Internet Buzz with Richard Wiggins | 19

I'm not a lawyer, so take this with a grain of salt. Courts have generally supported ISPs, and, to my knowledge, have always supported ISPs when immediate termination was written into the contract. If your contract requires that you give the customer 30 days notice, it's likely that the courts will require that notice, though you may be able to obtain an injunction against the spammer.

ISPs should draft AUPs that explicitly lay out what is unacceptable in the way of spam, and outline the sanctions available to the ISP. The user should be required to explicitly agree to the AUP before receiving service.

Will technical solutions to spam, such as smarter mailers and mailing list processors that detect and suppress spam, ever be effective?

My mail server rejects a large amount of spam based on a number of common tactics: refusing to accept mail from domains that don't resolve, refusing to accept mail from domains listed in the Realtime Blackhole List, refusing to accept mail with malformed headers, refusing to accept mail from known spammers, etc. This didn't require a lot of work, and represents a pretty open policy (some folks disallow mail from anybody who's not a known good guy, rather than allowing mail from anybody who's not a known bad guy).

Do I still get spam? Sure. About 10% still gets through. But that 10% tends to be very easily traceable.

The situation's somewhat easier on USENET, where spam is defined by a quantifiable measure of the number of times an article is posted or crossposted. But even so, spammers try to vary each article slightly so it won't get counted with the others, and despammers have had some success with programs that figure out when two articles are only slightly different.

In short, I think that technical solutions are already effective, but I think you're asking if they'll ever be perfect. Probably not -- there will always be spammers who can find a way around a given technical solution. But it's much more difficult to find a way around a diverse collection of anti-spam tactics. And saving me from 90% of the spam I'd get is a good start!

What unique perspective does your book bring to the problem of spam?

One thing we do is try to provide some insight into why spammers spam, and anti-spam tactics that work at a variety of levels. For example, we've got technical solutions that are suitable for PPP users, users with shell accounts, system administrators, and ISPs, but we also discuss community-level solutions that go beyond individual action, including legal and political approaches to stopping spam.

Any other thoughts about the pernicious effects of spam?

We haven't really discussed one of the more insidious uses of spam, and one that we think is on the rise -- reputation attacks. By forging spam to appear to be from someone else, you can get that person into a lot of trouble. For example, someone might spam an ad for our book in an attempt to make us look bad. Another recent twist on this is falsely telling someone's ISP that they've been spamming in an attempt to have their account terminated. There are technical aids to stop spam, but spam itself represents a social problem that needs to be taken seriously.

Alan Schwartz is an Assistant Professor of Clinical Decision Making at the University of Illinois at Chicago