From: <Saved by Microsoft Internet Explorer 5>
Subject: washingtonpost.com: Making Spam Go Splat
Date: Thu, 13 Jun 2002 11:40:47 +0800
MIME-Version: 1.0
Content-Type: text/html;
	charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
Content-Location: http://www.washingtonpost.com/ac2/wp-dyn/A15849-2002Jun8?language=printer
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>washingtonpost.com: Making Spam Go Splat</TITLE>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dwindows-1252">
<SCRIPT language=3DJavaScript>=0A=
<!--=0A=
var axel =3D Math.random() + "";=0A=
var ord =3D axel * 1000000000000000000;=0A=
//-->=0A=
</SCRIPT>

<META content=3D"MSHTML 6.00.2716.2200" name=3DGENERATOR></HEAD>
<BODY><FONT face=3Dhelvetica,arial color=3D#000000 =
size=3D-1><B>washingtonpost<FONT=20
color=3D#cc0000>.com</FONT></B> </FONT>
<P><FONT size=3D+2><B>Making Spam Go Splat</B></FONT> <BR>Sick of =
Unsolicited=20
E-Mail, Businesses Are Fighting Back=20
<P><FONT size=3D-1>By Caroline E. Mayer and Ariana Eunjung =
Cha<BR>Washington Post=20
Staff Writers<BR>Sunday, June 9, 2002; Page H01 </FONT>
<P>
<P>The e-mail with the titillating subject line -- "funny sexy =
screensaver" --=20
arrived one recent afternoon in the computers of at least 100 =
politicians and=20
businessmen. It claimed to be from R. James Woolsey, former director of =
the=20
Central Intelligence Agency.</P>
<P>But Woolsey didn't send it. It was generated by a "spam" virus, the =
kind that=20
hijacks someone's online account and sends out messages in the owner's =
name. "It=20
was like a small version of identity theft," Woolsey, now a partner with =

