Oct. 16, 2001
Executive Summary: Any measure for stopping spam must ensure that all non-spam messages reach their intended recipients.
For the past several years, the Electronic Frontier Foundation (EFF) has watched with great interest the debate regarding what to do about unsolicited bulk email from strangers, or spam. We have been asked to lend our support to bills that have been introduced in Congress, and we have been approached in various other ways to help lead the fight against this annoying intrusion into people's email mailboxes.
While members of the EFF staff and board find this unsolicited email to be as annoying as everyone else, we believe that the two most popular strategies for combatting it so far--legislation and anti-spam blacklists--have failed in their fundamental design. Anti-spam bills have been badly written, are unconstitutionally overbroad, and frequently wander into areas where legislators have no expertise, such as the establishment of Internet standards. And anti-spam blacklists, such as the MAPS RBL (Mail Abuse Prevention System Realtime Blackhole List, the most popular), result in a large number of Internet service providers (ISPs) surreptitiously blocking large amounts of non-spam from innocent people. This is because they block all email from entire IP address blocks--even from entire nations. This is done with no notice to the users, who do not even know that their mail is not being delivered.
The focus of efforts to stop spam should include protecting end users and should not only consider stopping spammers at all costs. Specifically, any measure for stopping spam must ensure that all non-spam messages reach their intended recipients. Proposed solutions that do not fulfill these minimal goals are themselves a form of Internet abuse and are a direct assault on the health, growth, openness and liberty of the Internet.
Email is protected speech. There is a fundamental free speech right to be able to send and receive messages, regardless of medium. Unless that right is being abused by a particular individual, that individual must not be restricted. It is unacceptable, then, for anti-spam policies to limit legitimate rights to send or receive email. To the extent that an anti-spam proposal, whether legal or technical, results in such casualties, that proposal is unacceptable.
The legislative proposals that have dominated the anti-spam policy debate for the last several years have failed, and rightly so. The several existing state laws against spam are of questionable constitutionality, too hard to enforce even if they should be enforced, and have done nothing to stem the tide of spam. National legislation will not solve the problem either, while creating a morass of unintended consequences.
Serious problems with the anti-spam legislation we have seen to date include:
But poorly-focused legislation is not the only failing proposal here. Many groups of often well-meaning people have worked on ways to avoid the various annoyances and problems caused by unsolicited bulk email. Anti-spam blacklisting groups, such as MAPS and ORBs, put heavy pressure on ISPs to conform to a set of restrictive anti-spam policies and to virally pressure other ISPs to adopt the same policies. It is estimated that over 50% of US-based ISPs and up to one third of global ISPs already participate in the blacklisting.
But blacklisting is interfering with the delivery of a significant amount of non-spam email. Systems administrators who will not adopt the suggested anti-spam policies find themselves unable to deliver their non-spamming users' mail to recipients who are on systems that participate in blacklisting. This blocking is being done at too high a cost. Ultimately, civil rights and the ability of non-spammers to communicate cannot be sacrificed to serve the goal of blocking unsolicited bulk email.
The search for a nonexistent, and ultimately impossible, legislative or ISP-level blacklist "magic bullet" solution has actually distracted the Internet community for the last five years from the real solution: better voluntary user-end filtering and/or voluntary, informed and flexible ISP-level filtering. Only an end user-controlled solution will uphold the rights of the end users while serving to deter spam by removing most of the audience and making it unprofitable to continue junk emailing.
Until we include the free speech rights of all end-users instead of trying to stop a few wrongdoers at the cost of innocent users, any solution for dealing with spam will be fundamentally flawed. End users, known as "customers" to ISPs, should demand that none of their wanted email be censored in attempts to filter out unwanted messages. In addition, Netizens should express their dismay at spam by boycotting products advertised with spam.
On a larger scale, EFF supports combatting spam by providing end-users with adequate tools to filter unwanted messages on the receiving end. We also support the development of more robust and subtle technology for this purpose. Brightmail, for example, has created a system that does a good, if still imperfect, job. Others that attempt to do this are listed at http://spam.abuse.net/tools/mailblock.html. From a technical standpoint, we would like to see the development of better filtration software on servers, something that could work interactively with the mail recipient in defining what he or she regards as spam using pattern recognition. That is, every time somebody gets a message of a sort he or she does not want, s/he could send it to the filter, thereby making that filter smarter over time, as well as giving it the ability to "learn" as spam techniques develop.
The rights of users to send and receive email must not be compromised for quick and dirty ways to limit unsolicited bulk email. Neither misguided and ignorant legislation, nor collusive, high pressure protection schemes, have a legitimate function or place in our online future. The Constitution, and the promise of a free, open Internet that exists for and is controlled by its participants, requires us to do better.