acm-header
Sign In

Communications of the ACM

Communications of the ACM

Should Spam Be on the Menu?


For direct marketing, email is a unique medium, offering a low-cost means to target individuals. When used in a mutually agreeable manner it has the potential to lower transaction costs, making the exchange process more efficient. However, email users are also inundated with spam—also known as junk email, unsolicited bulk email (UBE), and unsolicited commercial email (UCE). While primarily utilized for commercial purposes, spam may also promote political, malicious, or illegal schemes. Spam accounts for an estimated 60% of all Internet email, according to January 2004 statistics compiled by Brightmail.com, a spam filtering software company. This represents over 76 billion messages, requiring nearly 10 petabytes of storage.

This growth has been cited as indicative of a change in consumer attitudes. "People are becoming accustomed to email from an e-commerce entity," claims Jim Williams, CEO and president of MarketHome, an opt-in email marketer. An opt-in approach generally elicits a more positive response from consumers since they also have an option to opt out from email lists. For example, the Direct Marketing Association (www.the-DMA.org) offers an Electronic Mail Preference Service (www.e-mps.org) where consumers register to be removed from lists. However, not all email marketers are scrupulous. This article discusses the concerns associated with spam, and examines legislative and administrative initiatives intended to balance the interests of consumers and Internet service providers (ISPs) with those of direct marketers.

Junk email was identified as a problem as early as 1975. By 1994, spam began to proliferate after the law firm of Canter and Siegel spammed more than 6,000 Usenet newsgroups. The growth of spam has taken its toll on consumer trust. Over 50% of users currently report having less trust in email, and about 25% report using email less frequently [5]. The concerns associated with spam include privacy, false email identities, questionable message content, enticement, and fraud. Other concerns involve the transfer of costs to consumers, organizations, and ISPs.

One of the most objectionable aspects of spam is the intrusion on privacy. The degree to which privacy can be violated is illustrated by the scenario in which location-based marketers direct mobile spam to the recipient, wherever he or she is, with a precise message based on location and personal characteristics. Consumers are more sensitive to mobile spam because mobile devices are more personal, and consumers travel with them [9]. As the third generation of wireless networks emerges, such location-based advertising will heighten privacy concerns.

False email identities increase the likelihood that spam is received and read. A recognized spam address can be blocked. Some spammers routinely spoof, or misrepresent return addresses and headers, to conceal their identities. False identities can be obtained through one-time use of an email service, unauthorized use of an email account, or utilization of an ISP's connection points. Spammers may also configure an email system to present alternate addresses and headers, as well as use false return addresses to avoid undeliverable reports or negative responses, such as flaming, angry return email, and email bombs. Outrage toward spammers has prompted spam vigilantes to hack into spammers' computers, to blacklist spam advertisers, and to publish names and contact information to encourage spamming of the spammers.


Spam accounts for an estimated 60% of all Internet email, according to January 2004 statistics. This represents over 76 billion messages, requiring nearly 10 petabytes of storage.


Content is an important determinant of message acceptability. The Federal Trade Commission (FTC) estimates that adult content is presented in 18% of spam [7]. "Adult images" appear automatically upon message-opening in 17% of such messages, surprising recipients with pornographic, violent, hateful, or otherwise offensive content. Further, inappropriate content may be seen by underage recipients or in the workplace.

Incentive systems may encourage recipients to read messages. For example, database marketer Experian entices opt-in registrants to earn points, redeemable for merchandise, for reading email. This seemingly acceptable enticement could also be utilized for deceptive or fraudulent purposes. Many spam offers are scams [6]. In response, the FTC initiated [email protected], to which consumers may forward spam to assist investigations. Consumers currently contribute about 130,000 messages per day [7]. Law enforcement initiatives by the FTC have resulted in criminal and civil law enforcement actions against deceptive spammers.

Costs to spammers are minimal while unwilling recipients bear the burden [8]. ISP subscription costs may include a connect time fee, as is the case for 15% of AOL customers. Contending with spam is estimated to cost $.50 per message. Retrieving spam through mobile devices can cost more. Unlike Internet email, text messaging is usually limited to 160 characters with no header, precluding identification of spam until it is read. Within the U.S., 118 million mobile phone subscribers pay for each message received [2]. Other costs incurred include time and overflowing mailboxes. Hotmail's free email service, for example, limits subscribers to 2MB of storage. Subscribers are forced to sift through unsolicited messages, have their accounts frozen, or pay for additional storage space.

