Security threats Toolkit

Spam is in the eye of the beholder

Tags:
Spam

Leader

Published: 12 Oct 2006 17:10 BST

"Spamhaus.org is a fanatical, vigilante organisation that operates in the United States with blatant disregard for US law."
Comment from e360insight chief, David Linhardt, following his decision to sue Spamhaus

While the law may be black and white, justice, like beauty, is in the eye of the beholder. For many, UK company Spamhaus is providing a valuable service to businesses who want a reliable list of the world's junk-mailers. Conversely, large swathes of the "e-marketing" world see the blacklist Spamhaus operates as a clear and present danger to their business.

The "hero or villain", "guardian or vigilante" perception of Spamhaus was starkly illustrated last month when US marketing company e360insight took affront at being blacklisted by the UK group and sued. The judge in the case sided with the marketing outfit and ordered Spamhaus to pay $11,715,000 in damages.

Spamhaus has politely refused the offer to compensate e360insight, saying that the Illinois court where the judgement was made has no jurisdiction over a UK company. Similarly, attempts to force ICANN, the organisation that oversees the running of the Internet, to block Spamhaus's domain name, have failed. Spamhaus says its own DNS manager is the only person who can legally take down its site at the moment.

Tussles over UK and US legal jurisdiction aside, Spamhaus's plight highlights the problems of letting the market fill an organisational vacuum. Spamhaus owes much of its popularity and success to the fact that industry — in this instance, ISPs and e-marketers — has failed to police itself. In this frontier town, the gun for hire is doing the job the locals either won't or can't.

And there is little chance of a federal marshall coming to town any time soon. Government legislation — such as the mostly toothless Can-Spam Act — has done little to curb spammers. Combating reckless marketers requires buy-in from every party involved to be truly successful. We need an industry code of conduct, with voluntary compliance by those who wish to be legitimate. If all the stakeholders agree what is and what is not spam, it's much harder for those who don't agree with the code to legally affect those who do. If the majority defines what is just, then extremists — be they criminals or vigilantes — will find it harder to substantiate their actions.