Comment 003 - Robert E. Mass

Comments of Robert E. Mass

Session 2 -- Consumer Information Privacy - P954807

UCE should be completely forbidden (outlawed). I pay money for an account on this Unix computer, including a personal mailbox, and the purpose of my account and my mailbox is for my personal use, which includes receiving e-mail from individuals wishing to comment on something I've said and thereby begin a personal dialog with me on some topic of common interest, but does NOT include receiving commercial advertisements from any source whatsoever. Those advertisements are a terrible annoyance, and consumption of my time to track down where to complain and to attempt to filter out future such advertisements. If I don't spend the time to complain vehemently about each advertisement that intrudes in my mailbox, and to set up filters to block e-mail from any host or service provider that allows its users to abuse me with such advertisements, then the amount of commercial litter in my mailbox grows exponentially. But it takes at least an hour to research the source of each advertisement that I receive and to then file the appropriate complaints with the administration of the computer system that was the source of the advertisement. Recently this has forced me to spend an average of two to three hours per day defending myself against such advertisements. Nobody is paying me for all that time I must spend, and I strongly resent the dilemma of spending all that time for defense against UCE or allowing the UCE to increase exponentially to where I get a hundred times as much UCE as all my other e-mail combined.

2.16 How widespread is the practice of sending unsolicited commercial e-mail?

It got so bad several months that a whole new Usenet newsgroup was set up just for that one topic: news.admin.net-abuse.email (for all topics about abuse using e-mail, but virtually all traffic on the newsgroup, is in regard to UCE). Since then, the volume of UCE has increased threefold.

To avoid advertisers who indiscriminately collect e-mail addresses from Usenet articles, a large number of people have found it necessary to use deliberately obscured e-mail addresses when posting. For example, a person whose address is actually joe@easynet.com might post using the address joe@easynet.NO.COMMERCIAL.EMAIL.com (this example is hypothetical to illustrate the method; see the newsgroup for many actual examples). Anyone collecting that address into a commercial advertising list would have to manually edit it to remove the middle part, and most advertisers don't bother to do that. They prefer to run software that automatically collects a million addresses, and then mass-mail to all those addresses, ignoring any unable-to-deliver messages, then collect another million and mass-mail to them, etc. without ever bothering to check for correctness of the addresses, and without spending any manual labor to eliminate obviously incorrect addresses.

Unfortunately these deliberately obscured addresses cause legitimate e-mail responses to fail, causing legitimate responders to have to spend their time figuring out why the posted address didn't work and then reconstructing the correct address and re-sending the failed e-mail to that address. This greatly increases the hassle involved in legitimate use of the net. Also, these deliberately obscured addresses make it nearly impossible to use services such as DejaNews to find articles that a particular person posted, because DejaNews indexes articles under the address that was actually used rather than the correct address.

Are privacy or other consumer interests implicated by this practice?

The major privacy issue is the right NOT to be harassed repeatedly by hoards of strangers. A person should be allowed to leave their home, whether physically out the front door, or virtually over a modem into a computer network, and chat with other people of like interest, without being constantly harassed by strangers wishing to coerce the person into listing to unlimited amounts of commercial advertisements. The constant harassment every time somebody leaves ones home makes people afraid to go out at all, forcing them to hide in their homes shut off from the rest of the world both physically and virtually.

What are the sources of e-mail addresses used for this purpose?

Computer programs have been written that scan Usenet newsfeeds extracting the From: field from each article and creating a list of all such addresses found. These lists of addresses are then alphabetized and duplicates eliminated, then the resultant lists of addresses are sold to others for inappropriate purposes (mass mailing of commercial advertisements, usually to several million addresses at a time). Several of the UCE that I've personally received were in fact advertisements for the software to collect names from Usenet newsfeeds to make such a mailing list.

