Secret CIO: It's Time To Slam Spam Once And For All
Some time ago, I commented on the increasing amount of junk E-mail most of us are receiving ("Swimming In A Sea Of Spam," May 21, 2001, p. 122). It's gotten to the point I'm afraid I'm going to wind up with carpal tunnel syndrome from the repetitive motion of hitting the delete key. Besides my normal plague of meaningless business E-mails, I get a lot of stuff sent to lovelace@home. Interspaced with the letters from readers, which I thoroughly enjoy (please don't stop), are some really strange unsolicited messages--get-rich schemes, potions to enhance various body parts (several of which are gender-specific), and some really vile pornography.
Like a naïve neophyte, I first tried to stop the garbage by responding with a request to remove me from the distribution list. After a while, I realized that all I was doing was letting the spammer know my E-mail address was valid. Undaunted, I moved onto my next defense. With righteous indignation, I began to forward every message to "Abuse" at the indicated Internet service provider site, thus letting them know how their mail servers were being polluted. My fervor was somewhat diminished when I consistently got back automated messages telling me (pick your choice) that 1) the account was no longer active, 2) the ISP was spoofed so it didn't come from them, or 3) the foul deed was being investigated.
I became really annoyed and decided to take action. After all, as I told Cindy, I didn't become a CIO by sitting back and letting others decide my fate. It was time for the big guns.
My next step was to enlist the full support and righteous indignation of our national government. I forwarded the stuff to the Federal Trade Commission at email@example.com, an address I had dutifully copied down at a seminar where one of their officials talked about the need to get rid of the trash coming through our E-mail. She had told us, with a knowing smile, that the FTC was well aware of what was going on and had every intention of prosecuting people who violated the fraud or pornography laws. Naturally, I've never gotten a response from the FTC and the same junk continues to appear in my computer mailbox.
Feeling frustrated, I finally accepted my lack of control over the situation. So, like most executive types faced with an insurmountable problem, I changed my focus from trying to solve it to intellectualizing about how I became involved in the first place. Why was my nom de plume on these lists?
I came up with a few possible answers. First, there are publicly available directories of selected names and contact information. Second, some merchants and sites sell their E-mail records. Opt-in to get something on the Web, or give out your E-mail at a store, and you wind up on a list. Eventually, these lists may get sold to peddlers more interested in revenue than in how the information they hawk is used. Third, one of the more obvious ways that spammers get E-mail addresses is to pick a common word or name and then append all the ISP names they can think of, such as firstname.lastname@example.org, email@example.com, etc.
I suspect you're as fed up with junk E-mail as I am. It's time to get serious about spam. The people in Washington have been fooling around with this problem for several years without coming up with legislation to protect us. Maybe we give less in campaign contributions than those companies that profit from sending us unsolicited E-mail, but we need to be heard.
I have four specific suggestions:
Legislate that no one is allowed to sell or barter a mailing list with our names on it without our informed consent.
Treat abuse of E-mail with the same attention that we treat fraud and pornography sent through the U.S. Postal Service.
Require that every message contain a legitimate return address where a response with REMOVE in the subject line deletes our names forever.
Vigorously enforce steps 1, 2 and 3.
Opponents will say these steps are too costly for companies, too expensive to enforce, and technically not feasible. "Frankly, my dear," to paraphrase Rhett in Gone With The Wind, I don't care about the costs to people who are stuffing my electronic mailbox with junk and worse. And let fines help defray the money spent on enforcement. Technical feasibility? Many computer wizards and network administrators can come up with good ways of blocking any site or mailbox that doesn't follow the rules.
Perhaps the results won't be foolproof, but let's get started. The Internet is too valuable and E-mail too useful to bury it under a mountain of junk--and slime.
Herbert W. Lovelace shares his experiences (changing most names, including his own, to protect the guilty) as CIO of a multibillion-dollar international company. Send him E-mail at firstname.lastname@example.org and read his online column at informationweek.com, where he'll provide real--and sometimes whimsical--answers to your questions.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.