Tech firms, lawmakers target spam, e-mail fraud
Unsolicited messages steal recipients' time, money
Shamik Ghosh, a Laurel business developer, has to delete junk mail from his wife's account when she's out of town so the deluge of spam doesn't crash the inbox.
And Deborah Tillet, president of a Hunt Valley gaming company, is so fed up with spam, she's considering not giving her e-mail address to "anyone ever again."
Rife with spam and scams, e-mail has reached the point of surrender for many. When Bill Gates proclaimed this year that spam would be gone by 2006, raised eyebrows and much skepticism greeted his prediction.
But that target might not be so far off, industry executives say. Technology companies began joining forces this year to develop a counterattack. Recent government actions, including an anti-spam law in Maryland that took effect this month and is regarded as one of the nation's toughest, also point to a growing recognition of the need for a solution.
"I think you'll see some real changes within three years," said Deborah Fallows, a researcher with the Pew Internet and American Life Project in Washington.
Just as phone solicitations mushroomed after the telecommunications reform act of the mid-1990s, interrupting dinners and forcing the advent of a national Do Not Call list a year ago, e-mail is reaching a "crisis," as one member of the Federal Trade Commission put it.
E-mail spam and fraud are harder to corral than telemarketing, however. The volume of messages is much greater, and it's easier for senders to conceal their identities or addresses.
The trade commission decided last summer not to pursue a "Do Not Spam" list. It concluded that spammers would use the list as verification of real e-mail addresses to which they could send solicitations for everything from real estate loans to erectile dysfunction drugs.
"The volume of spam is growing at astonishing rates," FTC Commissioner Orson Swindle has said. Though estimates differ, experts generally agree that spam -- the nickname given to most unsolicited electronic pitches, including illegal scams -- now makes up between 70 percent and 80 percent of all e-mail, up from about 10 percent just three years ago and about 30 percent last year.
Forged e-mail has also become more prevalent and sophisticated. By using fake Web sites and logos that resemble familiar financial services companies, e-mail "phishers" have become more convincing in luring consumers to respond with their personal financial information, which is then used to raid their accounts. While many people have learned to be skeptical of messages in their inboxes, 1.4 million people divulged confidential information in cases of e-mail fraud last year, according to the Gartner Group research firm.
Phishing has increased 17-fold since December, to nearly 2,000 different scams, according to the Anti-Phishing Working Group, an industry association fighting cyber crime. Among corporate targets, New York financial giant Citibank has been hit hard, with nearly 700 false requests for data purporting to be from the company popping up in July.
Two main factors have fed the spam explosion: the global nature of the Internet and greed. As more nations have become Internet-savvy, their spammers have joined the pool. And e-mail crime too often pays. It costs less than a penny to send an e-mail, and about one-third of e-mail users respond to the unsolicited ads, the Pew Internet and American Life Project reported.
Filters to block spam, installed by businesses or individuals on their computers, have provided some help, but they have spawned their own problems by rejecting legitimate e-mail, such as receipts for online transactions, newsletters or advertising from companies with which consumers have a relationship. John Karpovich, president of Port25 Solutions Inc., an Ellicott City technology company working on a solution, estimated that nearly one-fifth of legitimate e-mail is accidentally blocked by anti-spam filters.
"I use a spam software package that is 99 percent accurate at detecting spam and puts it into a special folder, but I still have to look at each [one] to ensure that it isn't from an associate or sales prospect," Jason Hardebeck, chief executive of WhoGlue Inc., a Baltimore software company, wrote in an e-mail. "I still end up spending an extra 45 minutes to an hour a day verifying that I'm not throwing the baby out with the bath water."
Several Internet service providers -- including Microsoft, Yahoo Inc. and America Online Inc. -- are working on developing ways to verify the identity of an e-mail sender so spammers can be found and prosecuted. But devising universal remedies is difficult: The Internet Engineering Task Force, a standards-endorsing body, rejected a Microsoft proposal as a global remedy last month partly because the company wanted to keep the intellectual property private.
The FTC said it would prefer the industry choose a standard, but said it will step in and impose one if necessary. The trade commission is meeting next month to discuss future steps.
Three identification methods that promise different ways of weeding out messages with fake return addresses are being tested.
America Online is exploring ways to verify that the address listed on an e-mail's "envelope" -- the internal data concealed from the viewer -- is authentic. Microsoft is working on verifying that the address listed in the "from" line of an e-mail message is true. Meanwhile, Yahoo is trying to authenticate the message itself through a digital signature, the equivalent of an e-mail fingerprint. Initiatives are also under way that would rank a company's reputation according to its e-mail etiquette, like eBay traders get ranked by the past reliability of their wares.
"All of us here collectively in the industry, we're just testing," AOL spokesman Nicholas Graham said. "We're asking others to be patient. ... It does take time to get it right."
One of the toughest state laws to fight spam and e-mail scams took effect this month in Maryland, threatening fines of up to $25,000 and penalties of as much as 10 years in jail. It's similar to the federal Can Spam Act that took effect in January. But lacking a way to verify the sender, legal remedies ring hollow, some experts say.
"There's not a shortage of legislation saying that `spamming is bad,'" said John G. Palfrey, executive director of the Berkman Center for Internet and Society at Harvard Law School. "But the question is really one of enforcement. Are you able to enforce the laws that are on the books? ... One very big fear about spam is it will turn off people from electronic commerce and using e-mail in general."
Introduced in 1971, electronic mail was used initially by people within government, universities and research institutions -- people who knew and generally trusted each other, or at least the content within one another's messages. But once e-mail went mainstream in 1993, the medium's wide reach and ease-of-use also made it susceptible to cons and come-ons. The exponential growth of the problem is driving the hunt for a solution.
Until one is found, people must wrestle with the awkward adolescence of a technology that has transformed communications.
"Ninety percent of my e-mails are spam, and I receive a total of 200-plus a day," Gloria Berthold, an executive of Marketing Outsource Associates Inc. in Elkridge, wrote in an e-mail. "I am definitely deluged with spam and not happy about it. I would love to eliminate all the drugs, insurance, pornography and mortgage spams."