Latest Strategy Against Spam: Identify Bulk E-Mailers and Make Them Pay

As I was threshing through my e-mail in-box the other day, searching for the 0.0024% of new messages that might carry information I needed to know, I cursed for the umpteenth time whatever person or process produced the one feature of the Internet most

responsible for the scourge of spam: the convention by which e-mail is paid for by the recipient, not the sender.

As familiar as the flu, spam afflicts everybody with an e-mail account, of course. Over the last few years, its volume and obnoxiousness have increased to the point that e-mail now has the same lowly reputation as other services considered largely indispensable and mostly useless, like earthquake insurance.

An artifact of the Internet’s origin as a self-policing network of scientists and engineers, the recipient-pays model isn’t fundamental to any other public communications system I know of. Consider conventional junk mail: The reason its volume is (relatively) manageable is because the Postal Service charges mailers 12 cents per piece or more. To be economical, therefore, a mailing must produce a certain percentage of recipient responses, and a percentage of those must result in a sale. No junk mailer could survive in business for a day by sending out a million fliers in the hope that one or two bozos will respond.

It’s a sign of progress, therefore, that the Internet community finally recognizes that the only effective way to fight spam is to saddle commercial senders with more cost. The idea is to make legitimate bulk mailers shoulder the burden of establishing their own bona fides, and then to grant only those users access to customers.

“From the consumer’s point of view, there won’t be much change,” says Margaret Olson, an executive at Massachusetts e-mail marketing firm Constant Contact who co-chairs the technical committee of the Email Service Provider Coalition. “But people sending in volume will pay for those services.”

The latest phase in the fight against spam has two main elements. The first is to create a way to verify a sender’s identity. Thanks to the ability to send

e-mails over the Internet anonymously or by surreptitiously routing them through unwitting users’ computers, this is much harder than it seems.

Several methods have been introduced or are under development, including a Microsoft Corp. product known as Caller ID, and SPF, for Sender Policy Framework, developed by Meng Wong, co-founder of the e-mail service Pobox.com. (Microsoft recently agreed to combine its specification with SPF.)

Yahoo Inc., meanwhile, is

developing a system that would attach an encrypted digital signature on every piece of e-mail, allowing its source to be identified and confirmed even if it is forwarded from its initial recipient onward. Experts say a truly secure authentication system will probably require versions of both approaches.

The second element is to provide bulk e-mailers with a way to establish their track records for good behavior -- that they don’t try to conceal their identities, address mail randomly, ignore customer requests for removal from mailing lists and so on. Among the most prominent such programs is Bonded Sender, established in 2002 by San Bruno, Calif.-based IronPort Systems Inc.

The program’s users subject themselves to a sort of reputational credit check, pay an annual fee of up to $10,000 and post a bond ranging from $500 to more than $4,000, based on mail volume. For every complaint from recipients exceeding a low threshold, $20 is debited from the bond. IronPort says about 28,000 Internet service providers, corporations and universities hosting 230 million mailboxes already have agreed to pass mail from Bonded Sender members through their spam filters without further screening.

Once all legitimate bulk

e-mail can be identified and traced, the thinking goes, everything else can be directed down the nearest rathole. The entire procedure aims to avert the problem presented by today’s crude spam filters: that a crucial, legitimate message will accidentally be purged along with the junk.

Still, leading spam fighters say it’s probably too early to proclaim victory. “These are all very viable approaches and worth a look,” says Stephen Currie, director of product management for Atlanta-based Internet service provider EarthLink Inc., which allows subscribers to maintain their own “whitelists” of mailers from whom they accept messages. But Currie notes that most such spam-fighting developments require some modification, even if trivial, to the way individuals and businesses have managed e-mail in the past.

“The big unknown,” he says, “is that there’s a huge e-mail system built up over time that people are accustomed to.”

Others doubt that any scheme on the table today can end the cat-and-mouse game that has tied together spammers and spam police ever since the Internet became a network for the general public.

“Any halfway measure is not going to be successful, because people will route around it,” says David Rand, co-founder of the Mail Abuse Prevention System, the host of a pioneering spam blacklist.

Rand has been fighting spammers for so long that he has acquired the view of human nature one often finds among cops who bust crack dealers for a living. “Spammers have zero morals,” he says. “I speak from experience.” (You think you have a problem with junk

e-mail? Rand calculates that his in-box receives 8.8 million spams a day.)

“No matter what technology we choose, we have to continue to be reactive and evolve that technology over time,” he adds. “I don’t think anything we do will really change how people function.”

Golden State appears every Monday and Thursday. You can reach Michael Hiltzik at golden.state@latimes.com and read his previous columns at

latimes.com/hiltzik.