Time to Get Tough on SpammersTime to Get Tough on Spammers

Have you taken a look at your spam folder lately? If so, you will find that about 90% of the e-mail making its way to your network is spam. That number is hard to fathom. Can you think of any other industry where such ineptitude would be accepted? I can’t.

But somehow through the years, the computer industry has become immune to criticism about the problem. Even with the ridiculous numbers, there is no outrage from consumers, no members of Congress calling for special hearings, no news reports focusing on the problem. It seems like a minor inconvenience. Since most of the important items that users transmit eventually get through, there seems to be no need to try and to fix the problem. Maybe it is because I am an AOL user and many of my messages wind up blocked by spam filters, but I think the time has come to do something about this problem.

One reason is because it's getting worse. Companies such as Postini that monitor spam volumes say the numbers rose dramatically last year. This occurred after a brief run where it looked like vendors were making headway in their battle to ward off junk mail. In 2004, Microsoft chairman Bill Gates even went so far as to proclaim, "Two years from now, spam will be solved." Given his track record, I suppose an incorrect prediction or two will not hurt his credibility.

Gates, as well as executives at security companies, were buoyed by the success of technologies such as spam filters. What they did not seem to anticipate was a change in the profile of the typical spammer. The individuals creating problems today are not the stereotypical pimply-faced, anti-social, geeky teen. In many cases, mob bosses in organized-crime rings have become the world’s top spammers. Rather than keep getting their hands dirty, they recognized that Internet crimes are simpler to commit, carry a lighter sentence, and are often more lucrative than traditional crimes.

Instead of launching a virus that will spread around the world, they use spam to grab an individual’s personal data, such as a credit card number, a Social Security number, or a bank account number, and then roll up astronomical charges on these accounts.

The crooks have even gone Wall Street. They buy a stock, send out a bevy of messages portraying it as hot, watch as unsuspecting users buy the stock and drive the price up, and then dump it. A stock may rise 50% or even 100% in a few days before they dump it and cash out.

There has been a perception that the spam problem is so widespread that solutions are not possible. That is not the case.

Spamhaus, a nonprofit organization that works with law enforcement agencies to stop spam, found that the top 10 of the world’s top spammers account for 80% of the Internet’s bogus traffic -- obviously, these folks are quite busy. The organization has even gone so far at to publish the names and, in many cases, the pictures of the perpetrators.

So, the solution to the problem seems simple: Let’s go find and catch the bad guys. Law enforcement has made progress on this front. In May, the U.S. government arrested Robert Alan Soloway, one of Spamhaus’ top 10 offenders.

While the arrest was a noteworthy event, a few additional changes need to take place so more of these criminals are behind bars rather than in front of computers. A number of ad hoc organizations such as the Anti-Phishing Working Group, the Messaging Anti-Abuse Working Group, London Action Plan, and the National Cyber-Forensics & Training Alliance have been formed to address different spam issues.

Are they all really needed? Do vendors have to form another ad hoc organization each time a new threat arises? If the resources for the different groups were centralized, wouldn’t it be easier to track down the crooks?

Law enforcement agencies are like other organizations: They respond to pressure. It's time for users and vendors to recognize that the role of spam has changed and start pressuring law enforcement to track the crooks and put them behind bars. Spam has gone from a nuisance to the IT industry’s most significant drain on corporate productivity. Crooked schemes such as identity theft do more than annoy individuals; they ruin their lives. Users and the IT industry need to push law enforcement to get rid of spam and the spamming thugs who send it as soon as possible.

Paul Korzeniowski has been writing about networking issues for two decades. His work has appeared in Business 2.0, Entrepreneur, Investors Business Daily, Newsweek, and information. He is based in Sudbury, Mass.