Leading authority and
anti-spam expert provides her views...
Interview by Stephen Ibaraki, I.S.P.
This week, Stephen Ibaraki, I.S.P., has an exclusive
interview with the internationally known, widely respected
attorney, President and CEO of the Institute for Spam and
Internet Public Policy (ISIPP), Anne P. Mitchell Esq.
As an original founder of Habeas
Inc., Anne Mitchell served as President and CEO through its
first year, establishing Habeas as an industry leader and
changing the face of whitelisting of legitimate email. In
addition, she served as the Director of Legal and Public
Affairs for Mail Abuse Prevention System, one of the
original and most well-respected anti-spam services on the
Internet. Anne has actively consulted on legislative
anti-spam issues on a state and national level.
Mitchell is a graduate of
Stanford Law School, a Professor of Law at Lincoln Law
School of San Jose, and a member of the California Bar.
Q: Anne, with your demanding schedule, we appreciate you
taking the time to do this interview—thank you.
A: And thank you so much for the opportunity to speak with
Q: You have a most remarkable career. Please describe the
challenges, successes, milestones, and the valuable lessons
learned in each of your roles.
A: As in any area of advocacy where passions run high, and
where those ultimately impacted include everyman and
everywoman as well as businesses, there are at least two
sides to every issue, and often many more. Divining the
rationality amidst the passion, and the reality amidst the
hyperbole, can be very difficult, and more so if you come in
through one particular avenue or another. And once there,
determining a course which is true, and which doesn't veer
off into the extreme in any direction, can be very
challenging. This I learned early on as a fathers' rights
advocate, and it holds equally true in the anti-spam arena.
While the issues may be different, there is a fundamental
sense of right and wrong - of protection of personal
boundaries - and of moral indignation, which runs high in
From these challenges have come the primary lessons which I
have learned, and have had reinforced at every step along
the way: before reaching any conclusions and forming an
opinion reserve judgement and keep your mind open. Quietly
observe, and research, research, research.
This, coupled with my own two personal credos: "You do what
you gotta do" and "It is what it is", has stood me in very
As for milestones - well, in these sorts of arenas, one can
measure one's effectiveness as much, if not more, by what
those in opposition have to say as those in agreement. I
knew that I'd made it as a fathers' advocate when my work
started showing up on hit lists on the
N.O.W. website and in their published conference agendas.
Similarly, when I started drawing the ire of those who
insist on the "right" to email anything to anybody, even if
they didn't ask for it, I knew that I was making an impact.
That some of the more fringe anti-spammers accuse me of
being too soft confirms for me that I am staying the true
Q: Where do you see yourself in two, five and ten year’s
A: Two years? Spam Czarina to the Gov. of California. Five
years? Toasting that we have managed to stem the hemorrhage
of spam and bring it down to a trickle. And in ten years
time I hope to be retired other than continuing to teach,
write, and speak.
Q: As one of the founders for Habeas Inc., comment on this
accolade, “she is the Diva of Deliverability.” What
processes made Habeas, the assured email delivery company?
A: Actually the "Diva of Deliverability" nickname came from
Email Deliverability Summit II, which followed my departure
from Habeas. And I'm sorry, but under the terms of my
separation agreement with Habeas I am unable to comment
regarding processes. But I can say that I believed in Habeas
when I helped to found it, and I still believe in its
Q: We want to learn more about your new email deliverability
product and eDeliverability.com?
A: Thank you for asking about that! eDeliverability is my
company, separate from my day job running the Institute for
Spam and Internet Public Policy. The email deliverability
product is EDAPP, which stands for "Email Deliverability
Application". EDAPP is the brainchild of the developer, Will
Bontrager, whom many of your readers may know from his
MasterCGI and WillMaster sites.
EDAPP allows email senders to preauthorize and prevalidate
legitimate bulk mailings with participating ISPs, spam
filtering companies, and other email receivers.
