AntiSpam Filters, ISPs, and the Law

eMstamp (pronounced: em stamp)

Anti-Spam Filters, ISPs, And The Law

Fact: E-mail filters block spam mail.
Fantasy: E-mail filters reduce spam mail.

We're all against spam mail …right? So anything we do to block spam is OK …wrong. It has been postulated that using mail filters actually causes an increase in spam mail. Ironically, a few filter companies have even been spamming ads in an effort to sell their filter applications. The argument is that spammers, in an effort to get some of the messages through, have to send multiple messages using a variety of techniques to trick the filters. Compounding the problem is the practice by some ISPs of not notifying the sender of blocked and/or discontinued e-mail addresses. This means that senders have no way to cull the bad addresses from their lists, further increasing e-mail traffic.

Statistics bear out the growing spam problem. In spite of the CAN SPAM Act and the proliferation of spam filters, spam mail is currently estimated to have increased in just the past year from 50% of all e-mail to anywhere from 64% to 83% of all e-mail. For in depth statistical information on the effects of spam mail and filtering download the Pew report [1]. The School of Technology also has a number of interesting articles on spam and filters [2]. The consequence of using mail filters, rather than attacking the spam problem at the source, is an ever-widening spiral of more filtering, more censorship, more Internet traffic, and more expense.

About E-Mail Filters
E-Mail filters are a class of computer software applications that invoke a wide spectrum of techniques to govern the kinds and amount of e-mail you receive. Some of the techniques used are text classification, statistical analysis, challenge response, heuristic, computational linguistic, Bayesian analysis, white list and blacklist lookup, stamp systems, and behavioral response. Sometimes the filtering techniques even come in disguises, clocked as sender authentication, caller ID, and bonded user filters.

Spam filters appear in every level of the e-mail system. They are being applied at both the outgoing and incoming mail servers, the MTAs (Message Transfer Agents) operated by businesses, hosting companies, and ISPs for transferring the messages on the Internet. Spam filters are also appearing more frequently as part of mail clients, the UAs (User Agents) that are used to originate and read messages. These UAs include desktop applications and web access applications. Frequently more than one filter type is applied in a series of filters governing the e-mail you receive.

Given this proliferation of mail filters, there is still no consensus on just what type of and where a filter or combination of filters is most effective. Consequently, an entire industry has grown up around creating and applying various filtering techniques. At last count there were over 100 companies offering some form of mail filter. Without doubt this is an industry out to profit from spam mail [3]. With all of the filtering, it's a wonder we get any e-mail at all.

Filters applied at the UA level are mostly harmless. You control these filters to sort or categorize your incoming mail. Rarely are they used to automatically delete or reject messages.

Filters applied by ISPs and hosting companies at the MTA are another story entirely. Rather than directly addressing the spam problem, these filters reflect a "circle the wagons" mindset. The companies are putting a wall around their circle of clients, segmenting what should be an open network. Clients of ISPs and host companies are mostly unaware of the specifics of these filtering activities. The consequences can often be severe and expensive. Host company filtering is particularly bad for small businesses, which rely heavily on every possible contact. Since it's almost impossible to detect mail that isn't received, a small business could suffer irrevocable harm from a missed communication. Filtering Internet content by public institutions is a practice that was discredited for libraries several years ago. Why should ISPs and hosting companies be filtering your e-mail?

Fact: E-mail filters can detect spam mail.
Fantasy: E-mail filters only detect spam mail.

How many times have you anxiously awaited the arrival of a letter in your mailbox? At least you were pretty confident that if it were sent, it would be delivered. Not so with e-mail! As more filtering is applied to the e-mail system, the more likely it is that legitimate mail will get trashed or re-routed. This secret has been with us for some time now. See for instance an article by Steve Outing, going back to 2002 [4]. It's a secret that ISPs don't want you to know about.

The problem is twofold. Mail filters are not intelligent. They're simple applications run on dumb computers. They make mistakes. They especially make mistakes because wily spammers are out to see that they do. Essentially spammers use the technique of constantly changing both the content and structure of their messages so there can be no clear definition of spam mail as seen by a filter. In fact spammers are training Bayesian filters to purposely make mistakes by using hash buster techniques [5]. You may have received some of the mail they send. The message will have a full paragraph of legitimate words in a random sequence. This content causes the filter to be uncertain about the message being spam mail.

