Bad company

Steamy sex spam isn't the half of it. Legitimate businesses threaten our e-mail system with their misguided marketing efforts.

By Simson Garfinkel

Published April 21, 2000 4:00PM (EDT)

Last week I received an e-mail message from Caldera Systems. "Finally, there's a Linux operating system that's as obsessed about the Internet as you are," it read. "Caldera Systems' OpenLinux eDesktop 2.4 is chock full of goodies to make your connection to the World Wide Web a craving like none other."

If I were obsessed with anything, it wasn't whatever new version of its operating system that Caldera happened to be pushing. I was far more interested in finding out how the company had gotten my e-mail address and why it was messaging me when I had never agreed to receive product promotions.

I called up Caldera spokeswoman Nancy Pomeroy. After much head-scratching, we decided that Caldera must have taken my e-mail address from an OpenLinux 2.3 registration card that I had filled out back in February, and added it to the company's mailing list. When I told her that I was offended, Pomeroy was confused: Surely, she said, I must have realized that Caldera would use my e-mail address to send me notices about new products. Why else would they ask for it?

Why else indeed! I had foolishly thought that Caldera might want my e-mail address so that I would be approved for tech support, or so that if there were a security problem with OpenLinux 2.3 it could have sent me an urgent e-mail. To be honest, I never really considered that it might use my e-mail to send me an advertisement without first asking my permission. I guess I was a little too trusting. I thought legitimate companies would know better than to spam.

Of course, Caldera is not alone. A growing number of companies are using e-mail for direct marketing. These aren't fly-by-night spammers with get-rich-quick schemes or steaming come-ons to hot sex sites. No, these are legitimate businesses -- companies that think they have the right to send me unsolicited mail simply because they have my e-mail address. Consider:

  • In March, I received spam from Sony, which was advertising its new Music Clip MP3 player. I imagine Sony got my e-mail address when I registered my VAIO notebook computer.

  • In early February, I received the Bloom Report No. 3 from KaBloom, a Massachusetts chain of flower shops, inviting me to send a dozen roses for Valentine's Day. I'm not really sure where the company got my e-mail address, and when I tried to find out, KaBloom didn't return my telephone calls.

  • Late last year, I received multiple e-mail messages on the same day from JuniorNet, an online service provider that targets young children. The e-mail was sent to several accounts I haven't actively used in years, and looking at the messages' headers, I discovered that they had been sent out from MessageMedia, a marketing firm in Colorado that specializes in sending bulk e-mail.

    The mail-abuse coordinator from MessageMedia told me that JuniorNet had purchased the e-mail addresses from an electronic mailing list merchant who had assured them that the addresses were voluntarily given names from an opt-in mailing list. When MessageMedia discovered that the addresses on the list were from spam sources, it blacklisted both the list and the supplier.

    I've also received unsolicited e-mail from a Jewish dating service in Washington, a European computer security firm and a variety of other businesses. In some cases the companies got my e-mail address when I registered at a Web site or downloaded software. In other cases the e-mail addresses seem to materialize out of thin air. But in none of the cases did I give these companies permission to send me advertisements.

    We all complain about the inane messages we get from fly-by-night spammers, but as I sift through the contents of my in box, I think the real threats to our electronic mailboxes won't be from shady businesses and unskilled entrepreneurs trying to make a fast buck, but from established businesses that see e-mail marketing as a legitimate tool for finding new customers.

    "We are currently setting up opt-out checkboxes on our online partner/customer/download registration forms," says Caldera's webmaster in an e-mail forwarded to me by Nancy Pomeroy. "I've put it at the top of my team's queue to create an opt-out checkbox on every form on the Web site. We'll make sure that all future e-mail addresses we pull from the master contact database exclude those that opt out from receiving e-mail."

    Unfortunately, this only solves half the problem. It's good for companies like Caldera to create opt-out checkboxes on their Web forms and registration cards, but in the absence of these forms, these companies should completely refrain from sending out advertisements.

    E-mail marketing is a serious threat to the future of the medium. E-mail is cheap to send, and e-mail addresses are plentiful. Imagine how unworkable e-mail will become if, every time you open your mailbox, a few hundred companies that you've bought products from in the past send you a note telling you about their new offerings. What if every time you booked a trip to New York or Dallas or San Francisco, half the restaurants in town e-mailed you a menu and a 20 percent-off coupon?

    One of e-mail's most miraculous characteristics is its ability to bring us casual e-mail messages from long-lost friends, potential business associates or strangers across the globe who saw something we posted and want to make our acquaintance. And spammers exploit this ability to send casual, unbidden e-mail messages.

    Of course, there are technical solutions to help limit the spam you receive. The most effective is to simply block all messages from addresses that aren't on a "white list" of pre-defined correspondents you want to receive e-mail from.

    I'll never put Caldera on my white list, so I'll never get its advertisements. Unfortunately, this also means that I'll never get answers to my tech-support questions. Obviously there's a big downside to such mail management: You'd never hear from any of those long-lost friends or acquaintances in waiting -- or anyone else you'd forgotten to include in your list. Ultimately, white lists and blacklists are no solution to the spam problem.

    Instead, I think that our only salvation from spam will be in the form of strong federal legislation that prohibits sending certain kinds of unsolicited e-mail without prior permission, and that creates statutory damages for those who violate the law. This is the approach that Congress took in the 1960s when a growing number of companies started sending pornographic catalogs through the mail, and it worked. It also worked to stem the tide of junk faxes in the early 1990s.

    Congress should order the Federal Communications Commission to create a nationwide list of people who do not wish to receive junk e-mail. Then it should target pornographers by making it a crime, with a $1,000-per-violation penalty, to send e-mail that advertises a sexually explicit Web site to any of those registered e-mail addresses. If this system works, it could then be expanded to other domains, such as "get rich quick" schemes and eventually to unsolicited advertisements of any kind.

    Without strong legislation, our in boxes will soon resemble a typical Sunday newspaper, with more advertisements than content.


    • By Simson Garfinkel

    "Simson Garfinkel is a frequent contributor to Salon, the Chief Technology Officer of Sandstorm Enterprises, and the Chief Scientist of Broadband2Wireless, Inc."

    MORE FROM Simson Garfinkel

    Related Topics ------------------------------------------