Consumer Privacy 1997 -
"Unsolicited Commercial E-Mail"
The Federal Trade Commission
April 10, 1997
In the early days of automobiles there were dirt roads and small intersections without a hint of stop signs or speed limits. Intersections were safely crossed by drivers who governed themselves to avoid collisions. As time progressed both the speed and quantity of automobiles increased so stop signs and speed limits were needed to control those "unruly" drivers who did not believe in governing themselves. If the driver went over the speed limit he/she was fined and the fine was in part to deter the driver from committing the same offense again. This story is no different than what is happening on the Internet today.
The "drivers" (internet users) in the early 1990's were self-governed and did a good job to keep everyone playing by the same set of rules. But by the end of 1996 it was clear that there were "unruly" people on the Internet and those people, while small in numbers, caused most if not all of the headaches for the other millions of users. As we enter 1997 the unruly crowds grow in numbers and self-governing is no longer possible due to the advancement of the Internet and technologies which make it so easy to be unruly.
Electronic mail is one of the most widespread "services" available via the Internet today. Anyone with access to the Internet can send a message to anyone else as long as he/she knows the address of the recipient. The cost to send one or one million messages is measured in pennies and this is one fundamental reason why e-mail is abused so much today. Unsolicited commercial e-mail (also known as junk e-mail) is the act of distributing advertisements via electronic mail to solicit money or actions from the recipients of the message. As the costs to communicate directly to millions of people decrease, the number of scams, frauds, and abusive advertisers increase. The same holds true for paper mail. If it only cost $.01 to mail a first class letter - the volume of junk paper mail would skyrocket along with the ads for scams and frauds. The low cost and ease-of-distribution for junk e-mail invites the scourge of the business world to peddle their wares so that the recipients send in their money for a less-than-satisfactory product or service.
Today the recipients of the junk e-mail have caught on to the scams and realize that most if not all of the unsolicited e-mail they receive are for products or services which only gullible or naive Internet users would fall for. So the recipients ask the advertiser or distributor of the e-mail advertisement to discontinue their "electronic littering" but the requests go unheard and unanswered. The cycle repeats itself many times until the recipient has reached the pre-violent stage and finds the only way to stop the flood of junk e-mail is to change their e-mail address or to install a software device known as a filter. But soon after installing the filter they find their mailbox full of ads from the same advertisers who have cleverly forged their return address or mail header so the filter is fooled. To make matters worse, the old e-mail address now bounces mail back to the advertiser as "undeliverable" but since the advertiser forged the return address the bounced mail is sent to the mail system administrator (the Internet Service Provider) of the recipient. When the advertiser is scolded for their actions the response is generally a sly "we'll do better next time" and the cycle continues to repeat. It is clear that the self-governing stage on the Internet has passed and stop signs and speed limits (laws) with substantial fines are needed to deter the unruly from using the Internet.
The answers given in this comment to the Federal Trade Commission represents the position of ReplyNet, Inc. and do not necessarily represent or speak for others in the Internet community.
Question 2.16 [Part 1] How widespread is the practice of sending unsolicited commercial e-mail?
Answer: In our opinion the number of unsolicited e-mail advertisers seems to be increasing by 25% each quarter. Instead of receiving just one message per day some Internet users are receiving five or six per day. Some junk e-mailers are now selling software to permit others to send junk e-mail which will eventually reach a flashpoint where the number of junk e-mailers is measured in the thousands and the quantity of advertisements received is uncontrollable.
Question 2.16 [Part 2] Are privacy or other consumer interests implicated by this practice?
Answer: Yes. Receiving a junk e-mail message is no different than receiving a telemarketing call. It intrudes on the user's privacy because the recipient has to take some form of action to delete the message. The recipient can not just ignore the message because those ads will soon fill up their e-mailbox. They can not just set-up a filter because most junk e-mailers consistently alter the header in their message or use a third-party re-mailer to intentionally trick the filter.
Question 2.16 [Part 3] What are the sources of e-mail addresses used for this purpose?