Similar cost arguments, including paper and toner expenses, were used to regulate fax spam in the Telephone Consumer Protection Act (TCPA) of 1991. However, the TCPA is specific to a telephone facsimile machine. In the first case dealing with this issue, Aronson v. Bright-Teeth Now [1], the TCPA was held not applicable to UCE.

Spam costs corporations an estimated $10 billion annually for personnel time spent perusing unwanted messages, implementing better blocking software, or recovering from spam overloads, according to the U.S. Chamber of Commerce [11]. Resources such as servers, storage devices, bandwidth, and filtering software may have to be upgraded. The costs of spam threaten the value of email as an organizational communication tool. For example, to avoid spam, Trans Pacific Store, Ltd. limits customer contact by not providing departmental email addresses on the company Web site.

The risk of legal liability presents an additional cost. Spam content may be inappropriate, heightening corporate liability for employee claims of discrimination, harassment, and a hostile work environment. Additionally, an organization might be liable for unwitting participation in spamming by allowing servers to be used by a spammer.

Increased traffic may require additional personnel, faster connections, increased processing power, more storage space, and better filtering software [8]. AOL, for example, blocks 2.4 million spam messages per day, representing up to 80% of incoming email messages [5]. An overload of spam may cause servers to slow or crash. For example, Verizon Communications' email system was overloaded on three occasions in December 2000, causing delays of several hours to deliver legitimate email. Other large ISPs, including Ameritech Net, AT&T WorldNet, Earthlink, GTE, Netcom, and Pacific Bell, have experienced similar delays. These occurrences carry additional costs: ISPs must make personnel available for customer complaint resolution, and must address the potential impact of spam-induced delays on their reputations.

The cost to handle spam was estimated by Netcom to be approximately $1 million per month, adding about 10% to each subscriber's bill. Wireless spam is likely to tax the resources of wireless systems as well. Loss of customers due to additional costs, slower access, or the burden of managing spam, is the major cost borne by ISPs.

Back to Top

Responses to Spam

Users have undertaken initiatives to contend with spam once it has been delivered, while email providers attempt to preclude spam from arriving. The direct marketing industry has set standards for ethical distribution of commercial email and the industry may embrace a new business initiative attractive to both consumers and marketers. In addition, legislation has been enacted at the federal level and in 36 states to date.

The first line of defense against spam for email users is to not publish your email address. Mass mailers acquire addresses from primary sources, such as consumer information forms, email correspondence with a Web site, newsgroups, and Web site postings. They may also obtain addresses from secondary sources, such as the purchase of subscriber, customer, or membership lists. Attempts to be removed from an email list by replying to spam often simply confirm your address.

Users have the option of utilizing an email service such as Lucent Technologies' Personalized Web Assistant (www.lpwa.com), available for free. This proxy server generates "target revocable email," an endless supply of unique email addresses. Alternatively, an anonymous email service, such as www.anonymizer.com, automatically replaces header information, identifying anonymizer.com as the message origin. However, these measures impose a hidden cost in that users may not be able to access desirable email.

No matter what precautions are taken, some junk email is bound to get through, moving the line of defense to dealing with unwanted messages. Filters may be used to scan and then discard or organize messages. Filters however, are ineffective against messages containing valid keywords, keywords with extraneous symbols, and misrepresented identities. Further, filters may block legitimate email.

ISPs and organizations are responding by blocking email from known spammers, equipping users with filters, enforcing acceptable use policies, issuing cease and desist requests, and taking legal action. AOL, for example, adopted an aggressive "block and tackle strategy," blocking as many spam email messages as possible at its gateway and tackling spammers through legal action. AOL has filed about 40 civil lawsuits under Virginia laws and has been successful in obtaining restraining orders, injunctions, and settlements against spammers.

Corporate email providers may decide to limit correspondence to assure users receive no spam. For example, those authorized to correspond with Verizon's engineering staff are placed on a list, effectively excluding all others. This exclusion may, of course, apply to legitimate mail, the price paid for exclusivity.

