Making Spammers Pay

Jon Larimore, president of Washington, D.C., metro Internet service provider ZZAPP!, faces the same problem as every provider around the world — allowing access to legitimate mass-marketed e-mail for his customers.

“Our problem is that in our attempts to comply with our subscribers’ firm desire for spam-free mailboxes, however selective the spam blocking system being used, it will tend to occasionally block advertising which is not spam,” he said. “From a purely pragmatic standpoint, and because we’re fulfilling our subscribers’ wishes, it really doesn’t matter much to us whether the occasional valid advertisement a subscriber actually wants to see fails to reach them.”

Larimore uses a combination of seven DNS-base black lists as well has his own list of in-house IP blocks to keep known spammers from peppering his server with millions of junk messages. His customers have repeatedly said they’d rather miss the occasional legitimate message than find spam in their inboxes.

One e-mail gateway company has come up with a novel approach to separate spam –those unwanted e-mails pitching everything from get-rich-quick schemes to porn — from legitimate mass-marketed e-mails — by making them pay.

IronPort has come up with the Bonded Server program, a “white” list for Internet service providers (ISPs), carriers and Web e-mail hosts to institute while turning up their spam filters to weed out the chaff from the wheat, so to speak.

There are three ways a server can block out unwanted e-mails: a black list, a white list and/or a filtering program. A black list is a list of IP addresses that are barred from sending e-mails on to the customer; the white list does the opposite, it allows only certain IP addresses from passing through the server. A filtering program, like those developed by companies like SendMail and Postini, blocks e-mails by keyword, volume or any number of controls.

The problem with black lists is that they sometime net legitimate e-mailers. For example, if a Web host allows one of its customers to send out a million spams, many real-time black hole lists (RBLs) will put the entire IP block used by that domain on the black list, shutting out that Web host’s other customers.

Filtering programs, on the other hand, present their own set of problems. They are very effective at stopping spam at the server — sometimes too effective. E-mail marketers that blast out a million messages to their customers could trigger the volume filter, putting that e-mail into the “bulk” e-mail folder with the spam.

Called “false positives,” these legitimate e-mails likely won’t see the light of day, or get read by users who just routinely dump their bulk folder without reading any of the messages therein. Because of the outside chance one of these false positives may be a critical piece of information or a legitimate mass-market e-mail, many companies either don’t put in a filter at all, or keep the settings low enough on the filters to make sure they don’t miss important e-mail.

The bonded server program, according to IronPort CEO Scott Weiss, resembles a white list, in that companies that send out e-mail blasts through them are accepted as legitimate e-mailers.

The incentive for marketers to join this list is the fact that ISPs and other hosts are now free to crank up their filtering programs, and when that happens most mass e-mails, as well as the spam, will be sent right to the bulk folder.

The caveat to that, of course, is that marketers agree to play by the rules of the game; if they don’t, they pay. Weiss said his company is still working out the details as far as pricing, but expects it will correspond with the size of the e-mail blasts the marketer sends out.

A moron test for spammers

The trick, Weiss said, is finding a pricing point that makes it painful enough for marketers to abide by the program, without making them put up too much cash up front. Regardless of the price, though, he doesn’t expect to assess much in the way of fines.

“It’s a bit of a moron test for spammers,” Weiss said. “If there’s any money changing hands, its people testing the system because if you’re a legitimate marketer there’s no way you would sign up just to lose money and send out mail.”

Weiss said proceeds gained from these fines will be donated to non-profit, anti-spam organizations like TRUSTe.

Dave Steer, a TRUSTe spokesperson, said the IronPort approach is similar to one of their own programs, the Trusted Sender, which separates legitimate e-mail from spam and welcomes other ideas.

“We have also been looking for other ways, including ongoing discussions with IronPort, to expand privacy protection across the network in the context of the Trusted Sender program,” he said.

The success of the bonded server program relies heavily on the participation of those companies that traffic in e-mail — not only the Yahoo!, Hotmail and AOL’s of the Internet world, but the thousands of ISPs and corporations that make up the bulk of e-mail recipients.

“Once the program gets adopted by the big players, once they sign on, that’s when it really rolls out,” Weiss said. “We’ve been in active discussion with all those players; it just makes too much sense on both sides for something like this to come into play.”

But if ISPs and the rest don’t want to play, the program is dead in the water before it begins. Like a black or white list, the program only works if the host agrees to put the bonded server list on their servers. If they don’t, it doesn’t give mass e-mail marketers any incentive to sign up for the program.

So far, reaction to the IronPort program has yielded a positive buzz among ISPs.

“I firmly support our capitalist economy, I have no problem at all with genuine “opt in” e-mail advertising, and obviously would much prefer not to block that which our subscribers have specifically and purposely asked to receive,” ZZAPP!’s Larimore said.

IronPort recently entered the second phase of its beta tests, from 350 to 1,000 users, to run scalability and server tests on the system. Included in the second wave of testers are some of the biggest e-mailers in the U.S. — Nasdaq, eBay and The Motley Fool are included in this round of testing. To date, IronPort has been testing with MTV, PayPal and Warner Music, to name a few.

IronPort expects to launch the bonded server program to the public sometime in the fourth quarter.