2.17 What are the risks and benefits, to both consumers and commercial entities, of unsolicited commercial e-mail?

The advertisers get the advantage of virtually free collection of private mailbox addresses and virtually free mass-mailing, at the cost of the recipient. This has been compared to "postage-due" advertising. Unlike regular mail where the recipient of a postage-due letter or card has a chance to inspect the envelope before deciding whether to pay the postage or refuse the mail, the recipient of UCE has already paid for the cost of receiving the mail before that recipient gets a chance to see what it is and whether its wanted or not. (This postage-due aspect applies to users of commercial services which charge per message received, to users which have a limit on the amount of e-mail they can receive each month and any additional e-mail costs extra or is rejected, and to users who use SLIP or PPP connections whereby e-mail goes all the way to their home computer automatically before they have a chance to see what it is, so they must pay for the cost of the time it takes to go over the modem to their home even if it isn't anything they want.) Recipients of UCE get no advantage whatsoever, and must pay the cost in money and/or their personal time.

What are consumers' perceptions, knowledge, and expectations regarding the risks and benefits of unsolicited commercial e-mail?

I do not pay $15 per month for an account where I'll be forced to receive unlimited amounts of commercial advertisements, and I strongly resent the advertisers attempting to mis-use my personal e-mailbox for their purposes.

2.18 What costs does unsolicited commercial e-mail impose on consumers or others?

For myself, it costs an immense amount of my personal time, either spending at least an hour per UCE to investigate where it came from and filing a complaint to the appropriate system administrators and updating a filter to refuse all e-mail that ever again arrives from that particular host or address block, which then means I cannot receive legitimate e-mail from that source, diminishing the value of my account. The alternative is not taking any action to defend against UCE, and as a result being totally deluged with UCE such that my account would be totally unusable. For other users who pay for each message or who pay for online time by the minute, it greatly increases their cost while diminishing the value they obtain.

Are there available means of avoiding or limiting such costs?

No. It doesn't do any good to ask to be removed from a mailing list because most advertisement mass-mailers ignore all such requests, and meanwhile their automatic software notes that you responded (even though your response was in the negative) and so your address is verified as a valid address so they move your address from the brand-new-address list to the confirmed-address list which they then sell to other advertisers at a higher price. It doesn't even do much good to complain such that the host of the advertiser revokes that abuser's access, because the advertiser just goes to another service provider and gets another account and abuses again. Some abusers even get new accounts before their old ones have been terminated so they can immediately switch to the new account the moment they have been terminated from their old account.

2.19 Are there technological developments that might serve the interests of consumers who prefer not to receive unsolicited commercial e-mail?

The only tool available currently is filters such as 'procmail' which allow a consumer to block all e-mail that has particular characteristics in the header, such as being from a particular e-mail address or from a particular InterNet host which typically hosts advertisers, but such filters aren't very effective because many advertisers are switching from one service provider to another on a weekly basis so that any filter against one e-mail address or even one host becomes obsolete within a week and the UCE from the new host bypasses the filter. As a result it takes time each week to update the filter to catch the new addresses used this week. The only good such a filter does is if the same advertiser uses the same address repeatedly, and currently there are very few such advertisers, so such filters aren't of much use when applied against individual mass-mail advertisers.

I've decided the only way to defend myself against UCE is to filter out e-mail from an entire host whenever that host has allowed any of its users to send me UCE even once, and to filter out e-mail from an entire address block of hundreds of hosts whenever two or more hosts within that block have allowed their users to send me UCE. As a result I've been forced to set up procmail to refuse e-mail from the entire AT&T (American Telephone and Telegraph) WorldNet, and from all of CompuServe, and from several major address blocks owned by Sprint and MCI and UUNET, and from the entire class-A network number 38 owned by PSI. Shunning such a large amount of InterNet, so I can't receive e-mail from any users using any of those services, greatly diminishes the value of my e-mail account, but the only alternative is having no defense whatsoever against being flooded with UCE.

2.20 How many commercial entities have implemented the Principles for Unsolicited Marketing E-mail presented at the June 1996 Workshop by the Direct Marketing Association and the Interactive Services Association?

The URL of your WWW page inviting comments was posted to news.admin.net-abuse.email just a day or two ago. This is the first I've heard of any of your workshops on the topic of UCE. It would have been nice if you had posted something to news.admin.net-abuse.misc (which existed before the more specific news.admin.net-abuse.email was created just this last Winter) last March or April when the problem of UCE first became bad enough to seriously interfere with our enjoyment of the net, and if you had invited comments at this time. But even so, I'd like to read what was presented last June. Would you please tell me the URL where I can find the information you referred to just there, the "Principles for Unsolicited Marketing E-mail"?