Unlike any other email deliverability solution currently on
the market, EDAPP allows the ISP to set their requirements
for accepting incoming email through EDAPP, and senders can
easily tailor to which ISPs they send using EDAPP, on a
mailing-by-mailing basis, to conform with these
requirements. There is a minimum standard for mailings in
order to register as a sender with EDAPP at all, and ISPs
can choose to accept mail meeting these standards, or to
require stricter standards for EDAPP mail - the ISPs really
like this, as mail coming through the EDAPP system is
whitelisted and delivered on arrival, rather than being run
through a gamut of spam filters and checks.
The system is also virtually unspoofable, yet requires no
new hardware or software, making it easy and cost-efficient
to use both as a sender, and as a receiver.
Q: What are your best recommendations about handling,
managing, and filtering SPAM?
A: First and foremost: if you have users on your system, you
should never *ever* discard any email addressed to them, no
matter how spammy it looks, unless you have explicitly told
them that this is part of your process, and they have
affirmatively agreed to it. As receivers draw their spam
filters ever tighter (and who can blame them?) the false
positive problem - that of legitimate mail being erroneously
blocked, bounced, or junkfoldered as spam, is increasing
right along with the level of spam. And just as with spam,
false positives can have devastating consequences.
Macslash.com lost their domain when their ISP blocked their
registrar's domain renewal notice as "spam". The Mac
publication "TidBITS" had one issue go undelivered to
thousands of their online subscribers because the word
"Viagra" appeared in a review of a handheld device's
spam-filtering capabilities. Imagine the consequences of
advice from attorney to client, or doctor to patient, being
blocked as spam - and to compound matters, not only does the
recipient never get their mail, but often the sender has no
idea that it was not delivered, so operates on the
assumption that their email was received. So the lesson here
is to never simply discard mail, which your system tags as
spam – always make it available to the end users somewhere,
unless they have agreed to rely on your judgement regarding
what is spam and what isn't.
Second, and consistent with the industry standards which
came out of Email Deliverability Summit II (available at
http://www.isipp.com/standards.php), if you are a
service provider, post somewhere publicly, and clearly, what
your spam policies are, and what your requirements are for
acceptance of incoming email, and apply them consistently.
In fact, all of the standards are very good measures with
respect to both spam and deliverability issues.
Third, I recently heard Meng Weng Wong, one of the founders
of POBox.com, talk about SPF, for which he is a strong
advocate. I think that it makes a great deal of sense, and
it is trivial to implement. Your readers can find out more
about setting up SPF at
Finally, although this seems long-term, rather than
short-term, it's really not: get involved in legislative
efforts. As has been seen in the past week in the States,
there is a groundswell, and anti-spam resolutions and laws
*will be* (and are being) adopted. They will either be good,
or bad, and this is one of those cases where those in the
trenches really can make a difference, because the policy
and law makers don't have all of the data, and they *know*
that they don't have all of the data - they are willing,
indeed eager, to listen to constituents who know wherefrom
Q: How does your family view your work?
A: My husband constantly jokes "a Stanford law degree and
you keep working for causes with no money…what a waste". But
he really is just kidding - my family is extremely
supportive, and very pleased about what I do, and have done
previously. They're very proud of what I and those with whom
I have worked have accomplished, as am I, and it's important
to remember that aspect of it: those with whom I have worked
- as often as not I am simply the catalyst - I may get the
people together, but they are the ones who have to take it
from there, as is the case with the Email Management
Roundtable, and Email Deliverability Summits I and II.
Q: What aspects of your work motivate you to do what you do?
A: When I was more involved in fathers' rights advocacy, it
was - and I know that this sounds cliché - it was knowing
that I was actually making a difference in the lives of
children - that if I could help even one child to have their
father in their lives when they otherwise would not have, I
knew that I had forever changed that child's life for the
With my anti-spam work, it is knowing that I am uniquely
situated to really make a difference - I have the great
fortune to have the right background, credentials, and
experience to be able to go places others may not, to gain
access to decision makers and policy makers, and to bring
people together who might otherwise not ever hear what one
another has to say. I speak many languages: legal, policy,
legislative, and anti-spam - that's rare, and I'm very glad
to be able to contribute my skills in this way.
