Charity caught in anti-spam crossfire

NEWS A religious charity in London recently discovered first-hand the dangers that can accompany new measures to stem the tide of junk email, when the organisation's site was yanked offline without notice. The incident highlights a growing problem on today's Internet: how to ensure that legitimate emails and Web operations are not consigned to the dustbin along with Nigerian money-transfer scams and porn advertisements. The Lutheran Council of Great Britain discovered last week that its site had disappeared, after a user contacted the charity. The council's Internet service provider, Netcetera, said it had received a report of junk email originating from the charity, and had promptly switched the Web site off. What makes the case unusual is that the spam report was filed automatically, without any human intervention, and the ISP took action without investigating whether the claim held water. However, industry observers say Internet users will have to get used to such mistakes, as increased automation is the only way service providers can hope to deal with the current epidemic of junk email, or spam. Mistakes are occurring more frequently. In July, for example, SpamCop listed the main email hub for BT as a spam originator, causing a large number of emails to disappear. In the Lutheran Council's case, the spam report was all the more baffling because it was triggered by a seemingly innocuous email sent upon request to a prospective boarder at the organisation's hostel. The email triggered a response from a service called SpamCop, which is designed to send complaints to the ISP from which spam appears to originate. Still a mystery, however, is how a solicited letter offering a place in a religious hostel could be construed as junk mail. One clue might be that in the past year, as junk email volumes increased 200 percent, spiritual-related mailings were the fastest-growing category. "Any reasonable person would have concluded from the content of the message that this was not spam," said Reverend Tom Bruch, the council's general secretary. When the spam report, which contained the URL of the hostel Web page, reached Netcetera, the site was taken down. Bruch noted that the council still had the ability to send emails as normal. Returning the site to normal operation was more difficult: Netcetera first required the email's intended recipient to confirm that he had asked for the letter. Altogether, the site was offline for about seven days. SpamCop said that the notifications generated for Web site hosts are not intended as conclusive proof that the Web site owner is responsible for spam. "The ISP receiving the report must make a determination as to whether the spam really looks as if it was sent by the Web master," the company says on its Web site. Netcetera sees such reports in a different light, however. The ISP said its policy is to shut down sites reported for spam, and puts the burden on Web site owners to prove that the report is wrong. In any case, most ISPs do not have the option of investigating, according to Matthew Hare, managing director of business Web host Community Internet. "If I were a consumer ISP with tens of thousands of customers, I might not be in a position to do that," he said. Hare said that despite such mishaps, the positive aspects of automated spam tools far outweigh the negatives. "Yes, you get some false positives, but the software on the whole tends to be very effective," he said.

---