Which brings us to the obvious question: If everyone hates spam so much, why is it one of the largest growth industries in the world? Answer: Because people do make money by inundating us with advertisements for junk. As long as one sucker per 100,000 recipients responds to the "click here" or "call this number" portion of the spammer's message, there is sufficient incentive for sending out an additional 5 million messages.
It continues to amaze us that anyone could be dumb enough to respond to this stuff. Because antispam vendors have become adept at blocking simple spam, spammers have adopted tactics so bizarre that getting even one response in 1 million seems unlikely. E-mail message subjects regularly contain words that aren't words, gross misspellings, symbols that you'd normally find only in math equations, poor grammar and a host of other miscommunications that would typically render any message that followed completely suspect. Recent examples from our inbox include such memorable subject lines as "Re: legate enol," "sku1per via1hgra" and our personal favorite, "Give me some money, please." But still, numbskulls click and call and encourage and keep the spam industry alive.
 By the numbers |
The fight against spam is being waged on two fronts, legal and technological. We hear from time to time about small claims and spectacular victories in the courtroom, but we believe--as do a majority of our antispam poll respondents--that legislative efforts alone will not eliminate spam. Only 11 percent of our 455 qualified respondents think legislative efforts are even somewhat effective deterrents to spam, and fewer than one in four holds out hope for more effective legislation in the future.
Legal challenges against spammers are complicated by three obstacles: tracking down the source of spam, identifying who the spammers really are, and dealing with international boundaries when attempting to prosecute identified spammers. Many IT people mistakenly think that most spam originates overseas and that U.S. legislative efforts would be effective against only a small portion of spam. But in February 2004, Sophos, an antivirus software provider, traced the origin of all spam received by its research center over a two-day period and found that nearly 60 percent was sent from within the United States.
So the CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing) Act of 2003 (see ID# 1501buzz2) should be effective, right? Nope. Of the spam that's sent from within the States, between 30 percent (Sophos estimate) and 70 percent (according to MessageLabs, a British antispam service provider) is sent using computers that are infected with spam-relay Trojans and worms. These programs allow spammers from anywhere in the world to relay their messages through thousands of infected systems without the owners' knowledge.
Still, the Federal Trade Commission filed criminal and civil charges against four named defendants on April 29 for violating provisions in the CAN-SPAM Act. This marks the first government case against spammers based on the new law. If the government's case is successful, we're likely to see a number of additional government cases filed in the months to come, and that's good news.
And in March, four U.S. firms--AOL, EarthLink, Microsoft and Yahoo--filed six lawsuits in four federal courts against hundreds of spammers using provisions in the CAN-SPAM Act. Emphasizing the difficulties inherent in identifying spammers, only three defendants were identified by name in the lawsuits, while more than 200 were tagged as John Doe.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
