Tech firms, lawmakers target spam, e-mail fraud

Sun Staff

Marci De Vries, a Baltimore marketer, won't open her e-mail in front ofclients, fearful that they'll think she's a pervert when they see some of thesubject lines on her screen.

Shamik Ghosh, a Laurel business developer, has to delete junk mail from hiswife's account when she's out of town so the deluge of spam doesn't crash theinbox.

And Deborah Tillet, president of a Hunt Valley gaming company, is so fed upwith spam, she's considering not giving her e-mail address to "anyone everagain."

Rife with spam and scams, e-mail has reached the point of surrender formany. When Bill Gates proclaimed this year that spam would be gone by 2006,raised eyebrows and much skepticism greeted his prediction.

But that target might not be so far off, industry executives say.Technology companies began joining forces this year to develop acounterattack. Recent government actions, including an anti-spam law inMaryland that took effect this month and is regarded as one of the nation'stoughest, also point to a growing recognition of the need for a solution.

"I think you'll see some real changes within three years," said DeborahFallows, a researcher with the Pew Internet and American Life Project inWashington.

Just as phone solicitations mushroomed after the telecommunications reformact of the mid-1990s, interrupting dinners and forcing the advent of anational Do Not Call list a year ago, e-mail is reaching a "crisis," as onemember of the Federal Trade Commission put it.

E-mail spam and fraud are harder to corral than telemarketing, however. Thevolume of messages is much greater, and it's easier for senders to concealtheir identities or addresses.

The trade commission decided last summer not to pursue a "Do Not Spam"list. It concluded that spammers would use the list as verification of reale-mail addresses to which they could send solicitations for everything fromreal estate loans to erectile dysfunction drugs.

"The volume of spam is growing at astonishing rates," FTC CommissionerOrson Swindle has said. Though estimates differ, experts generally agree thatspam -- the nickname given to most unsolicited electronic pitches, includingillegal scams -- now makes up between 70 percent and 80 percent of all e-mail,up from about 10 percent just three years ago and about 30 percent last year.

Forged e-mail has also become more prevalent and sophisticated. By usingfake Web sites and logos that resemble familiar financial services companies,e-mail "phishers" have become more convincing in luring consumers to respondwith their personal financial information, which is then used to raid theiraccounts. While many people have learned to be skeptical of messages in theirinboxes, 1.4 million people divulged confidential information in cases ofe-mail fraud last year, according to the Gartner Group research firm.


Phishing has increased 17-fold since December, to nearly 2,000 differentscams, according to the Anti-Phishing Working Group, an industry associationfighting cyber crime. Among corporate targets, New York financial giantCitibank has been hit hard, with nearly 700 false requests for data purportingto be from the company popping up in July.

Two main factors have fed the spam explosion: the global nature of theInternet and greed. As more nations have become Internet-savvy, their spammershave joined the pool. And e-mail crime too often pays. It costs less than apenny to send an e-mail, and about one-third of e-mail users respond to theunsolicited ads, the Pew Internet and American Life Project reported.

Filters to block spam, installed by businesses or individuals on theircomputers, have provided some help, but they have spawned their own problemsby rejecting legitimate e-mail, such as receipts for online transactions,newsletters or advertising from companies with which consumers have arelationship. John Karpovich, president of Port25 Solutions Inc., an EllicottCity technology company working on a solution, estimated that nearly one-fifthof legitimate e-mail is accidentally blocked by anti-spam filters.

"I use a spam software package that is 99 percent accurate at detectingspam and puts it into a special folder, but I still have to look at each [one]to ensure that it isn't from an associate or sales prospect," Jason Hardebeck,chief executive of WhoGlue Inc., a Baltimore software company, wrote in ane-mail. "I still end up spending an extra 45 minutes to an hour a dayverifying that I'm not throwing the baby out with the bath water."

Several Internet service providers -- including Microsoft, Yahoo Inc. andAmerica Online Inc. -- are working on developing ways to verify the identityof an e-mail sender so spammers can be found and prosecuted. But devisinguniversal remedies is difficult: The Internet Engineering Task Force, astandards-endorsing body, rejected a Microsoft proposal as a global remedylast month partly because the company wanted to keep the intellectual propertyprivate.

The FTC said it would prefer the industry choose a standard, but said itwill step in and impose one if necessary. The trade commission is meeting nextmonth to discuss future steps.

Three identification methods that promise different ways of weeding outmessages with fake return addresses are being tested.

America Online is exploring ways to verify that the address listed on ane-mail's "envelope" -- the internal data concealed from the viewer -- isauthentic. Microsoft is working on verifying that the address listed in the"from" line of an e-mail message is true. Meanwhile, Yahoo is trying toauthenticate the message itself through a digital signature, the equivalent ofan e-mail fingerprint. Initiatives are also under way that would rank acompany's reputation according to its e-mail etiquette, like eBay traders getranked by the past reliability of their wares.

"All of us here collectively in the industry, we're just testing," AOLspokesman Nicholas Graham said. "We're asking others to be patient. ... Itdoes take time to get it right."

Legal remedies

One of the toughest state laws to fight spam and e-mail scams took effectthis month in Maryland, threatening fines of up to $25,000 and penalties of asmuch as 10 years in jail. It's similar to the federal Can Spam Act that tookeffect in January. But lacking a way to verify the sender, legal remedies ringhollow, some experts say.

"There's not a shortage of legislation saying that `spamming is bad,'" saidJohn G. Palfrey, executive director of the Berkman Center for Internet andSociety at Harvard Law School. "But the question is really one of enforcement.Are you able to enforce the laws that are on the books? ... One very big fearabout spam is it will turn off people from electronic commerce and usinge-mail in general."

Introduced in 1971, electronic mail was used initially by people withingovernment, universities and research institutions -- people who knew andgenerally trusted each other, or at least the content within one another'smessages. But once e-mail went mainstream in 1993, the medium's wide reach andease-of-use also made it susceptible to cons and come-ons. The exponentialgrowth of the problem is driving the hunt for a solution.

Until one is found, people must wrestle with the awkward adolescence of atechnology that has transformed communications.

"Ninety percent of my e-mails are spam, and I receive a total of 200-plus aday," Gloria Berthold, an executive of Marketing Outsource Associates Inc. inElkridge, wrote in an e-mail. "I am definitely deluged with spam and not happyabout it. I would love to eliminate all the drugs, insurance, pornography andmortgage spams."

Copyright © 2018, The Baltimore Sun, a Baltimore Sun Media Group publication | Place an Ad