Adding to this uncertainty is that as individuals we differ on what messages we think are spam. Or at least we differ on what spam mail we want to receive. Some of us may welcome porno messages or Viagra adds while others may look forward to getting the lowest interest rate for their mortgage or a new minicam. The point is that it's your personal preference that determines what constitutes unwanted e-mail. And unwanted mail is what most of us define as spam. Deciding what messages we can read is not a function we should delegate to some impersonal ISP.

Without a good definition of spam mail, Internet service providers have resorted to other tactics to block what they think is unwanted e-mail. They are using white lists of acceptable mail senders and black lists of unacceptable senders. List filters are the most sinister form of filtering because they are indiscriminate, frequently block legitimate sources, require constant updating, and are subject to the political vagaries of the people creating the lists. Some list filters even require access to a third portal in the e-mail transaction providing a potential bottleneck with an additional point of communication failure.

ISP list filters are increasingly blocking requested newsletters and transactional messages (mostly automated responses to Internet purchases or requests). For instance many newsletters were being mailed by small businesses direct from a desktop application using a broadband connection. This mailing technique uses a dynamic IP address. AOL and others now have a policy of indiscriminately blocking all mail from dynamic IPs. The result is that you may no longer be receiving mail you requested. The consequences are alarming! Senator John McCain, Chairman, Committee on Commerce, Science, and Transportation in a May 20, 2004 congressional hearing on the CAN SPAM Act had this to say [6]:

"The rising tide of spam is driving nearly a third of consumers away from using e-mail, a result that could well impact Internet usage and, consequently, the future financial health of our telecommunications, online retail, and information technology industries."

The problem with ISP and host level e-mail filtering is that you never know who or what is determining which messages you receive and most often you are not allowed to know. ISPs can conveniently claim that this kind of policy opaqueness is needed to prevent spammers from learning the techniques and working around the filters. E-mail filtering at the ISP is like the postman standing at your mailbox, reading your mail and deciding from the envelope or the message just which letters he'll let you have and which ones he's going to throw away.

ISPs And The Law:
Filters applied at the ISP servers are a form of censorship of your mail. Should this be allowed, especially when you have no control or knowledge as to what the ISP is up to? How and what to regulate when it comes to Internet Service Providers, however, is still an open question. In the one instance they appear to fall under modern definitions of a common carrier over which the Federal Trade Commission would have jurisdiction. On the other hand the Telecommunications Act of 1996 extended federal jurisdiction over competitive local exchange interconnection; however, at the same time, the Act did not extend traditional regulation to the Internet. This has left the field open to heated debates about regulating ISPs. See for instance references [7] and [8] below.

In all respects, ISPs would appear to be common carriers. This should mean that, to protect the public interest, ISPs, like telephone companies, Western Union, the US Postal Service, etc should be subject to the same laws and regulations as imposed on those other communication entities. Specifically, common carriers of communications are prohibited from altering, sharing, reading (listening to), and refusing your messages. Unfortunately ISPs have for now been exempted from these regulations. They can read your mail, they can share your communications with third parties, and they can refuse connections to other ISPs [10]. And these actions are not limited to just e-mail. ISPs can block access to specific IP addresses or a whole range of addresses, making certain web sites inaccessible.

These dubious filtering activities in the name of expediency for blocking spam mail are creating a segmented Internet with ISPs controlling the segment boundaries. It isn't even clear why ISPs would still want to do this. Spam blocking started out as a way for ISPs to reduce the storage requirements at the mail server, which were becoming costly. It was sold to clients as a new feature, having the benefit of reducing the amount of unwanted mail in your mailbox. Both results were true. However, it must be that ISPs now feel locked into filtering because of the earlier sales pitch. It is very likely that with higher speed networks and the diminishing cost of storage, filters and filter maintenance is now costing the ISPs more than if they left the situation alone and let their clients apply filters at the UA level.

The current results of server level filtering are disconcerting. The effect is that the Internet is becoming, as Senator McCain has pointed out, less and less a trusted means of communication. The expedient of blocking spam mail is no excuse for letting the ISPs rain rough shod over our network. Filtering at the ISP server level should not be allowed. This doesn't mean though, that in the interest of an open Internet, we have to let spamming prevail over legitimate uses of the e-mail system. There are alternatives.

Fact: Spam mail will always be with us.
Fantasy: Spam mail is a complex problem requiring complex solutions.

Yes, it is true that spam mail will always be with us just the same as we still receive junk mail in our postal box. Spam is more of a problem of quantity, not quality. We don't usually mind a few ads in our postbox that the advertiser feels are worth the expense of mailing.

