While the panel members at the recent MIT Enterprise Forum on April 17 all agreed that the problem of junk email (“spam”) is a growing problem, they disagreed on whether spam would be “conquered” anytime soon. The panel was split almost down the middle, with one side predicting no permanent solution, and the other declaring that “spam” would be “solved” in the next two to three years. Interestingly, none viewed the recent Microsoft proposals to be particularly viable.

The problem continues to grow, reaching the point that smaller ISP’s are closing their doors because of it. Many smaller ISP’s have contracts that are “usage” based. That is, the more traffic routed to and from the Internet, the higher their costs. With spam in some cases now reaching 80 percent to 90 percent of ALL Internet traffic, some smaller ISP’s simply cannot keep up and are closing their doors.

In Washington State, small ISP’s are seeing “spam” achieve levels in the 95 percent range. That is, 95 percent of ALL email processed is spam or virus generated. It is reaching the point that mail servers cannot keep up, despite efficient spam filtering and blocking. The large ISP’s are suffering the same problem but have more robust servers and more resources to deal with the problem. Yet they too are seeing serious degradation of networks due to abuse.

It would be useful to note how we got where we are. Laurence Canter and Martha Siegel were the first to mass-spam on the Internet in April of 1994. The presence of spam in our newsgroups and inboxes has increased ever since, and has now reached a flood. Early on, spammers were not very sophisticated and could be tracked fairly easily. As measures were taken to tighten up servers and pursue spammers increased, the unsophisticated spammers dropped out, were driven out, or learned more about how to avoid detection.

The “spam wars” have now reached the level that spammers have resorted to sending viruses and to hacking victim’s computers all around the world. One MIT panelist stated that there is a network of hacked home user computers that is believed to number in the 10 million-computer range.

Access was gained by two methods. In the past, access was gained by “probing” computers for known security holes in Microsoft Windows operating systems and Microsoft Windows applications. That method is still in use, although with the improvement in Windows XP, and a wider use of firewall software, the number of vulnerable target computers has dropped.

The second and more recent exploit is the ongoing barrage of viruses specifically written to plant “Trojan” programs that allow the criminal (and they are indeed criminals according to law) to gain control of your computer without your knowledge or permission. Once they have control, your computer is used without your knowledge in two ways.

First, the machine is used in a network of similarly hi-jacked machines to initiate “distributed denial of service attacks” or DDOS. These are designed to overload targeted servers or systems and cause a “denial of service” to their legitimate users. The second use is of course, to spam. By using, for example, a hundred or a thousand computers to send out only 100 emails each, the source of the spam is masked and spread among many computers, making is nearly impossible to stop.

One current technique of the worst spammers is to register a domain in Europe, host the spam domain in China, and spam from hi-jacked DSL and Cable Modem customers in Europe, South America and Asia (primarily China and Korea in Asia). Because of the difficulty in dealing with hosting companies in Asia and South America, ISP’s are left with the choice of trying to selectively filter, complain to the hosting ISP in a far distant land, or in blocking the entire country. None of these options are particularly desirable or effective.

There is a sense that we have reached this point because of deliberate obstruction by such organizations as the Direct Marketing Association (DMA) which has actively opposed every proposed anti-spam measure that took strong action against spammers; the ACLU, which is hung up on “spam as free speech;” and such large companies as the schizophrenic Microsoft, whose network engineers battled spam, while their marketing counterparts obstructed every effort to address spam as more than a nuisance.

Add to the mix the legislatures and congress that “fiddled while Rome burned,” and we have now reached a point where half-measures are fruitless, law enforcement is overwhelmed, and ISP’s are being driven out of business.

Is there “a” solution? No. Is there a strategy to finally put together several “solutions” that will greatly reduce if not eliminate spam? Most emphatically yes, but that will take political courage and forceful measures. Imposition of severe criminal penalties, much larger civil penalties (including private right of action), active and forceful prosecution by law enforcement, widespread cooperation between large and small ISPs, a general tightening of availability of internet resources to limit exposure, and a complete revamping of internet service delivery are required, as well as the bringing to bear of improved technological applications, are all part of the mix. Stint on any one element and be prepared to kiss the Internet good-bye. If that happens, it will be a financial disaster and a crippling blow to the world economy.

The damage to the economy caused by spam is growing as exponentially as is spam itself. One recent estimate is that spam cost the economy $32 billion in 2003. This is up from earlier estimates that spam cost $10 billion in 2002. It is not a “nuisance” problem. Furthermore, most of the spam is simply criminal in nature, from selling prescription and controlled drugs, to pornography, to child pornography, to get rich quick scams to the infamous “Nigerian 419” scam.

The issue of Internet abuse is not small; it is growing, and has reached crises proportions. There is not a lot of room left for the ability of the Internet to absorb this level of abuse, and continue. The solution requires effective action by legislators and ISPs, and active participation by outraged victims. Barring that, it is anybody’s guess as to how long the Internet will remain of any value to anyone.