Spam hardly needs an introduction. Anyone with an e-mail account knows the acute frustration of being inundated with offers of pills from virtual pharmacists, financial propositions from Nigerian princes and pictures for fetish sites that really, really shouldn't exist. Spam has even gone beyond e-mail: like kudzu, it adapts to clog whatever online inbox you might choose. On Oct. 30, the social-networking site Facebook won a $711 million judgment against the self-proclaimed "Spam King" Sanford Wallace. Wallace, a professional e-mail marketer from New Hampshire who also likes to be called Spamford, used ill-gotten passwords to surreptitiously log into user accounts for the purpose of sending advertisements to their list of friends. But Wallace isn't alone. Despite myriad legal and technological attempts to combat it, spam will cost firms an estimated $130 billion worldwide in 2009 in lost productivity and technical costs, according to Ferris Research.
Though it wasn't called spam until the 1980s — the term comes from a Monty Python sketch set in a cafeteria, where a crowd of Vikings drowns out the rest of conversation by repeatedly singing the name of the unpopular processed meat — the first unsolicited messages came over the wires as early as 1864, when telegraph lines were used to send dubious investment offers to wealthy Americans. The first modern spam was sent on ARPANET, the military computer network that preceded the Internet. In 1978, a man named Gary Turk sent an e-mail solicitation to 400 people, advertising his line of new computers. (Turk later said his methods proved so unpopular that it would be more than a decade before anyone would try again.) In late 1994, Usenet — a newsgroup precursor to the Internet — was inundated by an advertisement for the immigration-law services of Laurence A. Canter and Martha S. Siegel. Despite the ensuing outcry, the lawyers defended their practice, called their detractors anti–free speech "zealots" and wrote a book about the practice titled How to Make a Fortune on the Information Superhighway. Pandora's Box had been opened.
Now spam comprises the vast majority of e-mail messages sent — 78% of the 210 billion e-mails sent each day, according to one estimate. And 93 billion of these manage to get past the technical defenses like spam filters and blacklists. E-mail programs have gotten smarter, but spammers stay one step ahead, using disposable e-mail addresses and sending messages from farms of different computers around the world to avoid being blocked. The garbled text spammers load their messages with to get past e-mail filters sometimes approaches poetry: sites like spampoetry.org chronicle lines like "Confirm you won fund/ You get it without paying/ Urgent attention"
And that's just e-mail spam. The growth of sites like MySpace and Facebook has opened up a whole new subindustry for spammers, who trick users into surrendering their passwords and then use their accounts to plaster advertisements everywhere. Automated spam programs attack instant-messenger conversations too, randomly generating screen names and sending messages in the hopes they'll find someone on the other end. Bloggers aren't safe, either — makers of the spam-filtering tool Akismet estimate that 93% of comments on all blogs are spam; their software has caught more than 13 billion so far.
With so many different technological avenues for spamming, the best solution might be a legal one. In 2003, the U.S. passed the CAN-SPAM Act, which gives the Federal Trade Commission some regulatory power to curb spammers. CAN-SPAM regulations require that any commercial messages provide a means for recipients to opt out, prevent the modification of e-mail headers to hide the identity of a sender and stop the use of e-mail addresses harvested from the Internet without permission. Still, there's a very clear loophole: nowhere in the CAN-SPAM regulations does it say that spammers need your permission to send you an e-mail.
High-profile judgments like the one against Wallace are the exception to the rule; the majority of spammers go undiscovered and unpunished. Wallace, who already had a $230 million judgment levied against him in a case brought by MySpace last year, has already filed for bankruptcy; the judge in the Facebook case referred the Spam King to federal court to face additional charges, which could carry a prison sentence. The penalties combined are by far the largest ever for spamming — Facebook won an $873 million judgment against a spammer in 2008 that is the largest single penalty — but it's unlikely to prove much of a deterrent. With busts so few and far between, the overwhelming majority of spam messages (some estimate as high as 99.8%) don't comply with CAN-SPAM. And trade groups like the Direct Marketers Association are already trying to weaken CAN-SPAM's regulations. Absent new legislation or divine intervention, expect spam to remain the Internet's greatest annoyance.