Netcom reverses antispam policy
The national ISP is reversing a policy that even its executives didn't know about: Engineers had been filtering customers' email to combat spam.
Company engineers implemented the policy several months ago. But today, executives shut it down out of concern that the policy would be misunderstood and perceived as an invasion of privacy, according to Mike Kallet, Netcom's senior vice president of products and services.
The national ISP found itself "caught between a hard place and a rock," as Kallet put it--between the Internet's fights against spam and protecting users' privacy. The company decided that the best way to deal with the situation was to carefully extricate itself before the issue escalated into a potential public relations disaster.
Kallet said Netcom never violated anyone's privacy because the filter worked electronically, so no person ever saw or read messages. But he added that the possibility of such a thing was enough to prompt the company to stop the filter, which most people never knew existed.
"Our concern was that people might say, 'If we do this, what's next?'" Kallet noted. "We have publicly stated we do not--and wish not--to have anything to do with the content of your Web site or your email. In order to be consistent, we have...disabled that component of our antispam [program]."
Alan Frisbie, an independent computer consultant in Los Angeles and a Netcom customer who helped bring attention to the problem, said today that he understood why the ISP had implemented the filter. But he added that to him, it was the wrong solution.
"I hate spam as much as anyone else," Frisbie said. "But you have to [fight] it in a responsible way. My concern was they were not informing people that mail was being delayed and examined. I'm very pleased that they realized that this is a flawed policy."
Before today, Netcom, which announced Monday that it would be sold to telephone company ICG Communications (ICGX), had been electronically opening all the email of the 500,000 or so members who have Netcomplete accounts (also known as NetCruiser or IX accounts) and filtering for phrases that would indicate it might be a spam message.
Any email that was picked up by the filter would then be sent through a more complex filtering process, where a computer would look for a "numerical fingerprint" that would identify it as unsolicited junk email, Kallet said.
The email identified as spam would stay in a holding area for a few months. But often they would be delayed by up to 24 hours. On rare occasions, sometimes "legitimate" email would never reach its destination, Kallet conceded. Frisbie said that happened to him.
The unusual filtering system came to light when Dave Nelson, a Netcom customer, posted a note in a newsgroup dedicated to discussing spam and ways to eradicate it.
Some in the newsgroup applauded Netcom, which has had a history of spam problems, for trying a new way to address it. Others called the solution an invasion of privacy and said that having their personal email read, even if only by a computer, was worse than receiving spam.
Nelson had discovered inadvertently that both email and newsgroup messages he was sending about spam seemed to be disappearing. It was unclear whether Netcom was filtering newsgroups.
"I am pissed 'cause I just found this out, but I don't know how long it's been going on," he had written.
Today, however, he said he had mixed feelings about Netcom's decision to stop filtering. On the one hand, he said he didn't like the fact that Netcom was filtering without informing customers. "We as customers should know if our email is being filtered and why," he said in an email interview.
"On the other hand," he said, "the secrecy of Netcom's filtering probably allowed it to trap a large amount of outgoing spam without spammers knowing about it, and prevented spammers from working around the filters. I posted before I realized this was Netcom's secret antispam measure, and I regret allowing spammers to learn about it.
"And now that Netcom has reversed this filtering policy, Netcom might become a major source of spam again. So I hope they are able to soon implement different and better spam-filtering mechanisms--ones that won't infringe on privacy, and won't delay or drop legitimate messages but will eliminate a lot of spam.
While the debate was raging, top executives at Netcom didn't even know that the filter existed. In fact, Kallet, upon being told by a reporter about the issue Wednesday, denied that Netcom would ever, under any circumstances, filter the body copy of email messages.
But test messages sent by Netcom users, including antispammer Frisbie, to CNET's NEWS.COM revealed that messages containing the phrases "@savetrees.com" and "www.iemmc.org"--two addresses commonly contained in junk email--were delayed by a full day. Other messages containing those keywords in a slightly changed format--"@savetrees*com" and "www*iemmc*org"--got through almost immediately.
On Thursday, after several hours of investigation, Kallet discovered that Netcom was filtering the body of email messages for spam after all. "It took many of us by surprise," he said today. "The senior management of Netcom was not aware that we were analyzing content of people's mail to make sure it was spam or antispam. It was actually implemented without the knowledge of the policymakers at Netcom."
He emphasized that no one's email was actually being "read" by a human being and that Netcom never would read personal email.
Engineers who implemented the system "were very careful to implement a method that they believed would insure the privacy of our email messages."
They had a simple reason for implementing the system. Spam has become enemy No. 1 on the Net, and any ISP not combating it comes under attack not only from so-called antispam activists but also from average customers who complain that their email boxes are so cluttered with junk that they have trouble finding their legitimate messages.
But fighting spam is no easy task. While there are many weapons against it, there is no silver bullet that will stop it.
In the escalating war between spammers and antispammers, the weapons arsenal has had to change and adapt to increasingly sophisticated technology. ISPs commonly filter the headers of messages for domain names known for spamming. But Kallet said that spammers now are able to disguise headers. That's why engineers went the next step in filtering the actual body of emails, he added.
"We will increase our efforts for antispam, but we will look for other methods to do it," Kallet said.
If other ISPs also are filtering messages as Netcom did, they aren't publicizing it.