This week, Stephen Ibaraki, I.S.P., has an
exclusive interview with the internationally renowned attorney and anti-spam
authority, Anne P. Mitchell Esq., President and CEO of the Institute for Spam
and Internet Public Policy (ISIPP).
As an original founder of Habeas Inc., Anne
Mitchell served as President and CEO through its first year, establishing
Habeas as an industry leader and changing the face of whitelisting of
legitimate email. In addition, she served as the Director of Legal and Public
Affairs for Mail Abuse Prevention System, one of the original and most
well-respected anti-spam services on the Internet. Anne has actively consulted
on legislative anti-spam issues on a state and national level. Mitchell is a
graduate of Stanford Law School, a Professor of Law at Lincoln Law School of San Jose, and a member
of the California Bar.
Moreover, together with serving on the
Asilomar Microcomputer Workshop Planning Committee, Anne is advisor for Kinar
Secure Email, Relemail Email Privacy Certification, and Virus Bulletin.
Q: Anne, you are a pioneer in anti-spam
legislation and your work is having a significant impact worldwide. We
appreciate you taking the time to do this interview—thank you.
A: Thank you so much for inviting me back!
Q: How would you position yourself in the
area of Spam—some have wanted you to take even a harder stance?
A: There are always people on the edges of these sorts of issues. They help to define not only the fringe, but
the middle ground as well. On the one
hand, we have the strident anti-spammers, who believe that no email which was
not affirmatively requested should ever be sent or delivered. On the other hand, we have people who believe
that nobody has a right to stop anything they send from being delivered -
wanted or otherwise.
My own position encompasses the positions both
left and right of center which, as it happens, are essentially the mirror
counterparts to each other. It turns out
that the vast majority of both senders and receivers want the same thing: for users to get email that they want and to
not get email that they don’t want.
Q: You have achieved a milestone as one of
the most significant figures in Spam. Where do you go from here?
A: Gosh Stephen, I wouldn’t position myself that way, but I’m very
flattered, thank you.
My focus for now is to continue doing what
I do best – bringing both sides to the table, translating and facilitating
dialogue and discourse, and advising policy makers in both the public and
Q: Can you describe what you have learned
from each of your advisory roles and where do you see their impact in the
A: The theme which runs consistent and unchanging is that it is primarily,
if not only, the technically savvy minority who understand just how big the
threats are on the Internet today. The
vast majority of people, and especially the typical end user, just have no
grasp of not only what is out there, but what is inside, on their computer,
right at this very moment. Current
estimates are that as many as 80% of all Internet-connected PCs are infested
with viruses, spyware, Trojans, and the like. 80%! That’s astounding! And again, facilitating communication –
explaining the positions and concerns which each party has, is what I bring to
Q: What is the future direction for EDAPP,
the e-mail deliverability product from Will Bontrager, of MasterCGI and
At this time EDAPP is on the back burner.
Q: What is the status of anti-spam
legislation and how should it evolve? How will it be changed or updated?
A: Speaking directly to United States legislation, it’s been slightly more
than a year since CAN-SPAM went into effect, and slowly but surely we are seeing
both our Federal agencies and our national ISPs go after more and bigger spam
operations. The Federal wheels turn
slowly, but they do turn. And they are
turning in the right direction. The
Federal Trade Commission is working on clarifying and refining some of the
language, a responsibility with which they were tasked by the language of
CAN-SPAM itself. But all the laws in the
world aren’t, on their own, going to deal spam the death blow. Nor is technology or user education. All three have to be brought to bear in a
concerted effort by all stakeholders.
Q: What are your suggested best practices
for handling, managing and filtering SPAM? Where do you see this going in the
A: First, and foremost, if you are an ISP it is paramount that you don’t
ever throw away any email which is addressed to your users, unless you have made
it abundantly clear that that is your policy, and you have taken adequate
precautions to minimize false positives (good email being accidentally
identified as spam) to the fullest extent. I can’t emphasize strongly enough that throwing away wanted email is one
of the worst things you can do in the name of anti-spam efforts as an ISP.
