The e-mail in-box has evolved from a useful communication medium to a catalog of too-good-to-be-true offers of mortgages and organ enhancements. The stalwart and ubiquitous mobile phone is perched at the brink of a similar catastrophe, as cell-phone spammers begin to wirelessly deliver a similar stream of bogus messages and come-ons. But a new Federal Communications Commission (FCC) ruling may keep spam from overwhelming wireless phones.Last year's CAN-SPAM Act directed the FCC to create regulations to protect wireless users from spam, a task the FCC has accomplished in this new ruling. Michael Altschul, senior vice president and general counsel of wireless association CTIA, explains that CAN-SPAM treats wireless spam differently than its wired counterpart.

Wired spam is "opt-out," meaning "every commercial sender of e-mail could send one e-mail to any customer but must provide that customer with the opportunity to opt out from getting any more," Altschul says. "Congress was sensitive to concerns that people's wireless phones were so much more personal," he continues, so the law mandates an "opt-in" approach for wireless e-mail messages, where "only commercial e-mail messages that a customer has specifically opted in, or consented to receive, can be sent," Altschul says. In its new ruling, the FCC has defined rules and definitions to implement the opt-in approach.

The FCC ruling determines that e-mail messages sent over the Internet to wireless devices that have a domain name such as .com or .net are prohibited by CAN-SPAM; spam sent in the short text messages known as SMS are proscribed by the Telephone Consumer Protection Act (TCPA), a 1991 law that prohibits the use of an "automatic telephone dialing system...to store or produce telephone numbers to be called."

The FCC ruling may have come just in time. While wireless spam is still relatively new in the United States, it's already risen to epic proportions overseas. Data compiled by eMarketer, which collects e-business statistics, show that 39 percent of mobile phone users in Asia and 36 percent in Europe have received text messages from advertisers, compared to only 8 percent in the U.S. This, says Verizon Wireless spokesperson J. Abra Degbor, is because overseas users have traditionally been more likely to use wireless phones as primary devices. Bradley Blanken, assistant vice president for technical programs with CTIA, notes that two years ago only around 30,000 text messages a month were sent in the U.S. Now, some two billion are sent monthly.

And many of them are spam. Verizon Wireless recently was granted a permanent, legal injunction by the United States District Court of New Jersey against a spammer accused of sending "millions of unsolicited commercial electronic messages," (about 98,000 of them went through spam filters and reached subscribers, according to the complaint). Aside from the annoyance and cost to Verizon's subscribers who pay $.02 to receive a text message, the company charged that the onslaught of spam clogged its computers and stole valuable resources by forcing it "to dedicate equipment, software, and personnel to block, filter, process, switch, and transmit spam messages."

Other than seeking legal protection, are there technological solutions that wireless providers can implement? While Degbor was reluctant to discuss Verizon's defenses in detail, she says that the company relies on a key indicator of wireless spam: bulk. "We monitor the network for velocity checks, large blocks of texts going off to the system from a single sender," she says. In some cases, when the spammer's location is revealed by the velocity-checking software, Verizon works directly with an ISP to shut down the spammer. "We have a common interest in not having our services misused," Degbor says.

Blanken says that "blacklists" that block the URLs that are found to be used by spammers are one type of filter commonly used, but he agrees that wireless spam is most often discovered by the amount of traffic it causes. "If suddenly a thousand messages come through from one place, there's a pretty good likelihood it's spam," he says.

@ The FCC ruling is available at www.securitymanagement.com.​​​Wireless_Tech1004.pdf