Spam: Technology and Policy for Control of Unsolicited Electronic Communications

Thursday, December 19, 2002 - 6:30pm
Jeff Schiller and Richard M. Smith

Joint meeting with IEEE Computer and Social Implication of Technology Society

Email is clearly the Internet's "killer app" -- now a daily experience for most computer users, and a necessity for business communications -- but the amount of unsolicited e-mail, or "spam", is exploding. The Radicati Group, a market research group in Palo Alto, Calif., estimated earlier this year that 32 percent of the 7.3 billion e-mail messages sent each day were unsolicited commercial messages. In addition to its burden on users who must sort and delete it, as well as corporate IT servers and ISPs who must transport it, spam mail is one of the greatest computer security threats due to HTML content and virus-laden attachments.

The US Congress passed legislation forbidding unsolicited electronic communication soon after the 1989 Tiananmen Square Chinese student uprising, which showed that automatic fax transmission could seriously cripple official government fax communications -- but to date forms of communications other than fax are excluded from this control. With many sources of spam email outside the US, it's questionable whether US legislation and international policy controls could be effective.

Can technology solutions control the flood of spam? How do email addresses enter spam mail lists from browsers, and by address "sniffing", and how can users prevent this? Are filtering methods effective, when based solely on information in headers? When body content is inspected is it correspondingly privacy violated -- should any privacy at all be expected? How is the spam-filtering problem similar to the address "sniffing" problem? How is it similar to surveillance of email and other electronic data transmission on the public Internet? What software and hardware technologies are being developed to support message surveillance and filtering? What technology and policy directions are available to protect both privacy and security of communications?

The speakers at this meeting bring understanding of both technical and policy issues, and practical experience in network security and spam control. They will review of these issues and open a forum for discussion.

This meeting is free and open to the public. A no-host dinner follows. For more information, contact (for CS) Archie Blondin at 617-856-1909 or or (for SIT) Alex Brown (617) 504-8761, or consult or

Lecturer Biography: 

Jeffrey I. Schiller is the network manager for MIT. He is also a Security Architect for MIT's Information Technology Architecture Group (ITAG). He is a founding member of the Internet Privacy Coalition and is the Area Director for Security on the Internet Engineering Steering Group (IESG), the steering group for the Internet Engineering Task Force (IETF).

Richard M. Smith is an Internet consultant based in Cambridge, Massachusetts. He works primarily with the media, policy makers, and law enforcement to interpret Internet technologies. He has more 25 years of experience in the computer software field. He is also the former president of Phar Lap Software and the former Chief Technology Officer of the Privacy Foundation.