 |
|||||||
|
By Daniel Tynan (March 17, 2003) Have antispammers gone too far? There's a war going on, but you won't find it broadcast on CNN or in the headlines of your daily paper. It's the battle raging between those who send spam and those who will fight it at any cost. In this war, as in any, there have been a lot of unintended casualties along the way--in this case, legitimate mail that gets stopped by mistake. For example, in January, AT&T Worldnet had to temporarily shut down its spam filters after they stopped thousands of valid messages. The biggest controversy centers around black-hole lists, or blacklists--databases where various organizations track IP addresses for suspected spammers and their cohorts. There are more than 150 such lists, the most famous of which are run by SpamCop, Mail Abuse Prevention System (MAPS), Spamhaus, and the Spam Prevention Early Warning System (SPEWS). Many top ISPs use one or more lists, blocking all mail coming from these addresses to keep spam from reaching your in-box. The problem? Sometimes innocent bystanders or well-meaning marketers get blocked along with the bad guys. And getting unblocked can be a nightmare. C'est la guerre Peter Mesnick knows this all too well. He's president of iMakeNews, a Boston-based firm that sends thousands of custom newsletters each day on behalf of clients such as General Electric and Enterprise Rent-A-Car. Mesnick says his firm works only with opt-in lists, requiring proof that users agreed to receive the newsletter before it sends mail; it spurns companies that use third-party lists or harvest e-mail addresses. But every so often, iMakeNews gets burned by a spammer who sends out newsletters in the company's name without obtaining permission; now the newsletter is on the SPEWS blacklist and it can't get off. SPEWS is one of the most shadowy organizations on the Net. No one knows who runs the thing; it has no e-mail address and no phone number. The only way to communicate with SPEWS is to post a message in one antispam newsgroup (news.abuse.net-admin.email) and hope they see it, because they never respond. (What you'll get when you post something there--and I know, because I've done it--is a handful of articulate replies from reasonable antispammers and a heap of abuse from newsgroup loonies.) "The problem with SPEWS is that it's completely a vigilante organization," says Mesnick. "They have no method for appeal. Just because someone could potentially abuse our service to send spam, we're on their list, period." Mesnick's story is not uncommon. Some blacklists deliberately stop e-mail from thousands of legitimate businesses as well as spammer-tisers, figuring that irate customers and businesses whose mail isn't getting through will put more pressure on ISPs to boot spammers from their networks. And if a few people lose some mail, the argument goes, that's one of the costs of fighting a war. Lies, spam lies, and statistics The spam war also has its share of propaganda, as some marketers exaggerate the scope of the problem. Assurance Systems, an e-mail marketing firm in Superior, Colorado, claims on its site that "more than 75 percent of the messages that blacklists block are incorrectly tagged as spam." This impressively horrific statistic has been picked up by other e-marketers and published in marketing journals. The trouble is, it's not true. The stat comes from a study (I use the term loosely) by a Canadian system admin named Andrew Daviel, who went through his in-box back in November 2000 and checked it against four blacklists. About 90 percent of the legit mail came from addresses blocked by ORBS (Open Relay Behavior-modification System), which went belly-up two years ago. ORBS was designed to block mail from insecure mail relays that are easily abused by spammers--and made no bones about blocking legit messages to persuade the server's owner to make it secure. Last week, after I asked Daviel about his study, he checked his in-box again and reported back to me: less than 2 percent of the mail coming from black-hole lists was legitimate. Steve Linford, whose Spamhaus.org blacklist is used by many top ISPs and bandwidth providers, says that if even 5 percent of blocked mail was legit, nobody would use the list. "We would be worried if we had one false positive in 10,000 blocked e-mails," Linford says. "Mistakes will happen, and there will be false positives," says Julian Haight, who runs the SpamCop list. "If users want perfection, they shouldn't use any blacklist. But most users don't expect perfection, they just want a break from the spam." ESP for ISPs? Regardless of the true size of the problem (which, as you may have guessed, is a matter of some debate), marketers are taking matters into their own hands. Last January, iMakeNews joined 18 other e-mail firms to form the E-mail Service Provider Coalition. Their goal? To convince major ISPs to create a whitelist of permission-based marketers so their e-mail doesn't get blocked. Mesnick is confident the whitelist concept will fly, and that it will separate responsible marketers from the spammers. Because, like it or not, e-mail marketing is here to stay. "A lot of antispammers are of the opinion that commerce should not occur over e-mail," says Mesnick. "But business always finds the most efficient method of operating, and today, that's e-mail."
A friend just forwarded to me what looks to be a legitimate piece of e-mail written by a local high school student. According to the message, the student is conducting an experiment to see how quickly e-mail travels around the world. The message says to send e-mail with my city and state in the subject line to an address on AOL. It seems perfectly innocent. Is this experiment for real? --Muffy in Newburyport Dear Muff: Yes, it is indeed an experiment--in gullibility. Yours is the second such message I've seen described, both sent by "students" in different parts of the country. The real result of this experiment is likely harvesting e-mail addresses for--you guessed it--spam. But in both cases, the letter referred to a legitimate school, so give that student an A for cleverness. |
|
|||||
| Inside @ccess has been nominated for a Maggie award for best online column along with four other CNET columns, but author Daniel Tynan is far too modest to talk about it. Got congrats or other words for him? We'll pass them on. | |
