June 2004

Summer of Spam

It's now been eight months since the UK introduced anti-spam legislation as a response to the EU Directive on the subject. In the US, it's been six months since the introduction of the CAN-SPAM Act.

Has legislation had the desired effect? Are we any nearer to solving the problem of spam? Are we to believe the warnings of the doom-merchants that we're headed for email Armageddon, or should we all just keep calm and carry on?

Confusing definitions

With legislation comes the need for definitions. Anti-spam body Spamhaus Spamhaus defines spam as any email which is both unsolicited and bulk. The reality, as faced by email marketers every day, is that recipients have their own, personal definitions of what constitutes spam.

UK legislation is designed to protect personal email addresses only - businesses just have to put up with it. According to Spamhaus, established spammers are now moving to the UK to take advantage of the fact that they can spam business addresses quite legitimately. There's a question mark over this though, since sole traders and partnerships are apparently regarded as personal addresses according to the DTI. This definition in effect compromises many B2B lists.

ISPs have their own, usually proprietary ways of identifying spam, as do the manufacturers of anti-spam filtering software. So now we have the growing numbers of 'false positives' to contend with (when legitimate, opt-in bulk email is blocked without the would-be recipient even knowing of it.)

The business of filtering

Unfortunately, filtering has no effect on the level of spam being sent. A recent report on spam in the US revealed that spam-filtering solutions are doing little to control the onslaught, reducing spam levels by only 26% on average.

Since spammers are at least as tenacious as the ISPs, and with access to the same level of technical prowess, all we see is the nature of the spam messages and subject lines changing as they continue to find ways of getting past filtering algorithms.

Tackling spam at source is something that Microsoft is working on as part of Bill Gates' promise to clear up spam within 2 years (well, 19 months now actually). International activity to find 'the solution' to spam is intense. The anti-spam industry is booming and cynics might even say that there are now too many vested interests to make finding a solution ever likely.

Just hit 'delete'

While industry pundits describe the spam problem as chronic, and we are assaulted daily by stories of lost productivity and the pending meltdown of the internet, not everyone, it seems, is worrying.

A recent survey found that only 1 in 10 UK businesses see spam as a serious problem. Apparently, it's common practice for small businesses in particular to rely on the common sense of individuals when deciding what to open and what to delete. With spam techniques constantly changing, is that enough?

When questioned about the usefulness of the EU Directive, Stephen Timms admitted that the new laws would do little to combat international spam, and suggested that alongside legislation, education played an important role.

Witnessing this year's plague of auto-generated virus emails, he certainly has a point. More training for individual users on how to recognise spam without opening it wouldn't go amiss. As infected machines continue to churn out these virus emails without the sender's knowledge, this kind of attack has been shown to be very effective in causing visible havoc to computer systems via the internet.

Are we nearly there yet?

UK legislation is living up to the predictions of many in that it has had no obvious effect on the vast majority of pernicious spam. On the plus side, compliance is at the very least a badge of respectability, and at best a tool to allow best practice email marketers to clean up their lists and improve the ROI of their campaigns.

While governments and ISPs battle it out with the spam-gangs to tackle spam at source, we must also hope that education and awareness among users of email will improve. The DTI has said that it doesn't foresee any anti-spam convictions this year, and it won't consider any changes to the Privacy and Electronic Communications legislation until the current rules have 'bedded down'. If Armageddon is on its way, let's just hope they're not caught napping.