Want some history?

I was doing some research today for an article I’m working on. The research led me to a San Francisco Law Review article from 2001 written by David E. Sorkin. Technical and Legal Approaches to Unsolicited Electronic Mail (.pdf link). The text itself is a little outdated, although not as much as I expected. There’s quite a good discussion of various ways to control spam, most of which are still true and even relevant.

From a historical perspective, the footnotes are the real meat of the document. Professor Sorkin discusses many different cases that together establish the rights of ISPs to filter mail, some of which I wasn’t aware of. He also includes links to then-current news articles about filtering and spam. He also mentions different websites and articles written by colleagues and friends from ‘back in the day’ discussing spam on a more theoretical level.
CNET articles on spam and filtering was heavily referenced by Professor Sorkin. One describes the first Yahoo spam folder. Some things never change, such as Yahoo representatives refusing to discuss how their system works. There were other articles discussing Hotmail deploying the MAPS RBL (now a part of Trend Micro) and then adding additional filters into the mix a few weeks later.
We were all a little naive back then. We thought the volumes of email and spam were out of control. One article investigated the effectiveness of filters at Yahoo and Hotmail, and quoted a user who said the filters were working well.

“It’s really awesome because I get maybe 20 emails a day, and [it’s] mostly junk mail,” said longtime Yahoo Mail user Daniel Nikaiyn. “It’s saved me a lot of time splitting up junk mail and my email. Now I don’t have to sift through them.”

I think I got 20 emails yesterday just trying to register at one new site and do the password reset dance with another.
In addition to the news articles, I saw a bunch of documents and websites I’d nearly forgotten about. There were a group of people, and I include myself among them, that spent a lot of time trying to figure out how to fix spam. When it was 20 emails in my inbox it did seem somewhat silly. Yes, I can delete them. But the bigger issue was the lack of external economic constraints on the amount of mail senders could send. Sure, that day was 20 emails, but there was nothing stopping it being 100 in 6 months and 500 6 months after that.
In fact when I gave up the email address I was using in the late 90s there were days it was receiving hundreds of spams a month, and that was behind commercial grade filters run by my ISP which caught most botnet and snowshoeing spam. And that was just last year, when the overall volume of spam traffic had dropped from over 95% of email traffic down to under 85%.
The whole document is long, but Professor Sorkin did get one thing right.

Coordination of technical and legal mechanisms seems to be the most promising approach to the spam problem. The first step must be to agree upon the ultimate objective: it is quite easy to declare “get rid of spam,” but the definition of spam is sufficiently controversial that this first step may be the most difficult. Technical and legal measures can then be used in a complementary fashion—for example, technical measures can be designed so that one must break the law (or subject oneself to liability) in order to circumvent them, while those who evade or ignore legal controls could be subjected to blackholing and other technical responses.
Yet it is probably unrealistic to expect that the consensus required for such coordination can be achieved. More likely, the technical arms race between spammers and anti-spammers will escalate, and more and more innocent bystanders will be caught in the crossfire. States and countries will continue enacting an increasingly diverse set of spam-related statutes, and traditional legal theories will be stretched and distorted even further in efforts to address spam and other forms of “network abuse.” The news is not all bad; there have been advances in collaborative filtering by companies such as Brightmail, and some recent legislation seems to incorporate at least a rough comprehension of the underlying technology. Nonetheless, a coordinated solution to the problem of spam remains elusive at best. (footnotes removed)

Spam affects endusers less now than it did in in 2002 when the article was written. I don’t think Professor Sorkin envisioned a multi-billion dollar industry spam filter industry, but that is a major reason our inboxes are still useable. I don’t think the laws have necessarily caught up. In fact, my research this afternoon was started as I was thinking about how CAN SPAM is antiquated and doesn’t provide sufficient tools to effectively address spam as it is now. Despite how far we’ve come and how much has changed, spam is still here and will likely be here for the foreseeable future.