Washington law firm Shea &amp; Gardner, said in an interview.</P>
<P>All e-mail users know about spam. It's those unsolicited commercial =
messages=20
that arrive in your e-mail inbox. Spam has become so ubiquitous that it =
has also=20
become a verb, as in "spamming" someone, or inundating a person with =
unwanted=20
e-mail. And millions of e-mail users have been caught by this latest =
spam twist.=20
They've either had their online identity stolen and used to send =
messages, or=20
they themselves have mistakenly opened messages that seemed to come from =
people=20
they knew -- but turned out to be from, say, a sex hotline.</P>
<P>Electronic mailboxes were already being flooded with a growing number =
of=20
electronic offers of weight-loss pills, sexual aids, travel coupons,=20
low-interest mortgages and other solicitations. Now these fraudulent =
messages=20
only add more time -- and aggravation -- to e-mail reading, prompting =
many=20
consumers to reconsider their reliance on e-mail. "People will tell you =
e-mail=20
has become the biggest burden in their online lives. There's a real =
frustration=20
level there," said Jeffrey I. Cole, a professor at the University of =
California=20
at Los Angeles who oversees a long-term study looking at the effects of =
the=20
Internet on society.</P>
<P>Like many of those caught by this latest abuse, Woolsey blames spam =
for=20
turning what used to be an enjoyable task -- reading his e-mail -- into =
a=20
dreaded chore. "You can no longer believe" what you read, said Woolsey, =
who now=20
scrutinizes every piece of mail with suspicion, much the way Americans=20
approached mail delivered by the Postal Service after the anthrax =
attacks last=20
fall. </P>
<P>Some computer users, like Indianapolis surgeon Olaf Johansen, have =
abandoned=20
e-mail entirely. "You get a lot of things on e-mail that you don't need, =
and I=20
find I'm more productive without it," he said.</P>
<P>To avoid offensive mail, many users are simply deleting large batches =
of=20
messages with a single stroke without reading them, even though mail =
they want=20
could also be lost.</P>
<P>In a desperate attempt to control the flood of spam coming through =
their=20
systems, more than a few corporate computer administrators have blocked =
e-mail=20
from outside the United States, since much bounced spam seems to be from =
foreign=20
computers. That limits the spam, but it also limits the Internet's =
potential as=20
a global communications medium.</P>
<P>Brightmail Inc. is one of the nation's largest anti-spam firms, =
hunting for=20
the unsolicited and the unwanted through a network of decoy e-mail =
accounts=20
designed to attract spam. The San Francisco company's researchers surf =
the Web=20
using those e-mail addresses; they browse Web sites, read newsgroups, =
sign up=20
for newsletters and do other things a regular user might do.</P>
<P>The result is that Brightmail has detected a 600 percent increase in =
spam. In=20
April 2001, the network counted a little under 700,000 spam "attacks," =
in which=20
hundreds of versions of a message are sent to e-mail accounts around the =
world=20
in one shot. This past April, Brightmail counted 4.3 million such =
attacks.</P>
<P>"Spam is outpacing the growth of e-mail," said Enrique Salem, =
president of=20
Brightmail, whose filters are used by Internet service providers to =
block=20
millions of unsolicited messages daily.</P>
<P>It's not just the number of unsolicited messages that is causing =
alarm, but=20
also their content. "What most people are noticing is its aggressive =
nature --=20
it's more adult-themed," with people constantly "trying to sell you =
something,"=20
said America Online spokesman Nicholas Graham.</P>
<P>And often it's hard to tell -- even after you open the message -- =
whether the=20
sales pitches are from legitimate firms or individuals, or from =
questionable=20
operations made to look like well-known firms or people the recipient =
knows, as=20
in Woolsey's case.</P>
<H1>Filtering the Filth</H1>
<P>One popular way of dealing with the problem is to set up a filter or =
create a=20
mailbox that accepts mail only from predesignated addresses. At =
Hotmail.com, for=20
instance, about 16 percent of customers have selected "exclusive" =
mailboxes that=20
accept mail only from people in each user's electronic address book, but =
even=20
this approach wouldn't necessarily protect consumers from fraudulent =
messages=20
sent from a friend's address.</P>
<P>A step beyond that is to sign up for an Internet service that forces =
an=20
unknown e-mail sender to go through "handshake verification," a two-step =

