The biggest problem with spam may not be so much the people that send it out as much as all the people that let spammers compromise their systems to forward spam to everybody else.
A recent report from the folks at Commtouch, which provides alert services to security vendors, shows that on average 355,000 zombies were newly activated each day for the purpose of distributing malware.
If the government came to you and set that each day you're fellow citizens were using the U.S. Postal System to forward junk mail to you there would be a fair amount of outrage. But because most people don't equate the lack of good sanitary computer practices with all the spam they get they are generally blissfully unaware of the role that they and their fellow citizens play in sending around spam.
They are also blissfully unaware that a lot of this spam is being used to not only deliver unsolicited offers but to also distribute malicious code that steals sensitive data. The question that all this brings up is who is liable for all this activity. Obviously, the people who created the spam are engaged in a criminal activity. But if individuals and corporations fail to take any steps to secure their systems from being turned into zombies are they not partially culpable? And if the Internet service providers take no steps to help people identify what systems have been compromises are they not complicit in aiding and abetting a crime? For instance, there is a new hole in GMail that could have some significant spam reprecussions.
A public relations campaign aimed at educating everybody on the role they play in maintaining the collective security of the Internet might not be a bad idea. Unfortunately, it's usually the prospect of being sued that gets people to start paying attention to these types of issues. The question is who is going to file such a suit and what legal responsibility is a jurist going to attach to all the guilty parties that make up the chain of spam that today clogs a public resource.
Maybe the first step is for somebody in Congress to initiate a series of public hearings that might be a good first step to first drawing more attention to the problem and then creating legislation to deal with the issue. From there, the executive branch could then more aggressively go after the spammers in the U.S. and then start working with various foreign governments and international agencies to start going after the spammers outside of the U.S.
Like all great journeys the fight against spam needs to start with the first step at home. Securing systems against zombies would go a very long way to eliminating a lot of problem so the next time you complain about spam take a good long look in the mirror and ask yourself what you're doing to help prevent its spread.