problems with the highly fractured approach that the Internet community is taking towards spam.
| | ||||||||
|
|
| ||||||
|
|
JamSpam Report Card, May 2003 E-mail Software Providers
Honorable Mentions: Oracle senior product marketing director Rob Koplowitz, IBM Domino Messaging project leader Mike Gagnon, and then, representing Novell, Richard Bliss, all of whom have volunteered to contribute to the constitution framing process for JamSpam. Also, bulk-e-mail technology provider IronPort Systems for trying to bring the ISPs and High-Volume Senders together around an initiative called Bonded Sender.
|
|
| ||||
| | ||||||||
| | ||||||||
Report card: Although the leading providers in this category attended the JamSpam meetings, their message echoes that coming from the ISP and antispam utility providers: "We're building better antispam tools into our products than the next guy." Yes, it's good that these companies are helping their customers to deal with the deluge of spam. On the other hand, because of the inaccuracy of these tools and the lack of coordination with other communities, such efforts have no chance of producing an effective, long-term remedy for the Internet community.
Grade: D- All of the leading e-mail client and server providers have attended the JamSpam meetings and have worked together to present a detailed explanation of the challenges that they, and their customers, face. But, whereas the leading ISPs have started to organize among themselves, no such coagulation has taken place within this community.
Honorable mentions: Rob Koplowitz, Oracle senior product marketing director; Mike Gagnon, IBM Domino Messaging project leader; and Richard Bliss, representing Novell volunteered to contribute to the constitution-framing process for JamSpam. Also, bulk-e-mail technology provider IronPort Systems attempted to bring the ISPs and high-volume senders together around an initiative called Bonded Sender. The effort is to be commended, but recipients who want 100 percent of their e-mail delivered to them should be reminded that one underlying tenant of the Bonded Sender program resembles blacklists: the public votes on what is and what is not spam.JamSpam Community #3 The e-mail Security and Management Solution Providers community consists of providers of add-on products that run in parallel to the e-mail clients, servers, and e-mail services. Examples include antispam and anti-virus products from companies like Symantec and Network Associates as well as providers of vigilante-based solutions that make it easy for the public to report spam.
State of the state: This community is one of the high-technology sector's fastest growing cottage industries. The antispam effort has emerged as a lucrative opportunity for those that promise some degree of success in keeping inboxes clear of spam while at the same time easing some of nasty side effects such as consumption of valuable storage. However, emergence of antispam standards, if and when they happen, will also challenge the survival of many of the players in this category. That said, if lightweight standards such as those regarding relationship termination and permission management prevail, there will still be plenty of room for this cottage industry to add value with best-of-breed solutions that detect and log foul play based on compliance and non-compliance with those standards.
| | ||||||||
|
|
| ||||||
|
|
JamSpam Report Card, May 2003 E-mail Security and Management Providers
Honorable Mentions: Borderware's Chris Blask, Bluebottle Systems founder Robert Pickup, CipherTrust's Paul Judge and ePrivacyGroup's Vincent Schiavone.
The Black-Eye Award: This goes to Mailblocks for suing Earthlink on the basis of patent infringement.
|
|
| ||||
| | ||||||||
| | ||||||||
Report card: Competition is so stiff in this sector that the various players-- most of whom attended one or both JamSpam meetings--have had little or no time to cooperate with each other, much less work with the other communities to arrive at a more concerted approach. Given that some recognize the potential threat that standards present to their business model, their lack of enthusiasm for long-term remedies is understandable.
As good as these tools are, however, none claim to be 100 percent effective at blocking spam while also allowing the delivery of all legitimate e-mail. If they were, and they also had some critical mass (installed in at least 90 percent of all end-user configurations), ISPs might not have to continue filtering e-mail. Nevertheless, the various players aggressively market their products as being better than the others at filtering spam. Most of the companies never mention that because ISPs continue to engage in e-mail filtering, these tools will not get to act on all e-mail intended for the recipient. Additionally, they don't address the deliverability issue, which traps legitimate e-mail in limbo.
Grade: D- Although the tools have improved in their effectiveness at stopping spam while allowing for the delivery of legitimate e-mail, they remain flawed. In addition, lack of a united front from this community that demands more cooperation from ISPs turns these solutions into little more than placebos that will ultimately hasten the breakdown of the Internet's e-mail system.