challenge/response process based on the premise that a spamming program =
will not=20
follow through. MailCircuit.com offers free e-mail accounts using this=20
technology, and for $10 a year provides a fuller service. MailCircuit =
used to=20
get one or two new customers per week; now it's averaging 30 to 40 a =
day,=20
according to a spokesman.</P>
<P>Still other consumers are signing up for disposable e-mail addresses =
that can=20
be turned off when spam becomes overwhelming. Customers of Spamex.com =
can pay=20
$10 a year to obtain access to 500 active disposable addresses. You can =
use=20
several at a time, close them if they become inundated with spam and hop =
to a=20
new address. The 16-month-old service, which hasn't advertised itself, =
says=20
registrations have increased tenfold in the past three months.</P>
<P>At Rockville start-up Panacea Pharmaceuticals Inc., Chief Operating =
Officer=20
Kasra Ghanbari takes charge of most of the firm's e-mail. Each morning =
he goes=20
through the 100 to 120 messages that arrived the previous night, and he=20
separates legitimate business queries from spam, forwarding the "real" =
e-mails=20
to the appropriate people.</P>
<P>As for the spam messages, "some of them are creative, and those I =
don't mind=20
as much," he said. "But then there are the nasty ones -- the ones that =
are=20
image-heavy or pop up windows all over your computer screen just because =
you=20
opened it."</P>
<P>Ghanbari tackles e-mail head-on, but some people take a different =
approach.=20
Eric Brynjolfsson, co-director of the Center for eBusiness at MIT, said =
he knows=20
of several top executives at high-tech companies who have their =
secretaries sort=20
their e-mail. "They're names you'd recognize," he said. "They don't want =
to deal=20
with it."</P>
<P>These defensive measures may spell trouble for reputable Internet =
retailers,=20
electronic publishers and other companies that rely on e-mail for =
conducting=20
business. Not only do these firms find that they, too, are inundated =
with=20
unwanted mail -- one electronic publisher said he recently received 172 =
e-mails=20
overnight, and all but three were "junk" -- but they also have found =
themselves=20
wrongly accused of generating spam.</P>
<P>Special filters set up by Internet service providers such as Yahoo =
and=20
Hotmail, for example, can detect bulk e-mailings. What the filters =
cannot do is=20
tell whether the e-mails are junk messages or a bulk delivery of, say, =
this=20
week's online newsletter requested, and maybe even paid for, by its =
readers.=20
Many of these are rerouted to users' special "junk mail" folders, where =
they=20
then may be overlooked by the account-holders.</P>
<P>Even more drastic, sometimes these messages are completely blocked by =
an ISP=20
and never arrive in the intended inbox. Under normal circumstances, that =
could=20
be a good thing. But last December, Dulles-based America Online, the =
world's=20
largest online service, bounced back early-admission notices from =
Harvard=20
University that the filter had deemed "junk."</P>
<P>Naoki Yamamoto, who runs a company that uses a Web server in Silicon =
Valley,=20
experienced a similar problem. She was recently awakened in the middle =
of the=20
night by a client in Japan who was furious about not being able to send =
some=20
page proofs to her. It turned out that all Asian e-mail was being =
rejected by=20
the company hosting Yamamoto's Web site because of a flood of spam from =
the=20
region. It took 10 hours to get Yamamoto's account back online.</P>
<P>"It was like getting a death sentence without a trial," said =
Yamamoto, most=20
of whose business comes from Asia.</P>
<P>In Woolsey's case, the spam filters did an even more disturbing =
thing. A=20
number of his associates reported that the fraudulent message that bore =
his name=20
got through their filters -- but then the filters blocked the warning =
message=20
Woolsey subsequently sent out because it had the word "porn" in it. "It =
was=20
truly ironic," Woolsey said.</P>
<P>Even legitimate commercial messages are increasingly lost in the =
crowd --=20
prompting response rates to drop dramatically. People who send =
newsletters by=20
e-mail, for example, say mailings that used to generate 10 responses now =
garner=20
only one or two.</P>
<P>"The problem is spammers are using a lot of the same terminology as=20
legitimate firms: 'You stopped at our Web site,' 'You signed up for our=20
newsletter,' 'Here's the information you requested.' So all the e-mail =
sounds=20
alike and consumers don't know who's telling the truth and who's not," =
said Paul=20
Myers, editor of TalkBiz.com, an e-newsletter on small business with =
41,000=20
subscribers. "Consumers get so disgusted they just start deleting =
everything=20
that's not from Mom or their close friends."</P>
<P>Myers said he has been able to survive the spam epidemic by carefully =

crafting a newsletter that can be distinguished from other incoming =
mail. But,=20
he added, he knows of dozens of small publishers who have had to shut =
down. In=20
fact, he recently purchased two firms -- each had more than 25,000 =
subscribers=20
-- at a "fire-sale price" because their revenue couldn't keep up with =
the cost=20
of maintaining their e-mail lists.</P>
<P>The pitfalls of spam are haunting even traditional firms that have =
turned to=20
e-mail as a marketing tool. Last month, Consumer Reports used an =
independent=20
firm to send out electronic promotions. The e-mail was supposed to go to =

