Stop Spam - Letter to Derek Wyatt MP

Derek Wyatt MP is the Chairman of the UK's All-Party Internet Group. As such he is spearheading the Government's attempts to protect UK internet users from spam.

So far his suggestion has been that all email addresses (worldwide) be modified to include the sender's postcode. Do Moldovan spammers want to change their email addresses? Surely Mr Wyatt understands there is no legal or technical way of forcing them to do so!

Below is the text of a letter I have written to Mr Wyatt offering two practical solutions to eliminating spam.

I commend you for the energy that you are putting into the task of fighting spam.

I would like to offer two suggestions. Unlike some of the ideas put forward by those who know little about either technology or the perfidious character of spammers, these would be actionable and effective:

1) Require ISPs to offer users an effective server-side anti-spam service.

My own ISP offers its users a service called BrightMail. Switching it on reduced the number of spam messages in my own inbox from over 100 per day to one or two; in the three months since using this service, I have not, to my knowledge, lost a single real email message*.

It is critical that ISPs offer a server-side, not client-side, solution:

· Few users are technically capable of downloading, installing, and keeping up-to-date a client-side solution (i.e. one that resides on their PCs).

· If you use web-based email, whether every day or just when travelling, then only a server-side system protects you.

· Client-side systems still involve downloading all the spam before it is deleted, wasting bandwidth and time, and filling your recycle bin.

Clearly it is important that clients are offered the choice of not switching on the anti-spam package, otherwise the ISP could be accused of intercepting mails addressed to the user. But it would be straightforward to require ISPs to offer such a service.

If the majority of users were to implement effective anti-spam measures, the rewards for spamming would decline, and the number of spammers should follow. It’s analogous to herd immunity. But this on its own would not eliminate the disease.

2) Deny spammers anywhere in the world access to credit card processing.

I recently followed half-a-dozen spam offers through to the point of payment, where I was offered the option of using Visa, Mastercard or American Express. Most spam scams ultimately rely on making a low-value sale via a credit card, so denying access to credit card processing would make life impossible for most spammers**.

We acted to stop banks profiting from laundered cash, there is no reason why we cannot act similarly to stop them from profiting from the proceeds of spam.

It would be completely straightforward to require that banks and credit card processing companies withdraw services from companies or individuals who are found to use spam, or risk themselves being fined. It would be analogous to legislation fining airlines and logistics companies if they do not prevent their planes and vehicles from carrying illegal immigrants.

Spammers are not difficult to identify, even if they reside overseas: again, the anti-spam services monitor and identify spammers with a very high degree of accuracy, a contract could easily be awarded to one or more of them to produce a register for distribution to the financial community. An appeals process would ensure that legitimate business practices are not penalised.

Of course the credit card companies would wail that monitoring their partners' marketing activities would be an unacceptable financial and operational burden. But if they don't know or trust their customers, why are they providing them with financial transaction processing services in the first place?

· They must be implementable from within those countries where there is the desire to stop spam and the rule of law;

· They must not put the onus on the individual email user to take actions for which are beyond his or her technical capabilities.

The two suggestions outlined here fulfil these three requirements, and would play a major role in stamping out the modern plague of spam, against which you are so actively engaged. I strongly urge that you champion them.

I would be more than happy to meet to discuss how they might be best implemented.

* Please note that I have no connection of any sort with BrightMail; there are competing products just as effective.

** The exception being the so-called Nigerian 4-1-9 Advance Fee fraud, which does not rely on credit card payments.