Honorable mentions: Borderware's Chris Blask, Bluebottle Systems founder Robert Pickup, CipherTrust's Paul Judge and ePrivacyGroup's Vincent Schiavone. Despite being a member of the category that stands the most to lose should antispam standards emerge, Blask evangelized the need for all of the communities to cooperate on a level that would produce standards. Blask is now serving as the coordinator of a group that is framing JamSpam's constitution--a necessary step should JamSpam evolve into a formal consortium
Although his company is relatively unknown and probably has limited resources to attend such proceedings on the other side of the world, Bluebottle's Pickup came all the way from Australia to attend JamSpam-- twice.
Recognizing the role that standards will have to play if a long-term, interoperable solution is ever to be realized, CipherTrust's Paul Judge led the charge to form the AntiSpam Research Group (ASRG). The ASRG was formed under the auspices of the Internet Research Task Force (IRTF), which is affiliated with the Internet Engineering Task Force (IETF)--the standards body that oversees the Simple Mail Transfer Protocol (SMTP) standard for Internet e-mail.
In what appears to be one of the first official inter-community efforts, Vincent Schiavone has offered to make some of ePrivacy Group's intellectual property available on a reasonable and non-discriminatory basis to a solution that has been agreed to by the E-mail Service Providers Coalition (from the high-volume senders community) and TRUSTe (from the non-profit end-user privacy and antispam advocacy community). However, no other members of the e-mail security and management solution providers community have endorsed the solution and any technology with intellectual property declarations that isn't considered in the context of a standards-setting body can be problematic down the road. Schiavone has also volunteered to help with the framing of JamSpam's constitution, as has Verisign's chief scientist Phillip Hallam-Baker, Computer Associates product manager Janet Dagys, Cisco global security channel/partner manager Bill McGee, and ActiveState founder Dick Hardt.
The Black-Eye award Goes to Mailblocks for suing Earthlink on the basis of patent infringement. This is a perfect example of how putting a company's commercial interests ahead of the greater good will forestall a long-term solution. Unless standards are ratified, no single technology, regardless of how effective it is, will reach the critical mass necessary to force spammers to find another line of work. Lawsuits such as this one can only poison the well and inspire the various communities to keep their distance from one another. Should a standard emerge--and subsequently achieve critical mass by being built into e-mail clients, servers, services and add-on technologies--no single company should be able monopolize that standard or be in a position to benefit from royalties. The stakeholders must set aside their immediate commercial interests to rid the Internet of this scourge.JamSpam Community #4 The High-Volume Senders community consists of organizations and individuals that send high volumes of e-mail, often referred to as bulk e-mail. To qualify, the organization must engage in one-to-many "bulk" sends, where the same e-mail is sent to a large volume of recipients. For the purposes of neutrality, JamSpam does not distinguish between different types of bulk e-mail (newsletters, advertisements, spam, etc.). Coming up with a universally accepted definition of spam is like trying to define love. We know it when we see it (or feel it). Examples of high-volume senders are companies like CBS MarketWatch, MTV, United Airlines, and MobileInfo.com, and organizations like CodeAmber.org The content of their transmissions may or may not include news, information, advertisements, marketing, or commerce offerings.
State of the state: No chasm exists in the world of spam like the one that exists between this community and the end users who are sick of unwelcome e-mail. The various members of this community spend an inordinate amount of resources, in many cases unsuccessfully, to guarantee the delivery of their transmissions to the intended recipients. Standing in their way are technologies, laws, and policies that have a difficult time discriminating between e-mail that is welcomed by the intended recipients and e-mail that the intended recipients don't want (and that those recipients often consider to be spam). Part of the problem is that the same transmission that is welcomed by some recipients is classified as spam by others.