Second, it is imperative that you have it clear
in your organizational mindset just what exactly you consider to be spam. We can all agree that email hawking herbal
Viagra or weight loss products is spam. But once you dispense with that sort of email, there is a huge fuzzy
area, and if you don’t have clear in your mind what you consider to be
acceptable and what isn’t, then you’ll never be able to deal with the corner
cases. More importantly, you’ll never be
able to convey to people who are trying to send email to your system, or even
to convey to your own users, what is acceptable and what isn’t.
Q: Can you talk more
about SPF, endorsed by Meng
Weng Wong, one of the founders of POBox.com?
A: I’m really not in a position to talk intimately about SPF at this
time. What I can say is that there is
definitely a need for a functioning email authentication system, and that all
of the current proposals have their advantages and their disadvantages. Our email sender accreditation database, the
IADB, recognizes publication of any of the current systems, including SPF and
Q: What would be your specific
recommendations on getting involved in legislative efforts? (How can one get
involved; what resources should they use or leverage?)
A: Of course, this differs from country to country and within countries,
from province to province or state to state. And it depends on what you are most primarily interested (spam, spyware,
privacy, consumer protection, ISP or business protection, etc.). For someone in the United States I would recommend contacting your state and federal representatives
and also the state attorney general’s office, and asking them what you can do
to get involved. There is a lot of
opportunity right now for knowledgeable citizens to get involved on a citizen’s
advisory level, including with federal agencies.
Q: Can you describe your work with Sen.
McCain's office and with California Senators, Bowen and Murray? What have you
learned from the experiences?
A: In my experience the average legislator starts out having little, if any
more knowledge of these issues than does the average end-user. They rely on their staffers to research the
issues and then to brief their boss (the legislator). So a legislator’s grasp
and understanding of the issues is only as good as their staff’s
understanding. This is where both people
in the industry and other clued-in citizens can really make a difference, both
by meeting with the staffers and providing them with relevant information, and
by meeting with the legislators themselves.
It is also critical to understand that
legislators are almost always being pulled in many different directions on any
one issue, and that each of their constituents, with their myriad concerns and
competing interests, have valid points which need to be considered during the
drafting or revision of any law. So
anger, hostility, or even just righteous indignation, isn’t going to get you
very far. Calm, rational, reasoned,
informed and articulate discourse will get you much further.
Q: (1) Can you comment on the future
outcomes developing from the cross-industry Email Processing Industry Alliance
(2) Any future updates to the Email
Deliverability Database (EDDB), which provides both senders and receivers the
ability to register with the database, and instantly find the contact
information up to the highest levels for participating providers and senders?
(3) What are the outcomes from conferences
such as the one for "International Spam Laws and Public Policies"?
A: I’d like to address the three questions together, as each of these is
but one aspect of our ongoing program to bring together both senders and
receivers, and to facilitate communications leading to cross-industry
cooperation in ensuring both that bad email (spam) does not get delivered, and
that good, wanted email does get delivered.
The EPIA’s primary function was to bring
these to groups together on a regular basis, and the EDDB’s to provide a way
for them to communicate quickly with each other on a one-to-one ad hoc
basis. While the EDDB is still up and
running, the vast majority of email senders now have someone on their full-time
staff, often a manager or director of ISP relations, whose job it is to manage
the sender-receiver relationship with their counterpart on the receiving
side. Our highly successful conference
program has essentially taken the place of the EPIA. We bring together all of
the same people twice-yearly with the added benefit of bringing in speakers
from all walks of the industries to talk about industry issues ranging from
technical to legal to practical.
Q: Why do you consider the ISIPP site as
one of the best resources in this area (http://www.isipp.com)?
A: Because we are the one organization which provides the services which we
do, including an email sender’s accreditation program, which is truly
neutral. Receivers (such as ISPs and
spam filtering companies), and senders (such as email service providers), both
know and trust us and know that what we care about is helping them to get rid
of the spam and to get good mail through. We’ll help you do that whether you
are a Fortune 500 company or a mom and pop newsletter. We have no other agenda, we are not beholden
to investors or stock holders – we’re here to help.
