This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

Spam Warfare

Updated Jun 6, 2013, 12:52pm EDT
This article is more than 10 years old.

HERBAL VIAGRA! NAUGHTY XXX ACTION! Make Money While You Sleep! If you have an e-mail box, no doubt you've received such electronic come-ons. Corporations and Internet service providers spend tens of millions of dollars a year trying to keep their networks clear of unsolicited e-mail, or spam. But it keeps on coming. By one estimate, up to 30% of all e-mail is spam.

The war on spam has recently escalated to a fever pitch, pitting both salacious and establishment e-marketers against those out to stop them: militant antispamming organizations, Internet service providers and even Congress.

To block spam, large ISPs and corporations use a multitiered system of filters and lists of known spammer addresses and sometimes even staff who can recognize incoming spam and manually thwart it. But spammers have deftly learned to step around the traps. Some use "mail relay," borrowing someone else's domain to send e-mail. Some forge their e-mail header--the data above and below an e-mail that contains information about the recipient and sender. Others switch accounts regularly to avoid being tagged as spammers.

They often get your name by using "extraction" software that scrapes addresses off newsgroups, message boards, even ISP databases. Or they use a "dictionary attack," an elaborate guessing game in which thousands of address combinations are tested for validity.

At the center of the antispam effort is a small Redwood City, Calif. not-for-profit organization called Mail Abuse Prevention System or MAPS (spam spelled backwards). MAPS was started in 1997 by Paul Vixie, a network service consultant who got fed up with spammers taking over his system. Vixie's revenge is the Realtime Blackhole List, a compilation of Internet Protocol addresses determined by MAPS to be spammers.

The Realtime Blackhole List blocks trash e-mail going to about 20,000 ISPs, corporations and individuals with servers, or 40% of all e-mail addresses. It's updated constantly and currently contains 4,000 offending IP addresses. Getting on the RBL can result from simply having a complaint lodged against you and verified by one of five MAPS staff members. Once a sender is blacklisted by this cabal, the majority of its e-mail is bounced back, marked as undeliverable.

Vixie's tough standard for what constitutes spam centers on the "double opt-in" system. This means that when you sign up on, say, Nike's Web site to receive e-mailed news, a confirmation message is sent to your account. You then must reply, confirming that you weren't the victim of a prank and do indeed want the information being sent. Only then can Nike send you information about the latest Air Zoom shoe. Those who don't hold to the standard risk getting blacklisted.

Plenty of pornographers have been trapped by Vixie, but so have reputable names like AT&T, Ziff-Davis and hundreds of Web hosts and marketers perceived as acting as conduits for spammers. "[MAPS is] very powerful," says Maurene Caplan Grey, senior analyst at GartnerGroup. "The question is whether they're a vigilante group."

At least five Web sites are dedicated to ranting against Vixie and his list. In July MAPS and Vixie got slammed with two lawsuits. First, e-mail marketer YesMail, owned by Internet investor CMGI, sued after MAPS threatened to add them to the RBL. YesMail calls itself a "permission marketer," meaning its junk is not entirely unwanted. It claims to have 12 million people who have signed up to receive targeted e-mail advertising. Being blacklisted could have put the $15.6 million (1999 sales) company out of business. After a few weeks, YesMail agreed to the stricter double opt-in rule and dropped its suit.

Then MAPS got sued again after Harris Interactive, the Rochester, N.Y. pollster, noticed it was getting 40% of the 6.6 million surveys it e-mailed returned as undeliverable. Turns out Harris' domain had been added to the RBL. Harris sued not only MAPS, but numerous companies it claims use the list, including AOL, Microsoft, Qwest and AltaVista. (AOL denied being a subscriber and was dropped from the suit.)

"What right does a private body have to set the standard for everyone and then interfere to the point where you can put them out of business?" fumes Harris Interactive Chairman Gordon Black. MAPS spokesperson Kelly Thompson counters that the list's subscribers do so voluntarily. Vixie would not comment.

Not every antispam approach is so broad-brush. Brightmail, a San Francisco firm with clients like AT&T, Earthlink and CriticalPath, has 15% of the spam-filter market. Its servers catch spam before it reaches a company or ISP and do so more accurately than the RBL. "Think of us as snipers as opposed to carpet bombers," says Matthew Steele, Brightmail's director of operations.

Congress may put a crimp in spamming operations. In July the House passed a bill, modeled on a 1991 junk-fax law, to make it easier to sue spammers; the Senate may consider the bill in October. But even if legislation is enacted, junk mailers may cook up creative ways to skirt the law.