boston.com Business your connection to The Boston Globe
UPGRADE

Spam block has its own ethical issues

A couple of years ago, this column featured the prediction that the junk e-mail problem would be coming under control right about now. So much for clairvoyance.

Instead, between 60 and 70 percent of the world's e-mail is spam. Even a federal anti-spam law and a number of high-profile federal prosecutions haven't put a kink in the hose. With so many junk mail marketers on the loose, locking up a couple here and there makes hardly any difference. Distracted by terrorism, drugs, and organized crime, cops won't hammer the spammers with an all-out nationwide dragnet, the only strategy that might work.

Perhaps technology can save us: more aggressive spam filters, maybe, or new technologies that will identify and block spammers before they can run wild. Many such ideas are making the rounds; why haven't they paid off? In large part, because spam-fighters have spent so much time sparring among themselves.

Just look at the dispute over Sender ID, an e-mail authentication system backed by Microsoft Corp. Most spam contains phony return addresses, making it hard to track the filth back to its lair. Sender ID would add a feature to the e-mail system that would enable it to confirm the true origin of a piece of e-mail, thus making it harder for spammers to hide. It's not a cure-all -- you would still need to block the spam. But that's a lot easier when you've accurately identified the source.

But will Sender ID work? A recent study by a panel of technical experts found that the system has a host of technical problems. That hasn't stopped Microsoft from trying to patent key portions of the technology. This move terrified other firms, who don't want their e-mail put at the mercy of the world's most merciless software company. So some of them have rallied around an alternative authentication system developed by the search company Yahoo Inc.

The Internet Engineering Task Force, which must decide on the best technical solution, is still thinking about it. ''No consensus has yet been reached concerning a single technical approach," the task force said last month, news that no doubt warmed many a spammer's heart.

It's enough to make you feel trapped, desperate, eager to strike back with any tool at hand. So an Israeli entrepreneur's plan to choke spam at its source has a certain spiteful appeal.

''We're looking for people who are willing to stand up for their online rights," said Eran Reshef, founder and chief executive of Blue Security Inc. The company, in Menlo Park Calif., and Herzliya, Israel, has scared up $3 million in venture funding from Benchmark Capital. Now it's rounding up a digital posse to unleash against the companies that torment us.

Blue Security's system, called Blue Frog, is available free at bluesecurity.com. Blue Frog registers the user's e-mail address, then creates a dozen or so fake addresses linked to the real address. The phony addresses are ''honeypots," designed solely to trap spam. When junk mail turns up, the Blue Frog system analyzes the spam to identify not its sender, but the advertiser that uses the spam to sell his wares -- cheap Viagra tablets, for instance. These sleazy entrepreneurs put Web links in these e-mail messages, so they're easy to find.

Then Blue Frog generates a program that goes to the site's order page, and types in a message demanding an end to the e-mails. Every time a Blue Frog user gets a spam message at any of the honeypot addresses, the system automatically complains. Reshef is betting that if he can get a critical mass of 100,000 users, Blue Frog will overwhelm spam advertisers with a relentless barrage of complaints, eventually driving them right off the Internet.

It sounds deliciously nasty. But in the view of expert spam warriors, it's a lousy idea, and perhaps even illegal. ''How the heck he got funding for this is a mystery to me," said Anne Mitchell, CEO of the Institute for Spam and Internet Public Policy.

For one thing, there's the risk of sending complaints to legitimate e-mailers, like banks or travel services. When a traditional spam filter makes a mistake, people don't get their credit card bills. If Blue Frog screws up, an honest company's website could be crushed under a landslide of gripes, and Blue Frog gets clobbered with a lawsuit.

Reshef said that Blue Frog uses human checkers to make sure that spam really is spam. But with billions of messages, good and bad, racing across the Net every day, the company can't manually check enough of them to do any good.

''Either they're not going to automate it, in which case it's never going to grow," said Mitchell, ''or they are going to automate it, in which case it's going to start making mistakes."

There's also the matter of ethics.

Remember Make Love Not Spam? That was a gimmick introduced last year by Internet search company Lycos. Users installed a screen saver that bombarded spam websites with nuisance traffic. Within days of launching it, Lycos shut it down after antispam activists worldwide denounced the concept. Flooding the Internet with antispam attacks, the critics said, was almost as bad as the spam itself. Besides, in the United States, deliberately clogging someone else's network violates federal law.

Reshef said Blue Frog is different, because people have the right to respond to incoming e-mails.

But Mitchell, an attorney, isn't having any of that. ''It's questionably legal, and completely unethical," she said.

In an interview with the Associated Press, spam-fighter John Levine, of the Coalition Against Unsolicited Commercial E-mail, called Blue Frog ''the worst kind of vigilante approach."

Maybe they're right. In any case, it's depressing to realize that all these people are supposed to be on the same side, protecting us from digital dreck. Yet after all these years, the spam warriors are still arguing over which knife to bring to the gunfight.

Hiawatha Bray can be reached at bray@globe.com.

SEARCH THE ARCHIVES
 
Today (free)
Yesterday (free)
Past 30 days
Last 12 months
 Advanced search / Historic Archives