The direct marketing industry has voluntarily acted. For example, the DMA recommends members send UBE only to their own customers or individuals who either opted in or did not opt out when given the opportunity [3]. Further, messages should include a link or notice to allow recipients to both opt out and request their email address not be provided to others. The Mobile Marketing Association (MMA), a trade group for the estimated $8 billion mobile marketing industry, provides guidelines to preclude adverse consequences such as outright market rejection, loss of data flow, regulation, and costly litigation [9]. Members are advised not to merge personally identifiable information with wireless subscribers' location information for personalized marketing, without both opt-in and opt-out consent.

Some email marketers have embraced "admediation," a new business initiative wherein an information management intermediary serves as the conduit to consumers by forwarding acceptable messages containing desired advertising-related information [8]. The admediator provides value to marketers who cost-effectively target willing recipients, while consumers enjoy reduced search costs for product information. In addition to reduced search costs, consumers are motivated by enticements like price discounts and coupons to provide personal information and product/service preferences. For a fee, marketers receive access to a targeted list of consumer email addresses, based on consumer characteristics requested. The viability of admediation however, rests with legislative action, without which the negative aspects of junk email remain uncontrolled.

Back to Top

Legislative Action

A seemingly simple solution is to ban spam through legislation, but an outright ban is probably not possible because of the free speech protection of the First Amendment to the U.S. Constitution. Nor would such content-based restriction be desirable because of the issue of censorship. The First Amendment states that "Congress shall make no law...abridging the freedom of speech, or of the press..." This prohibition applies to any governmental action. Although spam, a form of commercial speech, would receive less protection than non-commercial speech, it is protected nonetheless.

Globally, other jurisdictions are not so constitutionally encumbered. In 2002, the European Parliament adopted Directive 2002/58/EC [4] which states, among other provisions, that users must opt in to receive unsolicited electronic communications for marketing purposes.

Numerous anti-spamming bills were proposed in the U.S. Congress since 1997. The first national standard for sending commercial email, the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, or the CAN-SPAM Act, was passed by the U.S. Congress and signed by President Bush in late 2003. CAN-SPAM, which took effect on January 1, 2004, requires that unsolicited commercial email include a valid return address, the option to opt out, a valid subject line identifying the email as an advertisement, and a valid sender postal address. Sending fraudulent email, and unlabeled or falsely labeled sexually oriented email, is a criminal act subject to fines and imprisonment. Automated address harvesting and dictionary attacks, based on randomly created addresses, are also prohibited as "aggravated violations." Further, the FTC is given enhanced enforcement capabilities and authority to set up a "do not email" list, similar to the popular "do not call" registry for telemarketing. The act also applies to wireless spam and requires the Federal Communication Commission to disseminate rules within nine months to protect consumers from unwanted mobile spam.

The federal CAN-SPAM legislation preempts anti-spamming legislation enacted by 36 states and imposes a national standard. As summarized in the table here, these bills range from the probably unconstitutional outright prohibition of spam in California and Delaware, to the more common identification requirement, address disclosure, and recipient opt-out procedures common in the federal CAN-SPAM Act. In the state of Virginia, some spam practices have been criminalized, such as providing false message transmission information.

Back to Top

Recommendations

Public policy issues relative to spam are numerous. A number of these issues, including privacy, questionable content, deception, and free speech are similar to those in other media and should be addressed in a similar manner. Two issues appear unique to spam: jurisdictional domain and the transfer of costs. Jurisdiction is complicated because cyberspace does not possess the same territorial boundaries, or, at a minimum, the same contact necessity to enter the media channel as other marketing communication modalities. The jurisdictional question in its entirety is beyond the scope of this article, but within the U.S. the problem is national and the solution should be found in federal, rather than state, legislation. The jurisdictional issue is certain to continue to pose enforcement problems, both domestically and globally, especially for spam originating from foreign locations.

The cost transfer concern does not exist with traditional media, but is a major issue with spam. Free markets require the flow of information to efficiently effect exchange. When information is restricted, markets operate less efficiently. Although email allows marketers to efficiently communicate with targeted markets, costs are at least partially transferred. The public policy issue is how best to enable the free market system to utilize email while protecting the consumer, organization, and ISP from costs incurred not of their own free will.

