Given at a Full Committee Hearing:
Thursday, May 20 2004 - 10:15 AM - SR - 253
The Testimony of Mr. Ted Leonsis
Vice Chairman, America Online, Inc., and President, AOL Core Service
McCain, Senator Hollings, and Members of the Committee, my name
is Ted Leonsis, and I am Vice Chairman of America Online,
Inc. and President of the AOL Core Service. I appreciate the
opportunity to testify before the Committee on the issue of
e-mail, or “spam.” I testified before this Committee
last year on this matter, and I am grateful for the Committee’s
continued attention to this important issue.
At this time last year, it appeared that the onslaught of spam
was growing exponentially in a manner that threatened the vitality
of Internet networks. Surveys at that time indicated that spam
was doubling in overall volume every 4-6 months. We asked for your
help in passing strong legislation that would help us target spammers
and curb their ability to abuse our network and our users.
we are grateful that you and your colleagues responded to this
Thanks to Senator Burns, Senator Wyden, and other
key Members of this Committee, a new federal law known as the “CAN-SPAM
Act” has provided some important enforcement tools in the
fight against spam, as well as a heightened awareness of the need
for cooperation between industry and government in the fight against
spam. Where are we one year later? Have we made any progress in
reducing spam and restoring the integrity of the online experience?
continues to be a huge problem facing Internet users and Internet
providers (ISPs), I believe that there have
been significant developments in fighting spam over the past year,
in the areas of legislation, enforcement, and technology. Although
we still have much more work to do, I believe that we have made
substantial progress in combating spam. I would like to describe
some of the steps that we, along with our partners in government
and industry, have taken in recent months to address the spam problem,
and the results that we are seeing from some of these initiatives.
AOL has continued to devote significant resources to the battle
against spam over the past year. We have a team of anti-spam fighters
on call 24x7 to fight spammers’ varied and changing tactics.
We have worked continuously to adapt the strong technologies on
our network to block and filter spam, and we have launched an awareness
campaign to provide our members with important consumer safety
tips that can help them reduce spam and improve the security of
their online experience.
Since the hearing
last year, AOL has introduced new tools in the 9.0 version of
software to help our members, both in the U.S.
and internationally, reduce spam to their inbox. AOL’s Mail
Controls allow our members to block e-mail from specific mail addresses
or entire domains, or to create a “permit list” of
addresses from which they will accept mail. Our adaptive spam filters
allow members to personalize their spam blocking experience, based
on specific words or types of e-mails that they do not wish to
receive. And we have included a feature that blocks images and
Web links from displaying in e-mails from unknown senders unless
a member chooses to see them.
in AOL 9.0 is our “spam folder” feature.
Beginning in October of 2003, AOL began transferring e-mail messages
with characteristics indicating that the e-mail was likely to be
spam to the “spam folder.” This feature separates spam
from the user inbox and allows the recipient to view such messages
in a separate folder, or not view them at all. Between our spam
folder and our anti-spam filters, we are now keeping up to 2.5
billion pieces of unwanted mail per day out of our members’ inboxes.
We are pleased
that there has been a downward trend in the amount of spam in
members’ inboxes, which we believe is based
primarily on our technical countermeasures and new product features.
We believe that our members’ experience with spam is improving,
based on information gathered through customer satisfaction surveys,
as well as the number of complaints we are receiving through our
popular “Report Spam” feature. However, even though
subscribers to the AOL service may now be experiencing less spam
in their inbox, the total volume of spam that senders attempt to
deliver to our networks has not decreased. Spammers are continuing
to attack the AOL network, and spam is still a major problem for
online users and ISPs.
I testified that it is our belief that a large part of the overall
is caused by “outlaw spammers,” those
who engage in fraudulent tactics such as hiding their true identity
or the true source of their messages. We believe that outlaw spammers
continue to be responsible for the great majority of the spam problem
that consumers and ISPs face today.
The “outlaw” spam
problem includes: 1) e-mail that is sent using falsified means
of technical transmission; 2) e-mail
sent using hacked e-mail accounts; and 3) e-mail sent by spammers
who intentionally abuse legitimate e-mail service providers by
registering for multiple e-mail accounts or Internet domain names
using a false identity for the sole purpose of transmitting spam.
that more than 80% of the current spam problem comes from other
hosting companies that are infested with viruses.
