Open Letter to Bill Gates

July 28, 2003
 
Mr. Bill Gates
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399

Dear Mr. Gates:

You won't remember me, but I still have the program cover you autographed for me after that late-night discussion session in Chicago at the 1989 NAUG conference.
 
I read with great interest your letter of May 21, 2003, to The Honorable John McCain, Chairman and The Honorable Ernest Hollings, Ranking Member of the U.S. Senate Committee on Commerce, Science and Transportation. In that letter, referring to a hearing on spam, you wrote:
"... would like to take the opportunity to share Microsoft's perspective on this critical e-commerce and consumer issue."
 
To me, the letter offered real promise since you are probably one of three people on this planet who could, in just a few weeks, end 80% of the spam we see today. However, as I continued through the letter I became increasingly disappointed that you weren't actually going to take a decisive stand against spam. Like so many others, you seemed to shift responsibilities to industry and government.
 
Mr. Gates, by taking the same "wait and see" attitude as everyone else, you'll only postpone any real progress -- and if everyone takes that attitude, then nothing will ever get done.
 
In closing your letter, you say that you (Microsoft) "look forward to sharing" your proposals, and to "working with others toward a viable solution."
 
Therefore I would like to share some comments on your letter:

An Independent Authority

In the letter you said:
"Specifically we [Microsoft] support the establishment of an independent trust authority or authorities around the globe that could spearhead industry best practices and serve as an ongoing resource for email certification."
 
I suspect that you realize that solution won't work.
      We already have such an authority, The Internet Corporation for Assigned Names and Numbers (ICANN), which is toothless and ignored. ICANN's policies and regulations for truth in domain registration has become a joke to the spammers -- who continue to open new domains with forged entries, and even use forged accounts to do so. An "independent trust authority" would be a waste of time and taxpayers' money, taking years to establish.

Mechanisms for Identification

Then you said:
"... these authorities could provide mechanisms to identify legitimate email making it easier for consumers and businesses to distinguish wanted mail from unwanted mail."
 
Again, an idea which sounds good in writing, but won't work either.
      As your own MSN has experienced, every "mechanism" lasts only so long as it takes the spammers to establish a counter to the mechanism. Besides, by the time the spam gets to the consumer so they can "distinguish" good from bad, it's too late. The spam has already breached the server to steal precious bandwidth and storage from the ISPs and subscribers. Not only are MSN subscribers getting spam, they're getting spam from MSN subscribers!

Strong Federal Legislation

The premise of your letter seemed to reinforce your statement:
"... in order for self-regulation and technology efforts to be successful they need to be supported by strong federal legislation..."
 
History provides evidence that this too is an invalid asumption.
      If the spammers aren't adhering to existing federal code, it's an invalid asumption they'll pay any attention to new legislation. If you read through the Federal Code, (Try Title 18, Part 1, Chapter 96, Section 1961) you can easily see that most forms of spam are already in violation of some of the strongest legislation in the book. Some spam under Title 18 is serious criminal activity punishable by imprisonment and heavy fines, yet it doesn't seem to deter the spammer. Additionally, there is an ever growning community of spammers outside the borders of the U.S. who are not particularly compelled to abide by anyone's laws, much less American laws.
      Then let's assume for a moment that you do get some strong federal legislation, what then? Litigation? Which ones, and how many do you plan to litigate out of several hundred thousand per hour?

Self-regulation

Several times in the letter you refer to self-regulation as a key to the solution.
      I totally agree. The ISP industry could initiate and successfully implement self-regulation without the aid of Congress or yet more legislation. If they would. And, assuming self-regulation would work, then who is better positioned than you to step up to the plate and take that leadership role? Being one of the "big four" puts Microsof's MSN squarely in the unique and enviable position to actually make it happen.

What will it take? Consider the following:

As one of the big four, MSN establishing the following self-regulatory practices would dramatically reduce spam for MSN users, and bring an undeniable pressure to bear on the other three to join in self-regulation. MSN would enjoy the additional benefits of far less cost, and much faster remedy to the onslaught of spam. Each minute the ROI would improve.
 
