Some studies have shown that unsolicited commercial e-mail (UCE) or “SPAM,” i.e., unsolicited e-mail typically of a commercial nature that is sent out in bulk, accounts for about 75% of all e-mail. The pernicious nature of UCE is well known, as are its costs to individuals, companies, and society. It has also become apparent that current and even most proposed methods of control will largely fail to control the problem.
Current technology relies mostly on “fingerprinting” and “Bayesian filtering” to detect UCE. The problem with such technologies is that it is relatively easy for spammers to adopt counter-measures to get around even the best filtering systems. And worse, filtering systems always have some false positives, which can result in lost e-mail that has been improperly marked as UCE.
Human Interactive Proof (HIP) approaches and other challenge-response methods are more effective, but annoy senders and run into problems with newsletters and other opt-in bulk e-mail. Furthermore, proving yourself, as a sender, to one recipient via answering a challenge does nothing to authenticate you to another recipient. Hence, you have to go through this process with all recipients.
Current and proposed methods for controlling UCE fail uniquely identify the sender of the e-mail. Consequently, control is applied to the e-mail being sent rather than to the sender, who in any case can usually not be identified. This makes it possible for “serial spammers” to send round after round of e-mail using the latest in UCE detection evasion techniques.
There are other suggestions for controlling UCE that require changes to current Internet Standards and work with e-mail servers rather than clients. But apparently none of them call for unambiguous authentication of the sender. Also it takes a considerable time for a consensus to be achieved and Internet standards to be changed.
Laws that make UCE illegal are ineffective, as spammers almost always use false address information, “hijacking” a domain name as a return address. Not only does this make it difficult to trace the spammer, but often results in some completely innocent domain name holder being flooded with rejected e-mail.