Q: Give one example of a major challenge in
the last six months and how it was resolved?
A: Getting email senders and receivers to understand that the IADB (our
email senders’ accreditation program) is not a typical whitelist such as they
were used to – where the receiver blindly accepts email from whomever is on the
list because the list maintainer says that they should. It is a much more
sophisticated product which provides factual information about a sender’s email
practices and policies, such as what level of opt-in they use when building a
list, to what industry standards they adhere to, etc., allowing each receiver
to custom tailor the most useful information to them. The challenge was primarily one of novelty
and a matter of explaining the paradigm shift. Now that they understand how practical and powerful this model is, they
Q: Now, share a surprising or amazing event
within the past six months?
A: Almost as soon as our July conference was over, we found ourselves
deluged with companies and individuals contacting us, wanting a speaking
opportunity at our next conference. We
not only didn’t have to go looking for speakers for our next conference, but we
had to turn speakers away! And all of
them supremely qualified, highly-placed executives and legal
professionals. It was, and is,
Q: One of your most significant
achievements is the drafting and adoption of the Advertiser Accountability
Amendment to the Burns-Wyden bill, and the subsequent unanimous passage of
Burns-Wyden in the Senate. Can you detail the impact this will have?
A: First, I wouldn’t say that it was one of my achievements. I was very honoured when Sen. McCain’s office
called me and sought my opinion and input on what ultimately became the McCain
amendment and the language of the amendment, but it was their achievement, not
mine. Of course I was thrilled when I
heard that it was unanimously passed out of committee!
Advertiser accountability is huge, and an
incredibly powerful leverage for law enforcement to have. I am constantly amazed that the press and the
industries haven’t picked up on this ‘gotcha’ more than they have. Basically, if you advertise in spam, even if
you aren’t the one who presses “send”, you are on the hook and legally
liable. As I said, it’s huge. The Federal Trade Commission has recently
used it in one of their cases and I’m sure that we’ll be seeing more of it as
time goes by.
Q: Here is where we turn it around. Pick
five topic areas of your choosing and provide commentary.
A: Area 1:
According to a
survey recently reported in CNN, forty people in one thousand admit to buying
something from spam. Forty out of one
thousand! Think about how much spam is
sent. And that’s why! What are these people thinking! Don’t buy products that are advertised in
End users still have a real “it won’t
happen to me” attitude about things like their computers being infected with
spyware, hijacked to send spam, etc. Well guess what, it almost certainly already has happened to
you. As I mentioned earlier, as many as
80% of all PCs connected to the Internet are infected with some form of
malicious ware and the number grows every day. If you have a PC online, you are either already infected or you are
going to be infected, it’s that simple. Keep your virus and anti-spyware software current!
Keep up-to-date on current issues relating
to computer and Internet use. For
obvious reasons, we recommend the Aunty Spam site (http://www.AuntySpam.info), but there are
lots of other good sites around. Examples of current issues, just from this week’s Aunty Spam articles,
include evil twin WIFI hotspots, geolocation by IP address, and Bluetooth
If you have or are going to have a mailing
list – any type of mailing list at all – for goodness sake, don’t put people on
it without their express permission! We
have a name for people who do that: “spammer”.
At the end of the day, try to keep
everything in perspective. These are
issues and an area of policy where emotions and opinions run high. Yes, these issues are serious and yes it’s
important, but it’s not the most important thing in either the world or,
hopefully, your life. Those places are
reserved for your children, your family and your friends – the people whose
lives you touch and who touch yours. Nobody’s final words were ever “I wish I’d gotten rid of more spam.”
Q: Anne, it is such a privilege to discuss
these issues with you. You are one of most significant figures of our time and
we thank you for sharing your deep insights, considerable wisdom, and talents
with our audience.
A: And again, thank you Stephen for inviting me back. I’m very honoured, and it’s always a