Central to the controversy that involves this community is the basis of their entitlement to the inboxes to which their transmissions are targeted. Many members of this community have formed their own organizations to help manage that entitlement on behalf of their constituents. Examples of these organizations are the E-mail Service Providers Coalition, the Direct Marketing Association (DMA), and the Council for Responsible E-mail (CRE) .
| | ||||||||
|
|
| ||||||
|
|
JamSpam Report Card, May 2003 High-Volume Senders
Honorable Mentions: The E-mail Service Provider coalition's Trevor Hughes for engaging members of two other communities to arrive at a inter-community solution. Also, the CRE's Kevin Noonan for volunteering to be one of the framers of the JamSpam constitution.
|
|
| ||||
| | ||||||||
| | ||||||||
Report card: The various members of this community are working frantically to find a way to keep laws, technologies, and policies from preventing the delivery of their e-mail. As with the ISP and inbox provider community, some degree of intra-community organization is a good sign, and a necessary prerequisite to this community's ability to present a united front to the other communities and to the world.
Grade: D Unfortunately, this community currently shows no promise of coming together to agree on anything. This invariably has to do with the competing interests of the various sub-communities and the overall community's failure to see that the outside world primarily views all of the members of this community similarly. Furthermore, this community's efforts -- often based on a set of certifiable best practices that would keep ISPs and lawmakers off the backs of high-volume senders--were developed without significant input from the end users, the community that is most concerned about the practices of bulk e-mailers. Until these sub-communities get together and form a united front, finding a long-term solution to the spam problem will be like herding cats.
Honorable mentions: The E-mail Service Provider Coalition's Trevor Hughes engaged members of two other communities (TRUSTe from the non-profit end-user privacy and antispam advocacy community and the ePrivacyGroup from the e-mail security and management provider community) to arrive at an inter-community solution. While the inter-community effort should be recognized as a philosophical step in the right direction, the solution itself has not received widespread support from the Internet community. Also, the CRE's Kevin Noonan volunteered to be one of the framers of the JamSpam constitution.
The Bound to Confuse Award goes to the Council for Responsible E-mail and the Direct Marketing Association. Technically speaking, the DMA owns the Association for Interactive Marketing (AIM) and the CRE is a part of the AIM. However, the two groups --- the DMA and the CRE --- have different antispam policies and agendas. If the DMA and its own affiliates can't orchestrate a unified front, the likelihood of the entire community of high-volume senders coming together is not good.JamSpam Community #5 The Non-Profit End-User Privacy and Antispam Advocacy community consists of organizations and individuals that claim to be acting in the best interests of end users who are fed up with invasions of their privacy, via spam or by other means. Examples of organizations that qualify are domestic and international lawmakers and law enforcers (e.g., states' attorneys general) as well as other non-profit organizations such as SpamCon, TRUSTe, and the Coalition Against Unsolicited Commercial E-mail (CAUCE).
State of the state: Although the intentions have been good, lack of unity within this community-- in particular the inability of lawmakers to engage technologists to understand whether the laws they're passing make any sense-- little if any progress has been made on this front. Some members of this community have attempted to engage in the sort of public education that can lead to better Internet habits that significantly curtail the yields that the most prolific spammers at the derive from their efforts.
Report card: Organizations like SpamCon, TRUSTe, and CAUCE are still voices in the Internet wilderness. Despite their efforts, as well as those of lawmakers, the spam problem has only worsened. This is clear evidence that this community will have to work more closely with the other communities if any of the measures it takes have hope of getting any traction.
Lawmaking in particular has been one of the most disastrous efforts of this community. For example, while states continue to pass antispam laws, no regard is being given to the senders who will ultimately have to keep detailed track of the resulting complex quilt of legislation. With no satisfactory common denominator among them, these laws are being passed despite the fact that no e-mail technology exists that: allows legitimate senders of bulk e-mail to keep track of the laws; keeps track of what state the recipient is in when they receive their mail (to answer questions of jurisdiction); and make adjustments to each individual piece of e-mail to make sure it doesn't run afoul of a state law.
| | ||||||||
|
|
| ||||||
|
|
JamSpam Report Card, May 2003 Non-Profit Anti-spam Advocates
Honorable Mentions: TRUSTe executive director Fran Maier, FTC commissioner Orson Swindle, and SpamCon Foundation director Laura Atkins.
|
|
| ||||
| | ||||||||
| | ||||||||
Finally, while the legislators who pass these laws have good intentions, little or no regard has been paid to the difficulty of enforcement. Not only is more and more spam coming from places beyond the jurisdiction of U.S. laws, but the return on investment from most lawsuits and prosecutions so far has been inversely proportional to the resources required by those undertakings. Laws can't keep up with the spammers.