Consumer Reports online subscribers, but it went to others as well. "We =
were=20
looking for ways to drum up business, and e-mail is less costly than =
traditional=20
mail," explained spokeswoman Linda Wagner. But within a few days, the =
magazine=20
received a handful of "Is this really you?" queries.</P>
<P>"When you try new things you learn about things you didn't =
anticipate,"=20
Wagner said.</P>
<P>Still, Amazon.com and shoe manufacturer Steve Madden, which send out =
what=20
Madden calls "e-mail blasts" to customers who sign up for them, say the =
spam=20
glut hasn't lowered the effectiveness of their campaigns. Amazon =
spokeswoman=20
Patty Smith says she is still optimistic about e-mail marketing.</P>
<P>"We can be much more targeted" with e-mail than with other types of=20
advertising, she said. Still, the company recently announced that it =
would begin=20
supplementing its marketing strategy with television ads.</P>
<P>The low cost of e-mail is one of the biggest reasons for the rapid =
rise of=20
spam. "It's practically free," only a fraction of a cent -- far less =
than=20
direct-mail promotions sent through the post office, said Brightmail's =
Salem.=20
The sluggish economy may have also spurred some of spam's rapid growth =
because=20
traditionally, that's when get-rich-quick deals and cure-your-credit =
programs=20
proliferate.</P>
<P>But technology is probably the chief culprit. New software programs =
can scan=20
the World Wide Web's vast expanse and extract e-mail addresses from =
employee=20
directories, sports team rosters and other lists. They also can create =
lists of=20
possible e-mail addresses by automatically adding @yahoo.com, @msn.com =
or=20
@aol.com to every word in a dictionary, so someone who never purchased =
anything=20
online might still receive unwanted messages.</P>
<P>"Spammers are getting cagier and wilier and they're hitting =
everyone," said=20
Steve Dougherty, director of systems-vendor management for EarthLink =
Network,=20
one of the nation's largest Internet service providers. A year ago, =
about 15=20
percent to 20 percent of the e-mail that managed to get through =
EarthLink's=20
sophisticated filter was considered spam. Today, "we're seeing 20 to 30 =
percent=20
getting through."</P>
<P>Individuals are expected to receive, on average, 1,800 pieces of =
unsolicited=20
e-mail this year, according to Jupiter Media Metrix Inc., an Internet =
research=20
firm. By 2006, Jupiter expects that number to grow to more than 3,800. =
</P>
<H1>The Law Clicks In</H1>
<P>Some lawmakers are trying to curb spam. About two dozen states have =
enacted=20
laws to control it; many place restrictions only on misrepresentation in =

e-mails, but a few go so far as to require companies to have toll-free =
numbers=20
and e-mail addresses where consumers can complain and ask to be taken =
off=20
marketing lists.</P>
<P>In Virginia, it is illegal to send unsolicited bulk e-mail containing =

falsified routing information, such as using others' domain name without =
their=20
permission or including a false or misleading subject line in the =
address.=20
Violators risk fines of $10 for each piece of unsolicited bulk mail, or =
$25,000=20
a day. In Maryland, a similar law goes into effect in October, and =
violators may=20
be liable for damages of at least $500. The District has no law =
regarding=20
spam.</P>
<P>Congress is considering legislation to restrict spam, but so far the =
idea has=20
made little headway. But even if a national anti-spam law were enacted, =
Internet=20
experts are skeptical that it would reduce spam, and it certainly =
wouldn't=20
eliminate it. "The way the spamming world works, they'll just go =
offshore" to=20
escape U.S. oversight, said Brightmail's Salem.</P>
<P>Law enforcement officials are also targeting spam, with federal and =
state=20
officers filing a number of suits against fraudulent sites and =
large-scale=20
e-mail marketers.</P>
<P>Brynjolfsson of MIT likens spam to an arms race. "Companies come up =
with=20
measures and countermeasures to identify and filter out spammers, and =
the=20
spammers always think of new ways to get around them. . . . As far as I =
can=20
tell, this will only get worse -- to the point that [electronic] =
communications=20
will be almost zero."</P>
<P>Said Ray Ozzie, the creator of Lotus Notes, one of the nation's =
largest=20
e-mail systems: "E-mail is more or less a victim of its own =
success."</P>
<P><EM>Staff researcher Richard Drezen contributed to this =
report.</EM></P>
<P></P>
<P>
<CENTER>=A9 2002 The Washington Post Company </CENTER>
<P></P></BODY></HTML>