Related Posts

It's not fair

In the delivery space, stuff comes in cycles. We’re currently in a cycle where people are unhappy with spam filters. There are two reasons they’re unhappy: false positives and false negatives.
False positives are emails that the user doesn’t think is spam but goes into the bulk folder anyway.
Fales negatives are emails that the user does thing is spam but is delivered to the inbox.
I’ve sat on multiple calls over the course of my career, with clients and potential clients, where the question I cannot answer comes up. “Why do I still get spam?”
I have a lot of thoughts about this question and what it means for a discussion, how it should be answered and what the next steps are. But it’s important to understand that I, and most of my deliverability colleagues, hate this question. Yet we get it all the time. ISPs get it, too.
A big part of the answer is because spammers spend inordinate amounts of time and money trying to figure out how to break filters. In fact, back in 2006 the FTC fined a company almost a million dollars for using deceptive techniques to try and get into filters. One of the things this company did would be to have folks manually create emails to test filters. Once they found a piece of text that would get into the inbox, they’d spam until the filters caught up. Then, they’d start testing content again to see what would get past the filters. Repeat.
This wasn’t some fly by night company. They had beautiful offices in San Francisco with conference rooms overlooking Treasure Island. They were profitable. They were spammers. Of course, not long after the FTC fined them, they filed bankruptcy and disappeared.
Other spammers create and cultivate vast networks of IP addresses and domains to be used in snowshoeing operations. Still other spammers create criminal acts to hijack reputation of legitimate senders to make it to the inbox.
Why do you still get spam? That’s a bit like asking why people speed or run red lights. You still get spam because spammers invest a lot of money and time into sending you spam. They’re OK with only a small percentage of emails getting through filters, they’ll just make it up in volume.
Spam still exists because spammers still exist.
 

Read More

Let's talk CAN SPAM

CheckboxEarlier this week I posted about the increased amount of B2B spam I’m receiving. One message is not a huge deal and I just delete and move on. But many folks are using marketing automation to send a series of emails. These emails often violate CAN SPAM in one way or another.
This has been the law for 13 years now, I find it difficult to believe marketers are still unaware of what it says. But, for the sake of argument, let’s talk about CAN SPAM.

Read More

April 2016: The Month in Email

We are finishing up another busy month at WttW. April was a little nutty with network glitches, server crashes, cat woes, and other disruptions, but hopefully that’s all behind us as we head into May. I’ll be very busy in May as well, speaking at Salesforce Connections in Atlanta and the Email Innovation Summit in Las Vegas. Please come say hello if you’re attending either of these great events.
April2016MiE
Speaking of great events, I participated in two panels at EEC16 last month. We had a lot of great audience participation, and I met many wonderful colleagues. I wrote up some more thoughts about the conference here. I also had a nice conversation with the folks over at Podbox, and they’ve posted my interview on their site.
In the Podbox interview, as always, I talked about sending mail people want to receive. It always makes me roll my eyes a bit when I see articles with titles like “5 Simple Ways to Reach the Inbox”, so I wrote a bit about that here. In addition to sending mail people want to receive, senders need to make sure they are collecting addresses and building lists in thoughtful and sustainable ways. For more on this topic, check out my post on list brokers and purchased lists.
These same not-so-simple tricks came up again in my discussion of Gmail filters. Everyone wants a magic formula to reach the inbox, and — sorry to burst your bubble — there isn’t ever going to be one. And this is for a good reason: a healthy filter ecosystem helps protect all of us from malicious senders and criminal activity. The email channel is particularly vulnerable to fraud and theft. The constant evolution of filters is one way mail providers can help protect both senders and recipients — but it can be challenging for senders and systems administrators to keep up with this constant evolution. For example, companies sometimes even inadvertently filter their own mail!
I also wrote a bit about how B2B spam is different from B2C spam, and how marketers can better comply with CAN SPAM guidelines in order to reach the inbox. We also republished our much-missed friend and colleague J.D. Falk’s DKIM Primer, which is extremely useful information that was at a no-longer-active link.
One of my favorite posts this month was about “dueling data”, and how to interpret seemingly different findings around email engagement. We also got some good questions for my “Ask Laura” column, where we cover general topics on email delivery. This month we looked at “no auth/no entry” and the Microsoft Smartscreen filter, both of which are useful things to understand for optimizing delivery.
Finally, we are pleased to announce that we’ve joined the i2Coalition, an organization of internet infrastructure providers. They posted a nice introduction on their blog, and we look forward to working with them to help advocate and protect these important technical infrastructures.

Read More