Sure, spam is bad, and I’d like to get rid of it, too, but not at the cost of having ISPs and governments required to discard my mail based on content. That last is basically what a new ITU report, Stemming the International Tide of Spam seems to recommend.

The root problem with all such recommendations is their insistence on defining spam as commercial. I get spam from religious organizations, spam in languages I don’t even read, and, worst of all, spam from politicians. Spam is unsolicited bulk electronic mail. Confusing content with spam is, and has always been, a big mistake. If you let content leak into your definition of spam, quickly you’re into censorship and first amendment territory.

Not to mention, content filters mostly don’t work very well. Bayesian filters were pretty good for a while, but now spammers have caught on and simply generate text that passes the filters.

If you detect spam based on sending in bulk, then you’ve only got the question of whether it was solicited or not, which, while it can be difficult in principle to deal with, is in practice much less of a problem than interpreting the content of messages. The latter has maybe even more problems that it might appear.

The ITU bills its recommendation as

a more effective approach would be to require the establishment of enforceable codes of conduct by internet service providers (ISPs).

Well, that might have its own problems. Legal problems for the ISPs, that is:

RIPA, CALEA and their counterparts limit the government’s ability to intercept data to protect the individual’s right to privacy against “unreasonable government intrusion”. Spam and malware detection is covered for private networks, so companies who operate an enterprise anti-spam solution are in the clear, as are managed security service providers (MSSPs) who offer outsourced e-mail cleaning for enterprises. But no such exemptions apply to "public" networks, and that’s where ISPs need a bit of interpretive help from government. For example, it’s perfectly reasonable to say that a single ISP’s network is a private network that happens to be connected to the Internet. But this particular defense hasn’t yet been tested by law.

Blanket Insecurity: Spam Law Imitates ‘Yes, Prime Minister’ Geoff Bennett, Darkreading 30 May 2006

So the ITU’s actions could be interpreted as incitement to illegal behavior.

Which wouldn’t be nearly so much the case if the ITU’s recommendation didn’t confuse content with spam.

I think it would be good risk management to stem the international tide of bad spam laws.

-jsq

PS: Thanks to Wendy Nather for this one.