By Forrester Research
Special to CNET News.com
December 16, 2003, 7:15AM PT
By Jim Nail, Senior Analyst
Current technical and legislative efforts--like the Can-Spam Act of 2003--can, at best, only slow the flood of spam. The only permanent solution to the spam problem is to charge for e-mail.
Despite better e-mail filters, new legislation and high-profile legal action, spam volume continues to grow rapidly. Signs that e-mail is reaching a breaking point:
Three-fourths of e-mail is spam. Forrester was right: We predicted that spammers' response to filtering would be to increase volume. But we underestimated spammers' tenacity when we said spam would subside later in the year. Two spam-filtering services quantify the problem: Postini reports that 76 percent of the e-mail it processes for its clients is spam, while Brightmail reports that the number of spam attacks has grown 50 percent to 9 million per month this year.
Spammers are becoming more sophisticated. Spammers have invented "phishing": creating fraudulent e-mails and sites that look identical to known brands like Best Buy and Citibank to trick consumers into providing credit card or bank account information. They also invented Trojan horse programs, which sneak onto a consumer's computer and send e-mail on a spammer's behalf.
ISPs are choking. Spam volume imposes millions of dollars in costs on Internet service providers and e-mail providers for better filters, software development, bandwidth, servers and storage. One Web e-mail service we spoke with recently told us: "It costs us millions of dollars to filter and store this stuff. We have no choice but to be more aggressive in blocking spam at the gateway and not even let it into our network."
Consumers are losing patience. The Pew Internet & American Life Project reports that 25 percent of consumers say they have reduced or stopped using e-mail because of spam. Legislators have responded to constituents' pressure by passing laws in 36 states and elevating the issue in Congress. ISPs have responded to complaints with such tactics as turning off Hypertext Markup Language graphics to avoid displaying offensive images.
The Can-Spam Act won't make a dent
ISPs will bring more John Doe lawsuits. By outlawing false headers and misleading subject lines, the law's provisions will give ISPs a more straightforward basis for suing spammers. In prior cases like EarthLink's successful prosecution of the Buffalo spammer, ISPs needed to have evidence of related offenses such as credit card fraud. But the suits will remain anonymous, as spammers continue to hide their tracks, using open relays and fraudulent headers.
Legitimate marketers will improve practices at the margins. The law codifies many practices that legitimate marketers already follow. But it also requires affirmative consent. Marketers will need to clean up e-mail address practices like opt-outs that read: "Check here if you do not want to receive e-mails from us." These changes will create minor improvements.
Senders must pay for e-mail
The business implementation. Forrester believes that this problem calls for a structure analogous to credit card company Visa: A member-owned association operates the network-managing transactions among card issuers, cardholders and merchants. For the e-mail payment system, large and small ISPs, marketers and e-mail marketing services companies would be member-owners. A governance board would establish the technology standards, set the rate marketers would pay for e-mail and oversee the registries' operations.
The technical implementation. To know whom to charge, the industry must adopt a system of secure, verified identities, akin to Yahoo's proposal to use domain keys or the E-mail Service Provider Coalition's Project Lumos. High-volume e-mailers would attach their identity to each message, and a central registry would validate for ISPs and companies that the message comes from a legitimate sender. The identity validation system also lays the groundwork for the accounting system: As the recipient ISP checks the identity, the registry can count how many messages are received by each organization, how large the message is and calculate and send payments.
The money flows. The charge for sending e-mail needn't be high--even one-quarter of 1 cent per message would crush spammers' business model. Forrester believes that the bulk of the money generated should go to ISPs and e-mail in-box providers like Hotmail--which incur the storage, bandwidth and filtering costs today. Individuals using e-mail for low volumes of personal correspondence would pay only if they exceed a reasonable threshold--say, 1,000 messages per month--the same way they pay for additional e-mail storage today on MSN or Yahoo.
The benefits are worth the cost
Hard-core spammers will go out of business. A charge of $2.50 per thousand messages would add $2,500 to the cost of a 1 million-message campaign, seriously undermining spam's economics, in which names are acquired free through harvesting and sending e-mail costs as little as 10 cents per thousand.
Companies' e-mail correspondence costs decrease. Routine business e-mails sent by employees would travel the same course as marketing e-mails, and the registries would track and account for the volume the same way. While companies would incur additional costs, they would save money in spam filtering, bandwidth and storage. Corporations that handle significant volumes of marketing e-mail would be eligible to receive a share of the payments.
Results improve for permission lists. Reputable permission-based lists already cost from $50 to $300 per thousand, so a $2.50 per thousand additional cost for a campaign would not be exorbitant. But with fewer messages lost to spam filters, improved results would likely offset the additional cost.
E-mail messages become more creative. Today, e-mail designers must temper their creativity, limiting the amount of HTML and the number of links to avoid triggering a spam filter. A trusted identity--and the cost of communication--frees them from this constraint. Marketers will focus on how to design messages that offer the greatest usability to the recipient, instead of the lowest likelihood to exceed the spam filter's threshold. E-mail usability will become a new specialty, blending the principles of offline direct marketing with Web site usability.
Consumer control is still the final arbiter. While identity, accountability and cost will improve the spam problem, the more demanding human filter will still be a formidable barrier. With no one to blame if their messages still don't get opened, marketers will have to focus more on profiling subscribers and customizing messages to increase relevance to the recipient.
© 2003, Forrester Research, Inc. All rights reserved. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.