Issue 11: June 2004

Previous editions

In this edition: 

Countering spam (www.itu.int/spam)
1. Countering spam: an overview 
2. Spam is also on our mobile phones
3. Digital Bridges Initiative
4. Related links

1. Countering spam: an overview

Unsolicited e-mail (colloquially known as "spam") has grown to become a problem for the majority of Internet users in the world. Although there is no "silver bullet" solution that can completely eradicate all spam, there are many solutions that can effectively reduce the amount of spam that reaches end-users. Stakeholders agree that a multi-pronged and cooperative approach to the problem is clearly necessary.

There is little mystery to the burgeoning expansion of spamming activity: if it has become such a widespread problem, it is because it is financially profitable. Recent studies indicate that a response rate as low as 1 response per 100'000 "spam" e-mails sent, allows spammers to recover their costs. This is due to the low start-up costs for spammers, and the marginal cost of sending spam, which is virtually zero (it has been estimated that it costs just 0.05 US cents to send each e-mail). Furthermore, the Internet architecture, based on Simple Mail Transfer Protocol (SMTP), is intrinsically insecure, allowing spammers to operate anonymously and to evade law enforcement. Last, but not least, in spite of widespread attempts to increase consumer awareness of the risks involved in responding to unsolicited e-mail offers over the Internet, there are still those who do respond and lose money to spammers. 

Aspects of effectively countering spam should therefore include intervention to drive up the cost of spamming and to remove the cloak of anonymity that spammers hide behind. Various legal and technical measures, along with closer collaboration and exchange between the public and private sectors, could greatly contribute to this.

Technical solutions

Technically speaking, there are three different stages in the e-mail system where measures to curb spam could be implemented: at the source, where e-mail is sent out, at the destination, where the e‑mail is received, and finally, at the end-user point (i.e. the e-mail clients themselves). At each stage, various technical solutions are possible (see Figure 1).

While these solutions can certainly help to reduce the amount of spam, alone they will not suffice to eradicate this scourge. New technologies that are deployed to block spam are part of a constant "arms-race" with spammers, who are equally rapidly deploying technologies to overcome technical blocks.

The lesson to be learnt from the spiraling "war" against spam at the technical level is that technical measures need to be combined with effective legal action. With this dual-track approach, such measures could drive up the cost of spamming until it is either "too risky" or no longer profitable for spammers.

Effective enforcement of anti-spam laws

Implementing appropriate anti-spam legislation is critical, therefore, in fighting spam. To date, there are fundamentally two main legislative approaches that have been taken. The first of these considers unsolicited commercial communications as an invasion of individual privacy, and requires that the sender either obtain the advance authorization of the recipient, or have an existing business relationship with them. The second considers unsolicited marketing messages as legitimate, as long as the recipient has the possibility of opting out (i.e. to ask not to receive messages from a given company).

To date, several countries have established their own ad hoc legislation to address spam. However, the enforcement rate is still very low, and - whichever approach is used - pursuing spammers remains too onerous in terms of cost and difficulty.

This largely because the vast majority of laws passed to date can be defined as "sentiment laws" in the sense that they convey a strong message about a community sentiment, but do not foresee adequate preventative or enforcement measures.

For this reason, many commentators agree that laws should focus on the tools prosecutors need to make anti-spam laws enforceable. Next-generation legislation, it is argued, must move beyond mere sentiment to real action. Where possible, new anti-spam laws must decrease the costs faced by prosecutors and increase the likelihood of success at trial. While legislation alone cannot completely rid the world of the problem of spam, it can make a substantial contribution.

 "Curbing Spam via Technical Measures: An overview" and "How to Craft an Effective Anti-Spam Law", background papers will be soon available at http://www.itu.int/spam, and excerpts to be presented at the meeting.

* Organized as a candidate World Summit on the Information Society (WSIS) Thematic meeting for the Tunis phase of WSIS in 2005. Designation of the thematic event will be made by the WSIS process. More information on WSIS is available at: http://www.itu.int/wsis.

2. Spam is also on our mobile phones

The problem of spam is not only affecting e-mail services, but is growing to affect other kinds of electronic communications, such as mobile messaging.

The use of messaging - from simple SMS to MMS and e-mailing - has become widespread the world over, and the convergence of mobile with Internet- and IP-based technologies (such as third-generation mobile services and the wireless Internet) is raising a host of possibilities for innovative applications and new modes of interaction.

These developments have important implications as regards the growth of spam. As the third generation of wireless networks emerges, location-based advertising directed to mobiles will also grow, raising privacy concerns, affecting reliability of services and their future development. A number of mobile operators consider that mobile spam will never extend to the same level as PC-based e-mail spam, as mobile technologies - in contrast to the Internet - were not conceived as an open network, and costs are precisely allocated.

These specificities of mobile certainly help to diminish the major motives for spammers (the low cost of sending thousands of e-mails and the anonymity of the spammer, ensured in the case of standard e-mails by the difficulty of tracing senders). However, two other factors have to be borne in mind where the risks for mobile are concerned. First, in several countries, the receiving party pays for messages sent over a mobile; second, the growing interaction between Internet and mobile technologies is bringing problems that were hitherto limited to the Internet.