Q: Describe the vision, mission, strategies, goals and
values of the ISIPP.
A: The Institute for Spam and Internet Public Policy (ISIPP)
was formed to bring together those with expertise in
Internet, and specifically anti-spam, policies and
processes, both public and private, in order to provide a
cadre of experts and analysts to both the public and private
sectors, and to leverage that experience and brainpower for
the public good. And we've done this. We have an amazing
wealth of resources in such people as David Baker, Esq., VP
of Law and Public Policy for Earthlink; Joyce Graff, who
spent 8 years as an analyst with Gartner in their electronic
messaging group, including four years as the group's Vice
President and Research Director; Michael Grow, Esq., Chair
of the Technology Group at Arent Fox; John Levine, author of
the "Internet for Dummies"; Mike Jackman, Executive Director
of the California ISP Association; and Brad Templeton,
Chairman of the Board of Directors of the Electronic
Frontier Foundation, to name but a few.
Q: You work with many experts; please detail their
contributions to your organization.
A: All of our experts are available for consulting and
analysis work. Each brings a unique combination of
experience, expertise, and skills to the table. The
contributions are all outward facing - meaning that they
contribute to those with whom they consult, and to the
common good. Examples include Mike Grow's attending the
Republican Technology Council Leadership Breakfast and
Briefing on Spam, and my own work with Sen. McCain's office
to draft language for an advertiser accountability amendment
to the Burns-Wyden Can Spam act (which I'm thrilled to say
was passed unanimously). We also consulted with California
Senators Bowen and Murray this summer over legislative
issues which ultimately saw their way into California's
recently enacted SB 186.
Q: For the uninitiated, detail your latest industry
standards—what value do they bring?
A: I'm really glad that you asked this because we are very
proud of this accomplishment - it really illustrates what
can be done when you get everybody to the same table.
At both Email Deliverability Summits I and II, we brought to
the table an equal number of CEOs or other executive
decision makers from email receivers (ISPs and spam
filtering companies) and email senders (email service
providers, online marketers, and the like). And when I say
"to the table", I mean literally "to the table". At Summit
II, we had twenty receivers and twenty senders in a room for
eight solid hours (we broke only for lunch), around a huge
conference table (it was actually four large tables put
together). This was by invitation only, and to attend you
had to be either the CEO, or other executive decision maker.
This was no
op; this was a real working group with the people who have
the ability and authority to make things happen.
Out of these two Summits came a lot of wonderful initiatives
and resolutions, including the formation of the
cross-industry Email Processing Industry Alliance, and the
promulgation of five new industry standards. These standards
speak to both senders and receivers, and address and set a
minimum acceptable level for such things as bounce handling
(an email address must be removed from a mailing list if the
sender receives three consecutive bounces over the course of
fifteen or more days), unsubscribe processing (1-click
unsubscribe being the ideal) and publication of requirements
for acceptance and transiting of email. The really amazing
thing was not just that there was no acrimony, and only
cooperation amongst these 40 senders and receivers -
including some of the largest in the U.S. on both sides -
but that often the group most affected by a given standard
was the one pushing for the greatest restriction! For
example, with bounce handling, the senders were actually the
ones pushing for stricter guidelines, saying "we can remove
an address after it bounces just twice, sometimes even after
the first bounce" - and it was the ISPs saying "give
yourselves 3 bounces in a row, to allow for transient
failures, and full mailboxes when people go on vacation".