These software viruses, or “trojans” as we refer to
them, typically make their way onto machines via vulnerabilities
in end-user software and the absence of firewalls or anti-virus
software. These viruses/trojans infect users’ computers without
their knowledge and allow spammers to use the infected machines
to initiate or relay spam. We believe that most of the viruses/trojans
are developed by the spammers themselves or hackers being paid
we supported the CAN-SPAM Act because it offered critical tools
to ISPs and
law enforcement to deter “outlaw” spam
by imposing strict penalties on spammers who engage in techniques
of fraud and falsification. Now that these tools are being utilized,
we are optimistic that this new law will produce some positive
results. Developing criminal cases against spammers and preparing
civil litigation against them take time. However, we and our ISP
colleagues, as well as the Federal Trade Commission and Department
of Justice, have announced major actions in the months following
enactment of CAN-SPAM. Several recent announcements provide a glimpse
of the significant efforts underway in this regard:
In March of
this year, AOL, Earthlink, Microsoft, and Yahoo! announced the
filing of the first major industry lawsuits under
the CAN-SPAM Act. The country’s four leading e-mail and Internet
service providers filed six lawsuits against hundreds of defendants,
including some of the nation’s most notorious large-scale
Similarly, the FTC, DOJ, and U.S. Postal Service made a major
announcement at the end of April of its first set of enforcement
actions using the CAN-SPAM Act against two spam operations that
the FTC had found to have clogged the Internet with millions of
deceptive messages in violation of CAN-SPAM and other federal laws.
AOL was pleased to cooperate in these investigations, and we look
forward to continued cooperation with both the FTC and DOJ on other
spam enforcement cases.
AOL is pursuing
other civil actions aggressively, and is also expanding its cooperation
with state law enforcement to assist
them in prosecuting spammers. In December of 2003, AOL collaborated
with Virginia Attorney General Jerry Kilgore and others to announce
the first-ever indictments under Virginia’s tough, new anti-spam
statute. Two out-of-state spammers from North Carolina who stand
accused of spamming AOL members could face jail time, asset forfeiture,
and monetary penalties in these cases.
Thanks to the attention and efforts of lawmakers on this issue
last year, new legislation like the CAN-SPAM Act has spurred increased
enforcement initiatives by ISPs and government. We are also seeing
the level of enforcement on the rise in Europe, with the FTC cooperating
with European agencies to bring legal action against spammers.
We are continuing
to work with state lawmakers to support legislation to reduce “outlaw” spam.
We are delighted that Maryland has passed a criminal spam law
modeled on the criminal provisions
of CAN-SPAM and that other states, including New Jersey and Ohio,
are likely to follow suit later this year. These legislative initiatives
show increasing recognition that the spam problem can best be addressed
by providing specific enforcement tools that can be used to pursue
outlaw spammers who engage in fraud and deception.
in order to radically reduce spam, we must know who the senders
could not do what they do without hiding
behind false names, trojan horses, and the like. That’s why,
in addition to enforcement and legislation, we are excited about
the development of promising new technological advancements focused
on authentication of senders. These technologies would allow ISPs
to identify e-mail in order to prevent spam from entering our networks.
A variety of different technologies and approaches are now being
tested, all with the same goal of eliminating spam. AOL is participating
in a number of working groups to discuss the development and application
of new industry standard technologies for email identity.
Specific technologies that appear promising are SPF (Sender Permitted
From), CallerID, and DomainKeys, as well as variations or combinations
of these approaches. These technologies aim to reduce the domain
name spoofing that is central to many forms of spam by confirming
that an email is actually coming from the domain it claims to be
from. The Internet Engineering Task Force (IETF), which is the
standard-setting body for the Internet, is working to set technical
standards using a combination of these technologies. AOL is currently
testing the SPF technology, and we believe it can be implemented
quickly due to its readily available software and already widespread
adoption. Our assessment is that all three technologies can work
well together and should be implemented quickly on a broad scale.
AOL has joined with other leading ISPs, including Earthlink, Microsoft,
and Yahoo, to study ways in which we can make use of new technologies
to reduce spam. In addition to working together to test authentication
approaches, this ISP working group is discussing other types of
best practices that industry can employ to fight spam. Potentially
effective spam fighting methods that deserve further attention
include: (1) for all ISPs to confirm that their members who are
sending e-mail have accounts and are allowed to send mail; and
(2) for abuses indicated by ISP members to be handled as quickly
as they arise. We are continuing to work with our ISP colleagues
to develop additional solutions to the spam problem, both from
a technology and enforcement perspective.
In conclusion, we believe that industry and government have made
great strides in fighting the spam problem over the past year,
although there is much more work to be done. Professional spammers
are always on the cutting edge of technology, which means that
staying ahead of them requires extensive time, resources, and cooperation.
The CAN-SPAM Act has provided some important tools for pursuing
spammers; we believe we will start to see additional progress in
the war against spam as these tools start to be employed.
AOL is committed to protecting our members and maintaining our
leadership role in the fight against spam. We recognize that the
goodwill and trust of our members depend on our continued focus
on developing solutions to the spam problem. We continue to believe
that the spam battle must be fought on many fronts simultaneously
in order to be successful. From technology to education, from legislation
to enforcement, industry and government can work together to reduce
spam significantly and give consumers control over their e-mail
inboxes. We look forward to continuing to work with this Committee
and other lawmakers, as well as with our Internet service provider
colleagues, to stop spammers in their tracks.
Thank you again for the opportunity to testify; I would be happy
to answer any questions you may have on this topic.