Answer: Most junk e-mailers use some form of "harvesting" software which connects to a website and collects every e-mail address listed on every page of the site. Others will set-up software to read through the USENET news groups to collect e-mail addresses. Some junk e-mail advertisers will connect to large Internet Service Providers and will attempt to obtain the entire user e-mail address list. Others connect to sites and issue well known commands to "expand" address lists to capture every address available.
Question 2.17 [Part 1] What are the risks and benefits, to both consumers and commercial entities, of unsolicited commercial e-mail?
The risks to consumers who receive junk e-mailings range from being taken in by a scam or fraud (a large portion of the junk e-mail today) to spending a considerable amount of time "grooming" their e-mailbox to delete the unwanted messages.
The risks to commercial entities are significant in terms of lost productivity. Most computer users at work leave their computer on all day and when a message arrives they are alerted. Generally the user will stop what they are doing to open their mail and read the message. While this may seem to be a insignificant amount of time, repeat the process ten or fifteen times in the day and the user has broken his train of thought too frequently to be productive. Another risk to commercial entities is the workload placed upon the mail administrators that have to "groom" their general inbox due to the number of bounced messages (with forged return addresses) from the advertisers that are not maintaining their lists. Large firms with thousands of users (including Internet Service Providers) have problems with this because the number of bounced messages can be measured in the hundreds or even thousands. Mixed in with those bounced messages can be true cries for help from local users who need assistance. This poses a significant waste of time for mail administrators and can cause them to miss valid support messages.
The benefits of unsolicited e-mail advertisements to consumers have yet to be seen. If the advertiser used a truly targeted mailing list and the recipient could easily block the junk e-mail, real advertisers (auto manufacturers, etc.) could contact their audience on a professional basis. Unfortunately most of the advertisements we have received have been scams, advertisements to visit an adult site, or a general "introduction" to a new website. Given the low cost involved in advertising via e-mail the number of scams will remain at a very high level.
The benefits of unsolicited e-mail advertisements to a commercial entity are very few. One benefit to note would be that software upgrade advertisements that fix or solve a problem can be sent to staff members quickly and easily, so selected staff can buy the upgrade or patch their existing software and carry on with their duties without missing a step. However, this kind of advertising would be better on a solicited/targeted basis since people with product "X" would not need to know about a patch for product "Y".
Question 2.17 [Part 2] What are consumers' perceptions, knowledge, and expectations regarding the risks and benefits of unsolicited commercial e-mail?
Answer: We believe their current perception and knowledge of unsolicited commercial e-mail is very negative due to the unruly advertisers that do not conduct themselves professionally. It is also nearly impossible to have some advertisers stop sending ads as they ignore the "remove" requests. The perception of unsolicited e-mail advertising is so bad that many positive (non-scam) advertisements will be looked at by many consumers with a jaded eye. We feel the expectations of many consumers towards unsolicited commercial e-mail is that the content will be either a get-rich-quick advertisement or an ad to visit an adult website that has just opened. Very little true (reputable) product sales are found in today's unsolicited commercial e-mail.
Question 2.18 [Part 1] What costs does unsolicited commercial e-mail impose on consumers or others?
Answer: We feel the costs to many consumers who are either on a pay-per-use plan or are on a wireless service that charges per-packet are small but real. The costs add up when five or six unsolicited e-mail ads are received each day. The costs to others are very real, especially to Internet Service Providers that have to "groom" their mailbox to clean out bounced e-mail that have a forged return address. The real sender (junk e-mail advertiser) forges their header and return address so they don't have to clean (maintain) their own mailing lists since that action takes time. Many large ISPs spend a considerable amount of time dealing with the unruly advertisers who either forge their return address or do not comply with "remove" requests.
Question 2.18 [Part 2] Are there available means of avoiding or limiting such costs? If so, what are they?
Answer: Individual mail filters were hoped to curb these costs by making junk e-mail "dead on arrival" but the filters are becoming ineffective as the junk e-mailers are forging their headers and return addresses and are using innocent third parties to "re-mail" their junk e-mail advertisements.