Now, granted, the types of organizations which are going to
participate in an email deliverability summit are the
responsible ones, but it bears noting, again, that those
there were among the largest - the leaders - Digital Impact,
Cheetahmail, RappDigital Innovyx, YesMail, AOL, MSN, Spam
Assassin, Outblaze. And they all, each and every one, agreed
to and adopted these standards. In fact many have already
Q: Can you provide commentary on the Email Deliverability
A: Another one of the industry standards which came out of
the Summit has to do with open communication between sending
and receiving systems, so that ISPs and other receivers can
communicate a problem to a sending system, or vice versa,
before it reaches a point that a receiving system has to
protect itself against a questionable mailing, or before
legitimate communications have been impacted or lost. We
kept hearing from both sides "if only we could figure out
who to call...". And I can't tell you the number of the
times I've heard of one ISP inadvertently blocking all mail
from another ISP, and nobody knows who to contact at the
blocking ISP's NOC. Email Deliverability Database is a way
to address that - both senders and receivers can register
with the database, access to which is restricted to approved
participants, and instantly find the contact information up
to the highest levels at participating providers and
Q: What is the current state of law regarding e-mail and
spam and are there international equivalents?
A: That is impossible to sum up in a nutshell - or even in a
short article. In fact, that is precisely why we are hosting
the first- ever national U.S. Spam and the Law conference in
January. Because, to quote from our website, "United States
laws, case law, and legislation regarding spam is nothing if
not a confusing hodge-podge of frequently incomprehensible,
often ineffectual attempts at achieving balance between
senders and receivers of email. The attorneys themselves
often can't make heads or tails of all of the different
state laws and case law operating in tension with each
other, let alone the average business person on whom they
We're also hosting an "International Spam Laws and Public
Policies" conference this coming summer.
Q: What issues drove the Email Management Roundtable? Who
were its members?
A: The Email Management Roundtable was the precursor to the
Email Deliverability Summits - focusing on the same issues,
and with receivers involved. It was an initiative to have
EMR meet with an analogous group of senders, which led to
the first Email Deliverability Summit.
Q: Name your top ten concerns and their solutions.
A: All concerns are a subset of one over-riding concern: to
make sure that end users get the email they want, while not
getting the email that they don't want.
There is no one solution, and there are many necessary
components. Good, strong, straight-forward legislation is
but one - and it must include advertiser accountability - if
you use the services of a spammer to advertise your product,
you're as liable as the person who actually pressed "send"
and injected the spam containing your message into the
Ongoing and open communication between receivers and senders
is another - the Summits and EDDB go a long way towards that
end, as does the newly-formed Email Processing Industry
The adoption of sensible, responsible industry standards is
yet another, and an area in which we're so pleased to have
None of these things by themselves will eradicate spam, and
in fact some of them on their own will do nothing to
directly impact the flow of spam, per se. Rather they help
to distinguish legitimate mail – a necessary, but not
sufficient, step towards taming the spam beast, which has
been overlooked until now. In an increasingly "either yer
wi' me or agin' me" spam/anti-spam world, until now nobody
had bothered to identify the "wi'", only the "agin".
Identifying wanted legitimate mail and making sure that it
gets delivered allows receiving systems to focus their
resources more strategically against the spam, and also
addresses the ever-growing problem of false positives.
Q: What are the best resources to research this further?
A: Any of the national analysis firms (Gartner, Ferris,
Pew), the growing body of scholarly legal work (Sorkin,
Lessig), and the more reputable of the advocacy
organizations (SpamCon, CAUCE, EFF). And of course, our own
ISIPP site (http://www.isipp.com).
Q: What assets and processes proved to be the most valuable
for you in your work?
A: Balance, tenacity, attention to detail, focus, and above
all, not taking oneself too seriously, a thick skin, and a
good sense of humor. In terms of personal assets, without
question my forte for alternative dispute resolution, and
bringing two seemingly opposing sides together over the
nexus of their common concerns. After working to help
divorcing, warring parents to peacefully co-exist for the
sake of their children, getting in the middle of senders and
receivers is a walk in the park!
Q: Describe the major challenges you face in your job and
how you overcome them.