What makes spam seem like a complex problem is that we are attempting to micro manage the activity using a variety of techniques, each technique having its own limitations, requiring another set of fixes. This approach almost always leads to disaster.

The best spam filter is you. Usually it's a pretty trivial task for you to distinguish spam mail from messages you want. The problem is simply your time and aggravation, and the likelihood of deleting a good message because of all the noise created by spam. A more desirable alternative to filtering is to eliminate spam mail at the source by charging for sending messages. Almost everyone agrees that if spammers had to pay to send their message, all of the really junk stuff would be eliminated right away. It's a well-known axiom that a myriad of potentially very complex problems are resolved very simply with economic incentives and disincentives.

The idea of paying for e-mail service is not new; however there has consistently been an uprising of public sentiment against any move to charge for sending e-mail messages, claiming that e-mail service is free, always been, and should remain so. This is a naive belief. E-Mail service has never been free; it's just that the costs associated with e-mail service have been lumped in with all of the other services you get from your ISP or hosting company. You might be shocked if the e-mail portion of your ISP's bill were shown as a separate item. It might be as much as one third of the bill. And have no doubt about it, as ISPs install and manage more and more filters, the cost of e-mail service continues to rise. Some providers are already charging extra for e-mail with filtering services.

A Viable Alternative:
What if though there was a way to significantly reduce spam mail and at the same time not trash or misplace any messages intended for your mailbox? What if you could sort the mail you do receive into boxes according to your own priorities or what we might call privacy levels? What if advertisers had to pay to send their messages but you do not? Wouldn't this be the most effective answer to the spam problem? It's even better than the postal system, which usually charges advertisers less than they charge you.

We're not just speculating; there is a way. It's based on a system called eMstamp. An eMstamp is a binary token used in a way similar to a postage stamp. The difference is that you pay for a postage stamp while an eMstamp is applied to messages and paid for by the MTA, the electronic equivalent of the post office. You don't pay a thing. With eMstamp when an advertiser wants to send mail, the tables are turned. This time the MTA checks your mailbox to find out how many stamps you require before you'll allow delivery of the message. If the advertiser isn't willing to post the required number of stamps, then the MTA can't send the message.

Details on the operation of eMstamp can be found at http://eMstamp.org [9]; however, the system is fairly simple. An eMstamp is created at the sending MTA by incorporating credits purchased in bulk. The eMstamp is then affixed to the outgoing message. The receiving MTA verifies the incoming eMstamp and strips the applied credits for reuse in sending mail. Since most ISP MTAs receive more mail than they send, they'll have an excess of credits available for sending mail. The same isn't true of MTAs used by commercial mailers and spammers. These MTAs send more mail than they receive. They will have to purchase credits to continue operation or else have their mail rejected. Even with a very low cost of credits, spammers will find that indiscriminately sending millions of messages a day has suddenly become very expensive. At the same time legitimate advertisers should have no problem paying a small fee to guarantee delivery and discriminately send messages that they feel are worth the effort.

In light of the eMstamp alternative, the path to ending the spam mail pandemic is clear. Filtering only leads to more spam, more expense, a segmented Internet, and censorship of our e-mail. Let's not let Internet Service Providers dictate the source or content of messages we can receive. We must let market forces prevail so that we alone control the messages we get.

References:
[1] Spam: How it is hurting email and degrading life on the Internet
http://www.pewinternet.org/reports/toc.asp?Report=102

[2] School of Technology: E-Mail
http://www.iiaba.net/VU/Lib/Tec/TI/EmailMain.htm

[3] E-mail filters prove big business ....
http://washingtontimes.com/business/20030716-112006-4134r.htm

[4] I'm Sick and Tired Of Spam (Filters)
http://www.editorandpublisher.com/eandp/news/article_display.jsp?vnu_content_id=1570036

[5] Random Acts of Spamness
http://www.wired.com/news/infostructure/0,1377,61886,00.html

[6] The Testimony of The Honorable John McCain Chairman, U.S. Senator
http://commerce.senate.gov/hearings/testimony.cfm?id=1199&wit_id=2160

[7] FTC Seeks End to Communications Common Carrier Exemption
http://www.techlawjournal.com/topstories/2003/20030611.asp

[8] Review of Regulatory Requirements for IP-Enabled Services
http://www.regulations.gov/TOPIC_47.cfm

[9] eMstamp is a patent pending creation of ImagineNation Inc.
http://ImagineNation.com http://eMstamp.org

[10] Online Privacy "Eviscerated" by First Circuit Decision.
http://www.eff.org/news/archives/2004_06.php#001658