Galaxy Z Flip 4 Preorder Quest 2: Still the Best Student Internet Discounts Best 55-Inch TV Galaxy Z Fold 4 Preorder Nintendo Switch OLED Review Foldable iPhone? 41% Off 43-Inch Amazon Fire TV
Want CNET to notify you of price drops and the latest stories?
No, thank you

Commentary: Spammers must pay

Current technical and legislative efforts--like the Can-Spam Act of 2003--can, at best, only slow the flood of spam. The only permanent solution to the spam problem is to charge for e-mail.

Commentary: Spammers must pay
By Forrester Research
Special to CNET
December 16, 2003, 7:15AM PT

By Jim Nail, Senior Analyst

Current technical and legislative efforts--like the Can-Spam Act of 2003--can, at best, only slow the flood of spam. The only permanent solution to the spam problem is to charge for e-mail.

Despite better e-mail filters, new legislation and high-profile legal action, spam volume continues to grow rapidly. Signs that e-mail is reaching a breaking point:

• Three-fourths of e-mail is spam. Forrester was right: We predicted that spammers' response to filtering would be to increase volume. But we underestimated spammers' tenacity when we said spam would subside later in the year. Two spam-filtering services quantify the problem: Postini reports that 76 percent of the e-mail it processes for its clients is spam, while Brightmail reports that the number of spam attacks has grown 50 percent to 9 million per month this year.

• Spammers are becoming more sophisticated. Spammers have invented "phishing": creating fraudulent e-mails and sites that look identical to known brands like Best Buy and Citibank to trick consumers into providing credit card or bank account information. They also invented Trojan horse programs, which sneak onto a consumer's computer and send e-mail on a spammer's behalf.

• ISPs are choking. Spam volume imposes millions of dollars in costs on Internet service providers and e-mail providers for better filters, software development, bandwidth, servers and storage. One Web e-mail service we spoke with recently told us: "It costs us millions of dollars to filter and store this stuff. We have no choice but to be more aggressive in blocking spam at the gateway and not even let it into our network."

• Consumers are losing patience. The Pew Internet & American Life Project reports that 25 percent of consumers say they have reduced or stopped using e-mail because of spam. Legislators have responded to constituents' pressure by passing laws in 36 states and elevating the issue in Congress. ISPs have responded to complaints with such tactics as turning off Hypertext Markup Language graphics to avoid displaying offensive images.

The Can-Spam Act won't make a dent
State laws have done nothing to slow spam's growth so far. The Can-Spam Act of 2003 will be no different. Today's legislation will fail, because it doesn't address two realities: First, e-mail is virtually free, and second, unscrupulous individuals can easily hide from law enforcement. Here's what to expect as a result of the Can-Spam Act:

Related story

Is the first-ever federal antispam
law a potent new weapon? Critics
say it won't have much effect.

• Spammers will move offshore. Spammers' consciences aren't bothered by defrauding people out of thousands of dollars or selling bogus herbal remedies. They won't stay up at night worrying about breaking laws about spoofed headers or harvesting e-mail addresses. Postini has seen increases in spam coming from Asia and Latin America this year. The trend will accelerate.

• ISPs will bring more John Doe lawsuits. By outlawing false headers and misleading subject lines, the law's provisions will give ISPs a more straightforward basis for suing spammers. In prior cases like EarthLink's successful prosecution of the Buffalo spammer, ISPs needed to have evidence of related offenses such as credit card fraud. But the suits will remain anonymous, as spammers continue to hide their tracks, using open relays and fraudulent headers.

• Legitimate marketers will improve practices at the margins. The law codifies many practices that legitimate marketers already follow. But it also requires affirmative consent. Marketers will need to clean up e-mail address practices like opt-outs that read: "Check here if you do not want to receive e-mails from us." These changes will create minor improvements.

Senders must pay for e-mail
Current solutions for spam still have one big problem: They put the burden of cost on the receivers of e-mail--ISPs, businesses and consumers. This is the wrong approach--and it won't work. The best solution to spam is not legal, technical or regulatory--it's economic. It's time to charge for e-mail, making those who send bulk e-mail volumes pay for the resources their campaigns use. The right approach addresses three issues:

• The business implementation. Forrester believes that this problem calls for a structure analogous to credit card company Visa: A member-owned association operates the network-managing transactions among card issuers, cardholders and merchants. For the e-mail payment system, large and small ISPs, marketers and e-mail marketing services companies would be member-owners. A governance board would establish the technology standards, set the rate marketers would pay for e-mail and oversee the registries' operations.

• The technical implementation. To know whom to charge, the industry must adopt a system of secure, verified identities, akin to Yahoo's proposal to use domain keys or the E-mail Service Provider Coalition's Project Lumos. High-volume e-mailers would attach their identity to each message, and a central registry would validate for ISPs and companies that the message comes from a legitimate sender. The identity validation system also lays the groundwork for the accounting system: As the recipient ISP checks the identity, the registry can count how many messages are received by each organization, how large the message is and calculate and send payments.

• The money flows. The charge for sending e-mail needn't be high--even one-quarter of 1 cent per message would crush spammers' business model. Forrester believes that the bulk of the money generated should go to ISPs and e-mail in-box providers like Hotmail--which incur the storage, bandwidth and filtering costs today. Individuals using e-mail for low volumes of personal correspondence would pay only if they exceed a reasonable threshold--say, 1,000 messages per month--the same way they pay for additional e-mail storage today on MSN or Yahoo.

The benefits are worth the cost
The technical, organizational and procedural changes needed to create this system will take time and coordinated industry effort. Regulators and industry leaders should parallel-track these efforts so that the system can be functional as soon as possible. The savings and improved response to e-mail campaigns will more than make up for the costs.

• Hard-core spammers will go out of business. A charge of $2.50 per thousand messages would add $2,500 to the cost of a 1 million-message campaign, seriously undermining spam's economics, in which names are acquired free through harvesting and sending e-mail costs as little as 10 cents per thousand.

• Companies' e-mail correspondence costs decrease. Routine business e-mails sent by employees would travel the same course as marketing e-mails, and the registries would track and account for the volume the same way. While companies would incur additional costs, they would save money in spam filtering, bandwidth and storage. Corporations that handle significant volumes of marketing e-mail would be eligible to receive a share of the payments.

• Results improve for permission lists. Reputable permission-based lists already cost from $50 to $300 per thousand, so a $2.50 per thousand additional cost for a campaign would not be exorbitant. But with fewer messages lost to spam filters, improved results would likely offset the additional cost.

• E-mail messages become more creative. Today, e-mail designers must temper their creativity, limiting the amount of HTML and the number of links to avoid triggering a spam filter. A trusted identity--and the cost of communication--frees them from this constraint. Marketers will focus on how to design messages that offer the greatest usability to the recipient, instead of the lowest likelihood to exceed the spam filter's threshold. E-mail usability will become a new specialty, blending the principles of offline direct marketing with Web site usability.

• Consumer control is still the final arbiter. While identity, accountability and cost will improve the spam problem, the more demanding human filter will still be a formidable barrier. With no one to blame if their messages still don't get opened, marketers will have to focus more on profiling subscribers and customizing messages to increase relevance to the recipient.

© 2003, Forrester Research, Inc. All rights reserved. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.