Home > Articles > Anti-spam research center > Do-not-spam lists are suicidal Bookmark Article
Do-not-spam lists are suicidal

This article was written in response to "Why do-not-spam lists are a bad idea" by David Berlind the executive editor ZDNet.  Mr. Berlind is an intelligent voice in the media and a leader in the fight against spam.  He has done many outstanding pieces in the past on the issue of spam and is definitely worth your time reading.

As you probably already know, the “Do-not-call list” to solve the problem of telemarketers is a huge success and is becoming extremely popular.  However, because of it’s popularity it is spawning the email equivalent list of “Do-not-email”.  Sen. Schumer has introduced just such a bill at the national level (backed by ePrivacyGroup CEO Vincent Schiavone) and Michigan has already passed such a state law last month.  Only one phrase can describe this phenomenon, the road to hell is paved with good intentions.  What you have is a bunch of politicians and "experts" who have no fundamental understanding of the problem of spam.  While I whole heartedly support the idea of a "Do not call" list, a "Do not email" list is tantamount to mailbox suicide.  Unfortunately, the "experts" and politicians (with power to act and hoping to capitalize on the popularity of the recent "Do-not-call list") may unwittingly unleash a flood of the worst kind of spam to people who signed up hoping for a "cure" and instead receive poison.

To the layman on the street, this is a no brainer!  Ask bulk mailers to stop emailing me, and they will stop mailing me so sign me up!  Well there is a huge problem with this "logic", the bulk mailers that would honor this list were never a problem to begin with.  Honor being the key word here, those folks already have valid reply to addresses and would stop emailing you the minute you asked them to, and most of them probably wouldn't have started e-mailing you in the first place unless you had asked them to.  If this were the end of it, this would mostly be an exercise in formality to officialize how reputable bulk mailers already behave.  But this is not the end of it, this is where the nightmare begins.  One simply needs to scan their spam for a minute to conclude that the bulk of their spam is comprised of "get X quick" where X equals, rich, sex, erections, girls, thin, healthy, bigger reproductive organs, and so on and so on.  Spam equals scams, and has absolutely nothing to do with legitimate bulk mailers.

According to the proponents of the do-not-spam list, this list is only going to be for the "legitimate" mailers.  As Mr. Berlind pointed out in his column, what in the world is "legitimate"?  Assuming that such a thing could even be defined let alone exist, it is an undeniable fact that it is utterly impossible to enforce a secret when there are more than two people involved.  All it takes is one leak and you would have no way of determining where that leak came from.  At that point, Pandora's box will open and the scammers of the world will rejoice.  It will give new meaning to the world mail bomb, and the most vulgar, most conniving, and most malicious email will flood those wishing to protect them selves.

Spam under the current SMTP email protocol will never be stopped.  A "Do not call" list is easily enforced because you cannot easily spoof the source of your telephone call.  Phone calls are expensive and mass callings cannot be perpetrated by one man operations.  Bulk email on the other hand can be perpetrated by anyone with a computer and TCP/IP access.  Email is based on the honor system, you can send email as any identity you wish to assume, and contrary to popular belief (even by the experts), you DON'T need an open or compromised SMTP server to send spam.  Any Linux or Windows machine can run it's own SMTP server, and even tiny 10 kilobyte viruses can contain their own SMTP server.  From that point on, all you need is outbound TCP port 25 and you can spam away with impunity.  You can even do "drive by" spamming where you find any unsecured or open wireless network and dump 100,000 pieces of spam in a few hours and drive off without a trace.  Never mind being off shore when you are virtually immune from detection or prosecution anywhere on the planet.  Spam is a technological problem, not a political one.

I sincerely hope that Sen. Schumer and Mr. Schiavone would reconsider their support for such a Do-not-spam list, because it is in the best interest of their constituents and Country.  If I may borrow Mr. Blair's phrase, history will not for give Sen. Schumer and it will be even less likely to forgive ePrivacyGroup and it's CEO, a company that is suppose to promote privacy and not destroy it.  It is absolutely crucial that we can get them to see the light before it is too late because if this list becomes law, it will be impossible to explain to the masses not to sign up for it.

George Ou