A ban on unsolicited email may harm the efficiency of the free market process. However, the absence of any limitation unfairly transfers the cost to the recipient who, if given the choice, may choose not to participate in the exchange process. The opt-out option, which appears to be the mechanism of choice in much of the proposed legislation, does not prevent the cost transfer until the targeted recipient makes an active decision. Alternatively, consumers who opt in do so of their own free will.

The transfer of cost issue should be addressed with opt-in as the central control mechanism, as is required by the European Union. Opt-out should remain indefinitely as an option to those who have opted in. This preserves free choice within the free market system. The information exchange remains beneficial to both as a result of the potential cost efficiencies of email as the medium of communication.

To further protect the targets of spam, the CAN-SPAM Act should be amended to permit private causes of action against spammers. As enacted, only ISPs are permitted to bring private action. An amended act should also include the stricter labeling standards such as "ADV" and "ADV-ADULT" to identify messages as advertisements and advertisements directed toward adults. Such labeling requirements are included in the preempted legislation of some states.

Back to Top

Conclusion

If utilized ethically, and thus providing quality content that users agree to receive on an intermittent basis, email marketing can efficiently reach a target market with personalized communication, at a cost lower than alternative media. The savings realized can be passed along to consumers. The potential for consumer benefit may outweigh the nuisance of a few unwanted messages. The challenge for marketers, government, ISPs, organizations, and consumers is to develop an email marketing process that is consensual, efficient, and constitutional. The CAN-SPAM Act is an important first step, but must be amended to provide further protection.

Back to Top

References

1. Aronson v. Bright-Teeth Now. WL 1466477 (Pa.Com.Pl.).

2. Brandt, A. Wireless industry moves to can the spam. PC World 20, 7 (July 2002).

3. Direct Marketing Association (DMA). The DMA guidelines for ethical business practice as of April 2002; www.the-dma.org/library/guidelines/ethicalguidelines.

4. European Parliament / DG1 C—Legislative Planning Division (July 12, 2002). Electronic communications: processing of personal data, protection of privacy (repl. Direct. 97/66/EC). Reference COD/2000/0189; wwwdb.europarl.eu.int/oeil/oeil_ViewDNL.ProcedureView?lang=2&procid=4483.

5. Fallows, D. Spam: How it is hurting email and degrading life on the Internet. Pew Internet & American Life (Oct. 22, 2003); www.pewinternet.org/reports/toc.asp?Report=102.

6. Federal Trade Commission (FTC) (July 2002). Putting a lid on deceptive spam; www.ftc.gov/bcp/conline/features/spam.htm.

7. Federal Trade Commission (FTC) (April 2003). False claims in spam; www.ftc.gov/reports/spam/030429spamreport.pdf.

8. Gopal, R.D., Walter, Z., and Tripathi, A.K. Admediation: New horizons in effective email advertising. Commun. ACM 44, 12 (Dec. 2001), 91–96.

9. Mobile Marketing Association (MMA) (Nov. 3, 2003). Code of conduct for mobile marketing; www.mmaglobal.com/conduct/coc.html.

10. Sorkin, D.E. (Last revised: Dec. 16, 2003). Spam Laws, www.spamlaws.com.

11. U.S. Chamber of Commerce (Nov. 2003). "A 'do not spam' list? How far should we go to control spam?" www.uschamber.com/sb/analysis/faceoff/0311.htm.

Back to Top

Authors

Janice C. Sipior ([email protected]) is an associate professor of MIS in the Decision & Information Technologies Department, College of Commerce & Finance, Villanova University, Villanova, PA.

Burke T. Ward ([email protected]) is an associate professor in the Department of Accountancy and The Graduate Tax Program, College of Commerce & Finance, Villanova University, Villanova, PA.

P. Gregory Bonner ([email protected]) is an associate professor and Chair of the Marketing Department, College of Commerce & Finance, Villanova University, Villanova, PA.

Back to Top

Tables

UT1Table. State legislation enacted in the U.S.

Back to top


©2004 ACM  0002-0782/04/0600  $5.00

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.

The Digital Library is published by the Association for Computing Machinery. Copyright © 2004 ACM, Inc.


 

No entries found