Grade: C Given the limited resources that are typically available to non-profit organizations like CAUCE, TRUSTe, and SpamCon (and the resulting limited impact they've had on spam), they still have to be commended for taking the stand they have so far. True to form, government officials feel a need to do something before voters kick them out of office. Unfortunately, the when-you-have-a-nail-everything-looks-like-a-hammer action they've taken has been too hasty. Fortunately, some government officials such as Orson Swindle and Brian Husemann at the FTC understand that the problem has to be more thoroughly vetted before the rush to legislation is made.
Honorable mentions: TRUSTe executive director Fran Maier, FTC commissioner Orson Swindle, and SpamCon Foundation director Laura Atkins. Maier's name shows up in most inter-community efforts to combat spam. Maier is trying to extend the valued TRUSTe imprimatur's utility from the privacy arena to the spam arena. To be effective, the program will require broader acceptance among the rest of the communities, a feat which has so far not been achieved. Maier has also volunteered to help frame JamSpam's constitution, is involved in a cross-community effort between TRUSTe, the ePrivacy Group, and the E-mail Service Providers' Coalition, and has offered TRUSTe's resources to IronPort's Bonded Sender initiative.
FTC's Swindle proved that some government officials are willing to take a deep breath before acting. Swindle and his staff organized a three-day marathon forum in Washington, D.C. to consider the input of virtually everyone impacted by spam, and the measures being taken to combat it. The forum even included a panel of international lawmakers.
Under Atkins leadership, SpamCon recently created a legal defense fund that ultimately protects the rights of blacklist operators and the ISPs that subscribe to them. While blacklists have arguably created as many problems as they have solved (perhaps more), they may ultimately serve an important role if the different communities arrive at a more holistic and integrated solution. Even if they don't, natural selection rather than court-set precedent should determine their extinction. SpamCon's decision was a bold but necessary choice to avoid prematurely setting a legal predisposition against all blacklists before their ultimate value to a more concerted antispam effort has been determined.JamSpam Community #6: The End User community includes individual Internet users, small businesses, and large companies that count on the dependability of the Internet's e-mail system to reliably deliver non-bulk mail. This could be a grandmother waiting for digital pictures of her grandchildren, or a small business like Seattle-based DandyLion Records that depends on e-mail to confirm business transactions. It could be a non-profit group like CodeAmber.org, where the non-delivery of one of its e-mails could make the difference of life or death to an abducted child. Or, it could be a large company like a bank, eBay, or Dell that relies on e-mail to stay in touch with its customers.
State of the state: While this community is probably the one with the most to lose as result of the spam deluge , it unfortunately has the least power to do anything about it. Most end users (individuals, companies, and other organizations) are uneducated about the complexities of spam. They are easily seduced into supporting (or demanding) ineffective laws or using solutions that may provide temporary relief, but do nothing to solve the problem. Because of the non-delivery problem, which most filtering solutions do nothing about, this community needs to understand that on its current course (where a highly fractured approach is being used to combat spam), "spam is going to get you, one way, or another."
| | ||||||||
|
|
| ||||||
|
|
JamSpam Report Card, May 2003 End Users
|
|
| ||||
| | ||||||||
| | ||||||||
This community also has a predisposition toward supporting unworkable solutions--such as charging for e-mail, creating the equivalent of "do not call" lists, and putting bounties on spammers' heads. These and other schemes invariably fail to consider the international nature of the Internet and the weaknesses in the existing protocols that amount to loopholes that spammers can take advantage of to circumvent such schemes.
Report card: No Grade End users can hardly be faulted with malfunctioning technology and laws. They just want their privacy protected, and they want to be able to rely on the Internet's e-mail system to make sure the mail they send gets to its destination. Unfortunately, this community is getting mixed messages from all of the other communities on what to do about the spam problem. Until all the communities get together behind an effort like JamSpam and make the launch of a high impact educational campaign (much like anti-smoking campaigns) one of its priorities, this community will be led down the wrong path like a thirsty horse to a dry well.