In Japan, where the "receiving party pays" system is used, it has been estimated that some 90 per cent of spam is sent to mobile phones, consisting largely of advertisements for dating websites. NTT DoCoMo, a major mobile operator in Japan, has experienced significant problems owing to the fact that mobile messaging was established with an open e-mail approach. The company is currently studying solutions to help its customers, providing tools and filters to block unsolicited incoming messages, as well as giving warnings to users about dissemination of their addresses. They have even gone as far as providing compensatory free messages, to cover unwanted messages received in an effort to maintain customer satisfaction with their services. Japanese legislators have addressed this issue and specific measures are foreseen for unsolicited messages sent to mobile devices.

Problems with mobile spam have also been encountered in the United States, where in many cases the receiver pays for SMS, and open e-mail to SMS gateways still exist. During a recent conference on Messaging Anti-Abuse, held in London in June 2004, it was reported the US operator "Sprint" has to block up to three million messages a day - a figure which may keep growing and which should certainly alert others to the potential problems ahead.

Many direct marketers now consider that advertising directed to mobile devices may be even more effective and successful than e-mail marketing. Aware of the danger of mobile spam, some marketing associations are developing codes of conduct, and hope that the fear of spam will not hamper the potential of m-marketing and m-commerce.

Generally, consumers appear to be more sensitive to mobile spam because mobile devices are more personal, and closer to the user. Mobile spam is considered as a greater invasion of privacy, and its effect can be even more disruptive than computer spamming. For this reason, operators are hesitant to launch services with increased interactivity with the Internet; for fear that they may bring more spam to mobiles. Mobile operators are, however, also active in trying to address spam, for example by adopting self-regulation to try to coordinate their actions and face the problem in a timely and effective manner. Yet, ironically most mobile users have experienced messages from operators welcoming them to a new network when they take their mobile phones abroad; typically with solicitations to use tourist-directed services. To address the above-mentioned concerns, and so as not to be outpaced by the rapid evolution of services, legislation should be conceived to be "technology neutral" and flexible enough to cover new kinds of electronic communications.

The need for flexibility and coordination is obvious when one considers that the content of mobile spam can vary, and the definition of what it is - or it is not - has still to be established. Deciding what constitutes legitimate, and what illegitimate messaging is no mean feat, when one considers the range of content that has appeared to date (content that is perhaps only the tip of the unsolicited messaging iceberg). While advertisements for dating websites account for a large proportion of unsolicited messages in Japan (around 80 per cent), messages from operators advertising promotions and game prices are common in a number of European countries. Italian mobile-owners even recently received a message from the Presidency of the Ministry reminding them to vote for European elections. Finally, the risk of becoming a victim of mobile spam is perhaps higher than one may assume: the gathering of mobile phone numbers is already under way by spammers. For example, websites offering ring tones and logo downloads have already become the target of mobile phone number harvesting. Again, privacy is the primary concern here, but the negative impact of a drop in efficiency and reliability of messaging services - whose success is founded on their simplicity and moderate costs - is also a major issue and now threatened by spam.  

The background paper "Spam: A threat to the Information Society" will soon be available online at: http://www.itu.int/spam.

3. New Digital Bridges Initiative

ITU and the Korean MIC sign a Memorandum of Understanding

Broadband is flourishing in many economies, especially in East Asia. The Republic of Korea's high-speed broadband penetration is nearing 80 per cent of households and connection speeds have reached 40 Mbit/s (roughly 700 times faster than a dial-up connection).  However, most people in the developing world still have no access to even simple dial-up Internet access. This vast inequality in access to information is creating an information digital divide that threatens to slow the formation of a truly global, inclusive information society.

The International Telecommunication Union (ITU) and the Ministry of Information and Communication of the Republic of Korea (MIC) have come together to form a new partnership aimed at helping achieve the internationally agreed goals of WSIS on bridging the digital divide. This new and ongoing project will be called the Digital Bridges Initiative and will provide new tools necessary to measure the digital divide as well as policy and technical expertise to help close the measured gaps. In addition it will provide a financial contribution to promoting the success of WSIS. 

The main outputs of this venture will be as follows:

·         Creation of a worldwide, authoritative, digital opportunity index;

·         A new series of workshops, case studies, and official publications focusing on technologies, policies, and best practices for bridging the digital divide;

·         Analysis of appropriate technologies aimed at narrowing the digital gap between developed and developing countries;

·         A financial contribution to WSIS.

By working together and combining expertise and resources, ITU and MIC are endeavoring to pursue a world where all can participate in, and benefit from, the information society.

Further information on the initiative will shortly become available at: http://www.itu.int/digitalbridges.

4. Related Links

For a list of the authorities which deal with spam in different countries, together with relevant legislation, please visit the new ITU website on "World authorities and laws regarding spam" (updated regularly).
ITU Activities on Countering Spam
ITU WSIS Thematic Meeting on Countering Spam
Draft Agenda for ITU WSIS Thematic Meeting on Countering Spam
ITU Newslog on Spam