How to Deal With Spammers -- and How Not To

By: Steve Outing

"Spam, spam, spam, spam, spam, spam, spam."

Ah, if only the issue of "spam" were as amusing as that memorable old Monty Python routine. Unfortunately, spam is growing into a serious problem for Internet providers, and debates are raging on how to control it while still respecting free speech rights.

In recent days, two high-profile online providers have devised ways to block spammers from sending junk e-mail to their customers. Each approach has been problematic.

First there's America Online, which decided to block out any messages sent to AOL members from several "pirate" domains of known bulk e-mailers known as the worst spam offenders. A court blocked that move, saying that AOL can't filter e-mail from one of the blocked companies, Cyber Promotions, because AOL would also be blocking out mail that some AOL customers want to receive. A court case is scheduled.

Then there's New York-based Panix, an Internet service provider that created a filtering system containing the names of "troubled" Internet sites -- those known to be dedicated to bulk e-mail spamming. The scripts are available for Panix users to automatically filter their incoming mail and trash mail from those sites before it reaches their e-mail boxes.

This seems like a smart approach, but Panix took it a couple steps further. As an option, Panix will send mail to postmaster@offending-site telling them that a Panix user (without identifying the individual e-mail address) is automatically discarding all mail from their site. Users also are invited to submit sites for filtering, and Panix adds them after confirming that they are "troubled" sites.

Apparently, the Panix strategy angered some of the spammers, who couldn't attack it legally due to the optional nature of the filtering. For a week, Panix's servers were virtually crippled by an unknown attacker who was bombarding the machines with continuous bogus connection requests. It's not known who was attacking Panix, but some observers suspect it's someone connected with one of the "troubled" sites.

What to do?

There's little argument among Internet publishers and providers that spamming is a growing problem. If you provide Internet access to your customers, you need to have an anti-spam policy and anti-spam measures in place. Here are some suggestions:

* Terms of service agreements. Language in your terms of service agreements should make it clear that your users are not allowed to send bulk e-mail to other users of your service, or to use their accounts with you to send bulk e-mail to others on the Internet. Spell out that violation of this rule will result in termination of the customer's account.

* Learn from AOL. I think AOL made a mistake in how it handled the spam problem. In effect, it thrust itself into the role of "publisher," deciding what content is suitable to reach its customers/subscribers and not giving them a choice in the matter. This is contrary to the notion that AOL and the other commercial online services have espoused for years -- that they are merely carriers, not responsible for all the content that users place on their systems. It seems to me that AOL is on a slippery slope with its strategy of filtering out all content from specific domains. Does it want to be a publisher or a common carrier?

* Allow optional spam filtering. One person's spam is another's steak. While 99% of of your users may think that a bulk e-mailer's messages are a major annoyance, a handful may find value in them. It's important to give the consumer a choice, and in that respect Panix's strategy is dead-on. I expect to see similar optional filtering systems become available at more and more Internet providers.

* Make spam filtering the default. With an optional spam filtering system, the default should be "on." If a consumer wants to receive e-mail from a bulk e-mailer's site, he'll have to pro-actively ask for it. This makes sense simply because the vast majority of your access customers will prefer not to receive junk e-mail. Better yet, build in a check-box system at sign-up that lets users choose whether or not to filter out bulk e-mail.

* Notify the spammers. I also like Panix's approach of notifying spammers that a user is blocking mail, but it makes more sense to give the spammer the blocked address so that it can be removed from the bulk e-mailer's database. This serves to lessen the load on your server, so that the spammer isn't sending messages to addresses that just trash them (consuming processor cycles). It also sends the message to the spammers that their techniques are not effective.

Of course, filtering mechanisms have their limits, and if Panix-like filters become prevalent, spammers will respond by getting around the filters -- for example, by sending out e-mail ads from variable domain names that the filters won't recognize. Controlling spam will likely be an ongoing technology battle, with Internet providers and bulk e-mailers each creating new techniques to outwit the other.

If we've learned any lessons in the last week, it's that 1) spam is not going away, and as the Internet grows it's going to become more of a problem; and 2) the techniques we develop to deal with spam for our customers must give the customer a choice of receiving bulk e-mail or blocking it.

Cool, new stuff

Periodically, I like to point out innovative new services developed by online newspaper services. Here are a couple recent introductions:

* The San Jose Mercury News' Good Morning Silicon Valley is a brief, daily update of technology news, with four editions published at different times of the day. There's First Light at 1 a.m.; Morning at 8:30 a.m.; Tech Stocks at 2:30 p.m.; and Tech Ticker at 8 p.m. The summaries are compiled from Mercury staff and wire reports, and the service is free to anyone. (It's not behind the subscription wall that Mercury Center sets for some parts of its Web site.) This is a nice service, but I wish I could subscribe to e-mail delivery. That should be possible soon, since Knight-Ridder (the Mercury's parent) has signed on with Netscape's Inbox Direct program for delivering Web pages as e-mail. (But you'll have to use Netscape Navigator as your mail client, for now.)

* WashingtonPost.com last week launched CollegePost, a Web site devoted to students attending Washington, D.C.-area colleges and universities. The site was designed by three college students, who worked on the project over the summer, creating an online venue for college-age people who might not be attracted to WashingtonPost.com. Much of the site is "evergreen" content, pointing students to things to do in the D.C. area, reference materials, etc. A WashingtonPost.com staff member is working with stringers on each of the area campuses for news of interest to the college crowd. And the site highlights three top stories each day, plus links to the regular news sections of WashingtonPost.com. There's also a sports page for each school. Databases are important to the site, including a textbook exchange service and a match-making service. The Post appears to recognize that college students have different tastes and needs than the rest of the population, and had the resources to create a separate site. Bravo!

Steve

Previous day's column | Next day's column |Archive of columns
Presented 3 days a week by Steve Outing, Planetary News.
Made possible by Editor & Publisher magazine.
Got a tip? Let me know about it

If you have a newsworthy item about the newspaper new media business, please send me a note.

This column is written by Steve Outing exclusively for Editor & Publisher Interactive. Tips, letters and feedback can be sent to Steve at steve@planetarynews.com

The views expressed in the above column do not necessarily represent the views of the Editor & Publisher company.