One of the thorniest subtexts to the spam epidemic has to do with permission and the accuracy of a spam diagnosis.

No one likes an uninvited intrusion into their inbox. But the question of what constitutes an invitation to barge into our inboxes has recently become the subject of much controversy. Some bulk e-mailers are claiming that they've been falsely accused of spamming. While they say they've received your permission to send you e-mail, many of you say you've granted them no such thing. With no way to thoroughly investigate each case, Internet service providers (ISPs) are stuck in the middle and usually give their customers the benefit of the doubt.

All too often, ISPs' responses to customer complaints involve the automated blocking of all e-mail from a particular source once the number of complaints has risen above a certain threshold. The result, claim some high-volume e-mailers, can be an intolerable degree of collateral damage.

Since starting JamSpam and hearing hundreds of war stories from both sides, I'm convinced that the current approach to determining who is a spammer and who is not simply does not work.

For example, CodeAmber.org co-founder Hobie Woolen sends e-mails to individuals and law enforcement agencies who've subscribed because they want to help recover abducted children . Five percent of these potentially lifesaving e-mails never reach their destination, Woolen says, because some ISPs consider a certain amount of collateral damage-- legitimate bulk e-mail that's falsely classified as spam-- to be acceptable.

Perhaps the biggest problem is that there's no standard way for getting permission. Most e-mail senders believe that if a closed permission loop exists, e-mail they send should get a hall pass. In a closed loop, if you try to sign me up for a newsletter, I will be given the opportunity to confirm that via e-mail. Presumably, I'm the only one with access to my inbox and, if I accept the confirmation, the newsletter will begin to flow to me on a periodic basis. If I don't confirm it, I receive nothing.

		Reader Resources Spam ZDNet White Papers

More advanced companies have registration systems that require users to set up an account, a process which itself requires e-mail confirmation. Once an account is established, subscription preferences can only be adjusted when the user is logged in.

However, you may be inadvertently granting your permission to many high volume e-mail senders. For example, if you fill out a raffle ticket to win a car at a local dealership and you supply your e-mail or mailing address, you've given the raffle organizer unrestricted access to that personal information--which may not have been your intention. As a result of that inadvertent act, you may get an e-mail weeks or months later. The e-mail may not even be from the raffle organizer, so you'll likely have no idea how the sender came into possession of your e-mail address. You'll decide that it is spam. Indeed, to you, it is spam, and you have a right to say so. You should also have the right to stop future transmissions.

But, to the raffle organizer, the e-mail was legitimate. You gave the raffle organizer your e-mail address. In fact, such raffles are often organized specifically to develop sales leads. When you fill out raffle tickets, coupons, and special offers on the sides of cereal boxes, you're helping someone build a list of qualified leads. And unless a privacy agreement was presented to you before you supplied the information, there are virtually no restrictions on what can be done with that data. They can keep it for themselves, give it away, or sell it.

Some spam-haters agree that legitimate high-volume e-mail senders exist, but say that if those e-mail senders need to be eliminated in the course of eliminating the spammers, so be it. This scorched Internet policy is short-sighted, lazy, and unfortunate. Our goal shouldn't be to put the raffle organizer out of business. Our goal should be to have some control over our personal information and our inboxes. We need to figure out a way to enable both e-mail senders and receivers to arbitrate permission.

If someone who sends me e-mail thinks they have my permission to do so, they should be asked to prove it. This could be codified into a standard specification whereby my e-mail client interrogates an incoming message for an explanation of why the sender thinks it has my permission. I should be able to see the results of that interrogation and then have the option of accepting that e-mail or turning it away. Furthermore, I should be able to revoke that permission in the event that I feel a specific instance of my permission has been inadvertently granted or abused. Subsequent e-mails attempting to gain entry into my inbox under the assumption of that specific permission would be denied entry.

Currently, a permission tracking system that is open for royalty-free implementation by all e-mail system developers does not exist. Some people have suggested the idea of disposable e-mail addresses. Theoretically, in filling out a raffle ticket, I would supply a unique e-mail address that no one else gets, but that ultimately maps to the same inbox as the other unique addresses that I've given out. If one of those conduits ends up getting abused, I have the option to shut it down. This technique, as plausible as it sounds, puts significant burden on the end user to manage the dispensation of unique, disposable addresses.

It is precisely because of complex issues like permission that everyone with a stake in the spam problem has to slow down and take a deep breath.

For example, if part of the permission problem can be solved with technology, and another part can be solved with legislation (requiring commercial enterprises to include permission information in their e-mails), the two solutions can work in tandem. But technology and legislation are just two of many approaches needed to stop spam over the long run. Establishing a 360-degree view of the problem and then intercepting the current anti-spam work (technical, legislative, etc.), is the sort of holistic approach that I've been advocating--and it's the driving impetus behind JamSpam.

At JamSpam's second meeting, held earlier this month, the attendee list read like a who's who of communities with a major stake in the long-term viability of Internet e-mail. All of the major ISPs and the major e-mail client and server developers were there. So too were the top management and security solution providers. End users had representation, as did the high-volume e-mail community. Finally, the non-profit privacy and anti-spam advocacy groups were there in strength. The meeting's primary goal was for each community to present their view of the spam world to the others. It was an important step towards establishing the foundation of information on which those looking to solve the problem --- be they standards bodies, governments, or solution providers --- should act.

Some of the issues, concepts, and ideas were truly eye opening, and most attendees told me they heard views or facts that they hadn't taken into consideration before--and that changed their thinking. Mission accomplished.

Once again, I'd like to commend the companies that have stepped up to the plate in the recognition of the need for such a holistic approach.

A third meeting is in the works.

My inbox is overloaded with suggestions on how to solve spam. I'veheard it all (including Webcasting a spammer lynching). So, rather than sending me your idea of how to build a better mousetrap, share your ideas with your fellow readers by using ZDNet's TalkBack below.