Asking the junk e-mailer to "remove" an address from their mailing list is often more time consuming than deleting the message itself. This is because often times the address given to send the remove request to is intentionally invalid or does not get action. Some users have even reported sending four or five remove requests exactly as requested to and they continue to receive the advertisements from the junk e-mailers. In the case of "header forgery" the recipient has to spend time searching for the real address of the sender and even then if the header is forged enough the recipient will not know where to send the "remove" request to.
One very effective method of eliminating the "forced cost" to the recipient is to pass a law that makes it a crime to forge any part of a mail header or to use a third-party SMTP mail server to re-mail the junk e-mail. If the junk e-mail advertiser were forced to send e-mail from their own system with an unaltered header, the Internet Service Providers could easily place filters in their routers to completely block out the junk e-mailer. In addition, this type of law would make most e-mail filters fully effective.
Question 2.19 Are there technological developments that might serve the interests of consumers who prefer not to receive unsolicited commercial e-mail? If so, please describe.
Answer: Yes, but only if the junk e-mailer were forced by law not to alter the header of their message or to use an innocent third party to re-mail their messages. If the advertisements came directly from the advertiser and the header of each mail message were authentic and unaltered (not forged) then the "filters" that are in many mail applications would be totally effective in blocking out the unwanted mail. In addition the Internet Service Providers could block the advertisements entirely from entering their mail gateways if their users voted to have the advertisements blocked. This can only happen if there were laws with fines because self-policing does not work with unruly advertisers which make up the majority of e-mail advertisers today.
Question 2.20 How many commercial entities have implemented the Principles for Unsolicited Marketing E-mail presented at the June 1996 Workshop by the Direct Marketing association and the Interactive Services Association?
Answer: We do not have an answer for this question. Self-policing and "principles" do not work in this environment anymore because the majority of the problems are being caused by the less-than-professional advertisers that believe in the "anything goes" philosophy. The fly-by-night and get-rich-quick crowd are causing a large portion of the trouble on the Internet because of the low costs involved in sending out the junk e-mail messages to their possible victims. In addition, many "bulk e-mail" firms change their return addresses, alter their headers, and use third-party re-mailers to mask their identity. We do not believe that professional advertisers and marketing staff will cause a problem because they realize their reputation rides on the line with each unsolicited advertisement they send out.
Proposed Laws for Internet Advertising
Forgery of any portion of an e-mail message "header" should be a crime.
The first reason this law is needed is many junk e-mailers will intentionally forge the header of their outbound message to hide their identity so they do not receive complaints from the recipients. In some cases the junk e-mailer forges a valid address of another innocent party (which happened to my company, ReplyNet,) so the innocent party receives all the complaints and the real sender walks away clean. No professional advertiser needs to forge their identity in an unsolicited e-mailing.
The second reason this law is needed is it will allow the Internet Service Providers to place filters in their e-mail gateways to block out unsolicited ads if their users request it. It will also provide total control for users who have e-mail "filters" in their software because up to now the filters have not been fully effective due to the massive amount of forgery being done in the header of the message.
We believe the fine should be at least $1000 for each message delivered with a forged header. This will quickly put the unruly advertiser out of business or will force them to comply or face additional fines.
Unauthorized "SMTP mail drops" should be a crime.
Many "bulk" junk e-mailers will prepare their massive e-mailing and will then drop the messages onto an innocent third party (Internet Service Provider or commercial entity) so the mail will be delivered by a system not related to the advertiser. This often causes the innocent party to be deluged with hate mail and questions about their association with the advertiser.
The second reason this needs to be a law is that it forces the junk e-mail advertisers to use their own systems to handle the mailing. This allows the Internet Service Providers to install IP filters or blocks at their router to completely block out the junk e-mail if their users request it. A big reason many junk e-mailers use an innocent third party to deliver their advertisements is to avoid the mail filters that are looking for the IP address of the junk e-mailer.
The fine for unauthorized SMTP mail drops should be $1000 for each message delivered through an SMTP server (mail server) without prior approval..
See the accompanying illustration describing how an SMTP mail drop is performed.