Collateral Damage

Spam is bad, but spam filters have become a menace in the supply chain.

InformationWeek Staff, Contributor

March 5, 2004

7 Min Read
InformationWeek logo in a gray background | InformationWeek

The email channel has grown in volume and importance as a communication link among corporations and between corporations and their customers. Consumers have grown accustomed to receiving emails confirming travel itineraries, order placements, product deliveries, and payments from companies such as airlines, retailers, and financial institutions. Corporations interact with multiple entities around the world and rely on email for collaborating and coordinating essential tasks such as sourcing raw materials, manufacturing, and globally distributing other operations.

Unwanted email solicitations (spam) clog personal and corporate email servers with unsolicited come-ons for everything from viagra substitutes to cheap mortgage rates. The call to do something about spam has gained a sense of urgency, as the number of spam emails seems to grow relentlessly every day. To put the numbers in perspective, the percentage of spam in Internet email traffic jumped from under 40 percent a year ago to 60 percent in January 2004, according to brightmail.com, an anti-spam solutions provider. According to Computer Mail Services, the average cost of spam per employee for a corporation, where an employee receives 25 spam emails a day, is $200 per year (assuming a $25 per hour wage rate).

Beyond the monetary cost, the frustration and nuisance caused by spam is increasing at an alarming rate. It was ironic that this article was caught in my editor's spam filter. My editor kept sending me reminders and I kept resending the article, which did not make it into her inbox. Companies that send spam "spoof" legitimate email addresses and domains to send bulk emails. Inadvertently, some innocent email addresses and domains get branded as spammers and get blocked by anti-spam organizations. However, spoofed email addresses from Fortune 500 firms or well-known companies are never punished in the same way!

Fighting the Flood

Although California passed a bill trying to stop spammers, most governmental actions against spam have had little effect on spammers who can operate from any place in the world and are outside the reach of U.S. law. Under pressure from various special interest groups, most Internet service providers (ISPs) in the U.S. and Europe have instituted policies to terminate the service of spammers on receiving email abuse reports. But the Internet's global reach makes it difficult to curb spammers who move from one ISP to another or to a country that doesn't have any anti-spam laws.

As a consequence, numerous spam filtering and fighting services have sprung up that attempt to block spammers and the offending ISPs. The jury is out on how effective these services have been in containing spam. They often catch and punish legitimate businesses in their zeal.

The spam fighters act like cowboys meting out vigilante justice in the Wild West. A few Web sites actually admit that "there will be collateral damage" and innocent firms will get blackballed — email to and from that address and domain will disappear into a black hole. Some filtering services have the courtesy to notify senders that their emails have been diverted into a virtual garbage can, but most don't.

This vigilante approach has chilling consequences for the global supply chain. Suppliers, manufacturers, and distributors in the Far East, certain European countries, Australia, and South America rely on ISPs that can be blacklisted by the spam vigilantes without much of a due process. Waiting for governments across the globe to formulate and implement a spam policy is unlikely to pay off in the near future, if at all.

Guilty Until Proven Innocent

To illustrate the adverse effects of this approach, here is an all too common scenario: The first indication that something has gone wrong with the supply chain is when product pallets aren't picked up as scheduled at a loading dock. After making a few phone calls, the shipper discovers that the email messages confirming the pick-up date and time aren't reaching the transport company or the customer. Email has replaced fax machines, telephones, and a small army of clerks as the best way to coordinate pick-ups and confirm delivery with customers. But as the number of missed shipments begins to pile up on the loading dock, the shipper hires staff to work the fax machines and phones to clear the logjam.

On investigating why emails aren't reaching customers and supply chain partners, the shipper discovers that his email address and domain is listed as a spammer at a spam abuse Web site. This particular Web site only allows contact via email, but when the shipper attempts to send an email to the site's administrator, he receives the message "mail from spamming sites refused."

Further investigation reveals that the anti-spam Web site will investigate the shipper's request for removal from the spammer database if the shipper sends an email from a different address and attaches a "fee" of $1,000. (Some sites request a smaller amount to delist domain names and email addresses from the anti-spam Web sites.) Although some anti-spam Web sites seem to have good intentions, others practice the Internet equivalent of the "shake-down" or "protection" money to conduct legitimate business. The frustrated shipper pays the "fee" to avoid the continued expense of additional staff, faxes, and phones to coordinate shipping.

Further muddying the issue are the arbitrary criteria for listing a domain as a spammer that vary for each anti-spam Web site — based on the administrator's "whims," as one site puts it. The vigilantes can block all the addresses of an ISP if it is deemed uncooperative — affecting multiple companies. This vigilante justice as currently practiced is meted out to small ISPs and ISPs that are located outside the U.S. The vigilantes don't have the backbone to list ISPs with legal muscle such as America Online or MSN.

Unless the corporate world comes up with a plan of action, vigilante justice will rule. Waiting for governments across the world to formulate and enforce an anti-spam policy may prove to be futile and possibly even undesirable. Especially as supply chains become global, emails between trading partners must flow without disruptions caused by anti-spam filters or fighters.

One interim solution could be to certify supply chain partner ISPs and put them on a white list for trading partners. Emails within that "white" list are never blocked among trading partners. The potential long-term problem with this solution is that it creates the equivalent of an electronic gated community of suppliers where new suppliers are discouraged by the process to get whitelisted. If each global manufacturer had its own list, then suppliers to multiple manufacturers would have to get on multiple white lists. An alternative to this problematic solution could be industry white lists maintained by global trade associations.

I loathe spam as much as anyone, but most spam-fighting solutions kill the very characteristic that makes the Internet attractive for supply chain collaboration: The Internet makes it easy to find and do business with global trading partners. In all fairness, inaction regarding spam by bodies such as Internet Corp. for Assigned Names and Numbers (ICANN) has led to the inevitable emergence of freelance spam fighters. The current approach, however, is fraught with the potential for all kinds of abuse — from shakedowns to companies reporting competitors' domains as spammers in an effort to shut down competitors' customer service emails.

There are no easy solutions in sight. An electronic fence that isolates supply chains for a particular product or service also has the inadvertent effect of keeping legitimate partners from reaching the firm. There must be some positive responses to spam; otherwise, spam wouldn't continue to increase in volume. Some have suggested an education effort to get people to "just say no" to spam. If there are no takers to spam offers, it is hoped that eventually spam will die. Whatever the approach, it needs to be formulated by organizations other than vigilantes! Otherwise, the cure may be worse than the disease.

Ram Reddy [[email protected]] is the author of Supply Chain to Virtual Integration (McGraw-Hill, 2001). He is also the president of Tactica Consulting Group (www.tacticagroup.com), a technology and business strategy consulting company.

Resources

ICANN: www.icann.org

Additional articles at IntelligentEnterprise.com

"Closing the Door," Jan. 1, 2003

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights