Operating 20 computers in an abandoned schoolhouse in Rockford, IL, Jay Nelson worked with relatives to set up more than a dozen shell companies, renting equipment and Web hosting services using aliases such as “Art Fudge.” Nelson and his associates then “hacked into AOL e-mail accounts,” states one legal motion filed by AOL, and overwhelmed members with links to pornographic Web sites such as pamsplayhouse.com.
In 1999, AOL won a court injunction barring Nelson from such activities and fining him $1.9 million; nonetheless, he and his colleagues subsequently sent another billion e-mail messages-triggering 25 percent of AOL’s spam-related customer complaints over the next two years.
Alan Ralsky, by contrast, seems almost respectable. While trying to overcome a past littered with fraud convictions, a court-ordered fine, personal bankruptcy, and a brief jail stint, Ralsky in 1997 heard about a new Internet opportunity. Repudiating pornography to his wife, Ralsky rented mailing lists and set up servers in his basement, according to media interviews he gave last year. Pitching mortgages, vacations, and online pharmacies and casinos on behalf of others, he boasted of thousands of dollars per week in sales commissions. After moving into a $740,000 house in a Detroit suburb, Ralsky set up another basement operation that was soon spewing tens of thousands of messages per hour, relayed through servers in Dallas and in Canada, China, Russia, and India. In 2001, Verizon Internet Services sued Ralsky, charging him with unauthorized use of its network.
Nelson and Ralsky are just two of the many faces behind spam. But according to Jon Praed, an attorney with the Internet Law Group, an Arlington, VA, firm hired by the plaintiffs in both of these cases, big-time spammers have a common profile. “They have not been successful in anything else,” he says. “They are hackers gone bad, or they are crooks gone geek.” They also sit at the center of far-flung conspiracies to conceal their actions. (Neither Nelson nor Ralsky returned phone calls from Technology Review.)
The spam crisis is hardly a secret. But few could have imagined it would get this bad this fast. More than 13 billion unwanted e-mail messages swamp the Internet per day, worldwide. This tsunami of time-wasting junk will be a $10 billion drag on worker productivity this year in the United States alone, according to San Francisco-based Ferris Research. In a perverse analogy to Moore’s Law of microchip processing power, the number of daily spam messages is doubling roughly every 18 months, according to the Radicati Group, a Palo Alto, CA, market research firm specializing in electronic messaging. Having risen from 8 percent of all e-mail in 2000 to more than 40 percent by the end of 2002, spam has now reached a majority, according to studies from several anti-spam software companies. Conceivably, spam could soon represent 90 percent of all e-mail, says David Heckerman, who heads the Machine Learning and Applied Statistics group at Microsoft Research, which is working on anti-spam technologies. If that happens, he says, “a lot of people will just stop using e-mail.”
“Spammers are gaining control of the Internet,” says Barry Shein, president of Brookline, MA-based The World, which started in 1989 as the first commercial provider of dial-up Internet service. Shein has been spending an increasing number of nights and weekends-the witching hours for spammers-trying to block barrages of spam that appear so suddenly that they threaten to overwhelm his service. He’s constantly adding new spammers to a “blacklist” used to block all e-mail from rogue Internet addresses, but that’s a Band-Aid. “They change their network identities every couple of hours,” and then sometimes launch “revenge attacks,” Shein says. And spammers are ever alert to fresh prey: according to a study conducted by the Federal Trade Commission, someone who uses a brand new e-mail address in an online chat room could get hit with spam as quickly as nine minutes later.
The problem could easily grow beyond anyone’s control. “Our concern is not so much for the porn and the herbal Viagra as it is for the legitimate businesses,” says John Mozena, cofounder of the Coalition against Unsolicited Commercial E-mail (CAUCE), an advocacy group.”There are 24 million small businesses in the U.S. If just 1 percent got your e-mail address and sent you one message per year, you’d have 657 additional messages in your in-box every day. That is our nuclear-winter scenario.”
To avert such a catastrophe, electronic warriors are fighting the scourge of spam using three principal tactics. The first involves the rapid adoption of spam-blocking-and-filtering software by consumers, corporate networks, and Internet service providers. Anti-spam software is expected to grow into a $2.4 billion industry by 2007, up from about $650 million now, according to a Radicati Group forecast. But that alone won’t win the war. The second, newer approach involves instituting more drastic changes in the way e-mail and the Internet work, perhaps imposing new costs to send messages or developing the ability to trace e-mail messages like phone calls.
The third tactic is a legal one, involving not only better law enforcement and prosecution of spammers but even a ban on all unsolicited commercial e-mail. To beat back the persistent, rising tide of spam, it’s probably necessary to engage on all three fronts at once. “We move based on what we anticipate from the enemy, and then the enemy reacts,” says Microsoft’s Heckerman. “We’re already up five levels of prediction.” Everyone expects further escalation-while hoping that e-mail as we know it won’t be destroyed in the process.