CNET también está disponible en español.

Ir a español

Don't show this again

In-boxes that fight back

A technology that makes e-mailers jump through hoops may help kill spam, but CNET's Declan McCullagh says patent lawsuits could keep the technique caged.

If you're overwhelmed by spam like the rest of us, there aren't any really terrific solutions.

You can try smarter spam filters, though you'll still have to verify that legit mail isn't swept up among the dross. You can switch to a new e-mail address and pray that nobody except friends and family ever learn it. Or wait a few years for micropayments, small cash payments required to deliver an e-mail that could make it uneconomical for spammers to annoy us.

But the spam-blocking technique that's attracted the most attention among start-ups recently is a very simple one: Challenge-response (CR) technology. When your mailbox is protected by a CR system, anyone who tries to contact you will be greeted with a response saying something like "click on this link to deliver this message" or "type in the word you see in the box above." Well-designed CR utilities won't challenge mail from known correspondents or mail that you specifically asked to receive.

The problem with CR systems is that one company, Mailblocks of Los Altos, Calif., claims to own all rights to the concept and hopes to prevent anyone else from selling such a system without paying hefty licensing fees.

Mailblocks has purchased two patents, 6,199,102 (filed in 1997) and 6,112,227 (filed in 1998), and has been aggressive in wielding them against competitors. Mailblocks' targets so far include Seattle-based SpamArrest and EarthLink (after the Internet provider said it would begin offering CR technology to subscribers by the end of May). Mailblocks has asked for a preliminary injunction in both suits.

Phil Goldman, Mailblocks' chief executive, is no stranger to the rough-and-tumble world of start-up companies. He got rich when he and two partners co-founded WebTV and sold the unprofitable venture to Microsoft in 1997 for a handy $425 million. (Anyone think he might be eyeing the same exit strategy again?)

But Goldman has a problem. He's betting his company on the validity of the two patents, both of which are questionable because of other work that was published well before the filing dates of the Mailblocks patents.

Under U.S. law, a patent is invalid if either of these conditions apply: If the "invention was known or used by others in this country...before the invention thereof by the applicant for patent" or if it was "described in a printed publication" more than a year prior to the date the patent was filed.

These services might be able to convince consumers to switch over to them. They might not. But they deserve the chance to try.
That's catastrophically bad news for Mailblocks. In 1992, five years before the first Mailblocks-owned patent was requested, Cynthia Dwork and Moni Naor of IBM Research published an amazingly prescient paper. It began with this paragraph that rings true today: "Some time ago one of us returned from a brief vacation, only to find 241 messages in our reader. While junk mail has long been a nuisance in hard (snail) mail, we believe that electronic junk mail presents a much greater problem. In particular, the ease and low cost of sending electronic mail, and in particular the simplicity of sending the same message to many parties, all but invite abuse. In this paper we suggest a computational approach to combatting the proliferation of electronic mail. More generally, we have designed an access control mechanism that can be used whenever it is desirable to restrain, but not prohibit, access to a resource."

Dwork and Naor even envisioned a "frequent correspondent list of senders from whom messages are accepted without verification." Naor expanded on this idea in a September 1996 article titled "Verification of a human in the loop or Identification via the Turing Test." That's a reference to the great British mathematician Alan Turing, who in 1950 described a test to distinguish a human from a machine.

By Aug. 28, 1997, when Christopher Alan Cobb filed for his patent that eventually was purchased by Mailblocks, the challenge-response idea had become commonplace on the Internet:

Brad Templeton, chairman of the Electronic Frontier Foundation, had written his Viking-12 CR utility and was using it. Templeton says he'd be delighted to testify on behalf of EarthLink to help the company invalidate the Mailblocks patent.

Over a year earlier, Brent Chapman's majordomo, the popular mailing list software, included a CR feature.

A November 1996 post to Usenet's newsgroup talks about a "random challenge that is very easy for a human to respond to, but next to impossible for a computer." Another from January 1997 describes an e-mail "spam block 'bot" that was so effective "I've received hate mail from spammers concerning it," and a third post describes a commercial product called the Deadbolt Personal E-mail Filter.

Mailblocks' Goldman admits that there were prior publications, but argues that at least some portions of his patents remain valid. "The patents have very specific claims in them," Goldman told me. "The claims are different than the types of things people have been doing before. Maybe here and there, they're the same so not 100 percent of the claims are valid, but many of them are. Patents aren't really invalid or valid until you test them. We're in the unfortunate position where we're testing them."

We'll find out whether Goldman is right after a federal judge rules on his request for injunctions against SpamArrest and EarthLink. But it's worth highlighting the harm that software patents can inflict when they're used to assert exclusive ownership over portions of products already on the market. Free software developers learned that lesson the hard way after seemingly endless struggles over the Lempel Ziv Welch compression algorithm used in GIF files (owned by Unisys) and the MP3 encoding patent (owned by Thomson Multimedia).

Whether we like them or not, CR systems are set to become wildly popular really soon. They're easy to program and the market remains wide open. And like any new industry, CR companies have encountered growing pains: SpamArrest spammed advertisements to people who e-mailed its customers; Mailblocks' hastily amended initial privacy policy said "you may not 'opt out' of the receipt of such promotional materials from Mailblocks and/or its affiliates, advertisers or other business partners"; (an unrelated company) has been blocked by for spamming; has been caught spamming; hasn't handled mailing list subscriptions properly.

These services might be able to convince consumers to switch over to them. They might not. But they deserve the chance to try. Mailblocks should abandon its legally dubious patent lawsuits against its competitors and compete fairly in the marketplace. At just $10 a year, its service is reasonably priced, and it has some features, like integration with Outlook, that its competitors don't.

Mailblocks should do the right thing--the future of our in-boxes may depend on it.

Autoplay: ON Autoplay: OFF