A: Believe it or not, dealing with the more fringe
anti-spammers represents as great a challenge as dealing
with any other group. Zealots are zealots no matter the end
of the spectrum. Dealing with this sort of challenge goes
back to keeping an open mind, developing a thick skin,
maintaining your sense of humor, and not taking yourself to
The other great challenge is simply time - there is so much
to be done, in such short order - how do I overcome that? I
don't sleep much.
Q: As an anti-spam expert, please share your most important
A: There are times to get wound up, and times to just hit
And for goodness sake... step away from the computer - and
go outside and breathe some fresh air and remember that
there is a whole big *non-virtual* world out there, which,
when all is said and done, is far more important than any of
Q: Where is it all heading? What do you see as the major
technologies in the future? What products and services will
dominate and which ones will disappear? How about
predictions about their implementation?
A: Just as I don't believe there will ever be any one
solution, I don't believe that there will ever be one
be-all-and-end-all technology which will dominate in this
area. One size does not fit all, and there is a place for
many different types and levels of tools and solutions. For
example, some people actually like challenge/response
systems. Others truly want to see all email which comes in
addressed to them, and to personally review each and every
piece. Yet others are happy to lose the occasional "good
mail" if it means that they will get very little spam. Every
solution has, and will have, both benefits and downsides.
Some are just plain silly, others entirely impractical; but
they all represent an effort to address a serious problem,
and for that they deserve credit.
So where do I think this will all end up? I think that at
some point in the not too distant future, things will start
to become more standardized on a network level - while
things will become more differentiated on the user end. In
other words, as legitimate mail becomes more readily
identifiable in its own right as legitimate mail, we will
see more consistency in how both legitimate mail is
delivered, and how questionable mail and spam are handled.
With some consistency across the board, the final processing
choices then are in the hands of the end users - to use a
challenge response system, to use an end-user level spam
filter, to just accept all and then delete, whatever that
individual user's choice is. Already we are seeing that some
of the major ISPs are touting "putting the choice in the
end-users' hands", and consider that to be one of their
competitive advantages. And as there comes a time when fewer
and fewer users can remember a time when they didn't have at
least one computer and email address, the general level of
user sophistication will rise, along with user understanding
as to what their ISP can do, and what they themselves must
do about spam.
Q: What are the most common problems/issues and their
solutions facing businesses and users today?
A: 1) Making sure that users get the email they want.
2) Making sure that users don't get the email that they
3) The impact which dealing with spam has on workplace
4) Keeping offensive email out of the workplace.
Q: Do you have some stories about very challenging
situations and their resolution?
A: Getting senders who have always done things a certain way
to consider doing things differently (such as moving to a
confirmed opt- in model) is as, but no more, challenging as
getting ardent anti-spammers to relax their grip on a
firmly-held belief that once a spammer always a spammer. The
trick is to find a common ground, even if that ground is
only an inch-by-inch square to start. Convince the sender to
test out the new level of permission mailing. Then convince
the receiver to accept just that email from the sender -
after all, if the mail is wanted, surely they want to
deliver it to their users. Little by little both 'sides'
start to relax and let their guard down. Eventually they
both realize, as did those who attended the Summits that
they have as much in common as not, if not more. Legitimate
senders don't really want to send unwanted mail any more
than receivers want to receive it - if only because it means
that they are spending money, and using resources, for
something which in the best case scenario will yield no
return and which may lead to quite negative results.
Q: You must have both interesting and funny stories to tell
from your many rich experiences—please share a few.
A: When I first joined MAPs as in-house counsel, I had to
notify several colleagues as to my move. It was quite a
move, following on the heels of my fathers' rights work. So
I was a bit perplexed when I would call a colleague and say
"Hi, I just wanted to let you know that I've closed my
practice, and am now working in-house for Mail Abuse
Prevention System", and they wouldn't bat an eyelash, or
indeed even comment on my change of careers. Until I
realized that while I was saying that I had moved to "Mail
Abuse Prevention System", they were hearing "Male Abuse
Prevention System" - which made perfect sense to them!
