In the last 12 months, the problem of spam has caught the attention of consumers, enterprises, and governments worldwide. ISP’s such as AOL, Hotmail, and Yahoo! have implemented filtering technology to block unsolicited e-mail from mailboxes. Governments have reacted by passing legislation defining the unlawful use of e-mail. However, today’s e-mail systems make tracking down offenders difficult, and often impossible. There is universal agreement that more effective spam deterrents are needed.
Coordinated Attack on Spam
On February 14, Microsoft published a technology and policy proposal called the Coordinated Spam Reduction Initiative (CSRI) suggesting several ways to reduce spam. One method is monetary or CPU utilization payments for sending e-mail. Media coverage of this particular scheme has dwarfed the other proposals put forward by CSRI creating a debate that has failed to clarify the effects or viability of the proposal as a whole.
Coordinated Spam Reduction Initiative
CSRI proposes improving the effectiveness of mail filters by enhancing current e-mail standards. By adding more information to a message header, filters have more inputs to base a decision on. The proposal is calculated to promote Microsoft’s Exchange server strategy and is shared by competitors as a sensible approach to improving spam filtering. Anti-spam vendors Brightmail, Sophos, Tumbleweed, and e-mail platform vendors Sendmail and Lotus Notes are following suit.
However, filtering can never be a perfect solution because no matter how much information we have to base a decision on, the definition of spam is subjective, not absolute. The problems caused by modern spam filters for legitimate e-mail marketing firms affirm that one person’s spam is another person’s ham. For every user who lodges a complaint against a piece of spam, there are users who will complain if they do not receive the e-mail.
The limitations of filtering are recognized by CSRI in its promotion of other mechanisms to control spam. Despite its significant media attention, micropayment schemes are given only lip service, with recognition of the enormous effort and infrastructure needed to set up.
Scrutiny of Alternative Spam Schemes
Users will not pay for e-mail anytime in the near future, if ever, and no viable proposals exist to achieve such a goal. Payments in the form of CPU utilization are explored in a lot more detail, including what types of puzzles, and how hard to make them to create a system where sending spam is uneconomical. These mechanisms will result in e-mail senders and receivers paying for e-mail with CPU utilization. A clever idea, yet one that seems wasteful of computing resources. Taking a free communications medium and imposing a payment mechanism on it is also fraught with social and political issues.
A related proposal, where business or bulk e-mail users pay for reputation services is more intuitively fair and likely to succeed. With such systems, consumers do not pay to e-mail Grandma, but e-mail marketing firms must pay to send in bulk. Some schemes are currently in operation, for example from Ironport or Goodmail, but proving the concept requires scale and vendor co-operation that does not exist today. Both reputation and payment schemes will enable the creation of multiple service levels for e-mail--reliable and spam free channels alongside less reliable free and open channels. Any kind of payment scheme will almost certainly spawn free e-mail-like messaging services. If users have to pay for SMTP, they will turn to other less ubiquitous protocols to meet their needs. This will affect the long-term interoperability of messaging systems.
The last proposal put forward by CSRI is authentication for e-mail--the Caller ID initiative--mirrored by AOL’s SPF and Yahoo’s Domain Keys. All fall short of authenticating senders, but represent a huge leap forward in our ability to trace e-mails to the originating domain. We cannot do this today so enforcement of new e-mail regulations is extremely difficult. If e-mail senders can easily disguise their identity, there is little chance of tracking them down particularly across international boundaries.
Market Impact
The CSRI proposal is Microsoft’s bid to solve the spam problem and dominate the market for e-mail communications. Microsoft’s Exchange platform and consumer e-mail service MSN Hotmail are the ideal launch pad for redefining the nature of e-mail infrastructure. They are ubiquitous, so there is great profit and PR potential. Competing ISP’s AOL and Yahoo hope to profit from it too.
The domain authentication or bonded sender scheme that succeeds will reap huge rewards for the parties with controlling interest in the next 12 to 24 months. Micropayment or CPU utilization methods that require large supporting infrastructures would create jobs, and wealth but not for 3 to 5 years. No scheme will succeed without consumer and enterprise support, and judging by the tone of media coverage, payment schemes for e-mail have not achieved this yet. Consumers and enterprises remain skeptical and confused of the proposals and how they will ultimately affect the way we use e-mail.
Bottom Line Recommendations
Microsoft has scored a major win against ISP and e-mail platform competitors. AOL and Yahoo! need to gain more support for their respective anti-spam initiatives or partner with Microsoft. Microsoft is in an ideal position to remake e-mail, but to succeed in the long term, it needs to garner widespread consumer and enterprise support for CSRI.
IBM, Novell and Oracle need to define their spam and e-mail security strategy. Addressing reliability, confidentiality and content integrity issues (spam) will differentiate from existing proposals. Consumers and enterprises are more likely to pay for and support e-mail infrastructure that guarantees delivery, availability and is spam-free.
Enterprise and consumer led coalitions are needed to drive authenticated domain and bonder sender programs. No scheme will succeed without broad consumer and enterprise support. Vendors should seek forums to solicit enterprise and consumer feedback and support.
The Yankee Group originally published this article on 20 April 2004.