1. MSN would cease to allow forged or falsified identities in email or hosting accounts, and would end the practice of blind or free email accounts. This returns accountability to all of MSN's subscriber base.
 
2. A small MSN task force would begin to methodically identify incoming spam, and block the IP/domain of both the entity advertising in the spam, and the IP block from which the spam was sent. MSN users will cease to receive spam from that port, and the web address of the spammer's "offer" would literally cease to exist to all MSN dial-ups, including Microsoft.
 
This is not nearly as severe as it sounds. You see, the first 150 or so to get clamped off would close the prolific off-shore spam engines, server farms and open relays through which some 60% of all spam eminates. These are renegade IP blocks -- close them and your spam flow is immediately curtailed. And there's no one there to complain. Force those spammers to use a legitimate email account at a legitimate ISP so they're now accountable for their mail, or cancelled.
      Basically you start with the worst offenders. You know who they are. Get them out of the way very quickly so you can see immediate results.
 
All those spammers who are knowingly involved in criminal activity would slink off someplace and never be heard from again.
 
If this measure by chance blocks an honest ISP, that ISP would merely contact MSN to remove the block. They accomplish this by a) delivering the spammer's true identity and positive location for prosecution, and/or b) demonstrate to MSN's satisfaction that the open relay or open proxy has been shut down and no more spam will emanate from that port. Upon that eventuality the spammer is gone, and the ROI elevates again.
 
Yes, I've heard the whimpering and moaning of ISPs fearing law suits if they block a domain. But how many times have you heard of a bank robber suing the bank because the vault door won't let them in to rob their customers? Or a child pornographer bringing litigation because you blocked them from sending kiddy-porn to your subscribers? We'd welcome those folks to step forward. What jury is going to side with the penis enlargement scammers? We're not talking First Amendment Rights here, we're talking about Felonies. It's amazing the industry has laid down on this as long as they have.
 
Since this is "self-regulation" MSN establishes the criteria by which UBE is judged. You very quickly separate the valid, legitimate ISPs from those aiding and abetting the spammers. The criminal element can continue to spew forth their filth, but MSN subscribers are no longer even aware of them, and MSN system administrators move on to more productive activities than fielding spam complaints.
 
3. Once AOL, Earthlink and Yahoo see their subscribers jumping ship to get protection through MSN's new self-regulatory initiative, they too would follow the same initiative -- or risk extinction to MSN subscribers.
      If those others in the "big four" followed the initiative, suddenly the industry would be nearly 100% self regulating, because you've effectively protected 75% of the internet from the criminal element. Once the big four are on board, other honest ISPs both inside and outside of the U.S. would have to follow suit or risk extinction to the American internet.
 
Very soon into the program, spam coming to participating ISPs would be reduced to a manageable trickle. Websites of the spammers would no longer exist to any subscriber of any participating ISP, so the threat of a new infestation is eliminated. You no longer have to worry about filters. More importantly, your subscribers no longer have to worry about losing wanted emails because now the only email they get is email they want.

Stepping up to the plate

So you see, Mr. Gates, by stepping up to the plate, and taking a firm stand against spam, rather than expecting someone else to do it, could change the whole outcome of the war against spam.

1. We would no longer need to waste our resources on futile litigation
2. Our legislator's time and tax money would be better spent on really important matters.
3. Smaller ISPs would no longer have to employ extra personnel, buy more expensive equipment or pay huge blackmail money to spam filtering services.

But most importantly of all, consumers -- email users -- would no longer have the unsavory and time consuming chore of plowing through piles of fraudulent scams, porno, viruses, and potentially harmful unsolicited bulk email.
 
Finally, Mr. Gates, I agree completely with the point you so eloquently put forth in the closing of your letter:
"when we solve the spam problem, we will truly be able to offer consumers a trustworthy, safe and more productive email experience."
 
And that's why I'm calling upon you to step on up there to the plate. The world is watching. Take a stand now -- because it's the right thing to do.

Sincerely,

Got comments?