Q: If you were doing
this interview, what five questions would you ask of someone
in your position and what would be your answers?
A: 1) Why is spam so prevalent -
nobody actually buys any of this stuff, especially from spam
they have received, right?
Believe it or not, people actually do make money from
sending spam. It isn't always due to sales of the product
advertised, although sometimes it is. Affiliate program spam
is very big. People make thousands of dollars by getting
paid for every click- through which they generate for
somebody else's website - and they do that by sending out
spam with the URL of the affiliate site.
2) It seems like there has been an increase in spam over the
course of the past few months. Is that accurate, and if so,
to what do you attribute it?
Spam has been proliferating at an astonishing rate. I have
no doubt that this is due at least in part to the equally
astonishing proliferation of anti-spam measures. The more
spam that is blocked, the more spam which must be sent in
order to realize the same financial return. If the rate of
response and return has gone from 10% to 1% due to effective
spam blocking techniques, then the spammer must send out ten
times as much spam in order to realize the same financial
3) What are the greatest challenges faced by legitimate bulk
email senders today?
Without question, the single greatest challenge for
legitimate email senders today is keeping their legitimate
bulk email from being mistakenly blocked along with the
spam. No matter how careful one is, no matter how clean the
mailing list and how high the level of permission, everyone
has problems with their legitimate mail being mistakenly
caught up in spam filters, and becoming a false positive.
This is where email deliverability applications and sender
validation can really help. It's an unfortunate fact of life
that it is come to this, but there you have it. Decrying
that it shouldn't be the case, nor pretending that it isn't,
doesn't help the mail get delivered.
4) Crossing over from fathers' rights advocacy to anti-spam
law and policy is quite a change - how did you get involved
in the anti-spam field?
Two words: Paul Vixie. Paul and I knew each other when I was
still a law student at Stanford. At the time I was running a
fathers' rights BBS out of my dorm room, on my Commodore
128. It was in law school that I really came into my own on
the Internet, and by the time graduation rolled around I had
already built up a strong Internet presence for the Fathers'
Rights and Equality Exchange. At that time, however,
Stanford's policy was that you could not keep a Stanford
email account after you graduated, and it was important that
we not lose our Internet presence. Paul very kindly provided
me an account on his own machine, and thus
born. As my online activities grew, and through my
friendship with Paul, so too did my exposure to Internet and
spam issues. I was probably one of the very first attorneys
online to really understand and use the Internet as more
than just an entertaining novelty, although I was quickly
joined by scores of others. Still, even to this day, very
few attorneys are as steeped in it all as I ended up being
from the very beginning - completely through serendipity - I
take no credit for it myself.
One day I was sharing with Paul how utterly burned out I was
in my private practice. Unbeknownst to me at the time, MAPS
was staring down the barrel of the first of its anti-spam
lawsuits, and so it was that Paul asked me to come on-board
as their Director of Legal and Public Affairs. And the rest,
as they say, is history.
5) What are your proudest moments, your most significant
accomplishments, to date with respect to your anti-spam
With ISIPP they are without question the drafting and
adoption of the Advertiser Accountability Amendment to the
Burns-Wyden bill, and the subsequent unanimous passage of
Burns-Wyden in the Senate [editorial note: happened while
being interviewed]; and the huge success of the Email
Deliverability Summits in bringing together two usually
opposing sides and creating agreement regarding very
important and far-reaching issues and standards.
Prior to that, growing Habeas from a kernel of an idea to
being one of the recognized leaders in the industry in under
a year, and before that taking one of MAPS' most vociferous
and vehement litigants and helping them to become a model
for responsible bulk mailing.
Q: Do you have any more comments to add?
A: Yes - it's incredibly rewarding to have the great fortune
to able to be involved on this level, and to this degree, in
what are cutting edge issues and solutions. I feel very,
very fortunate, and take my responsibility as an expert to
get it right very seriously.
Q: Your breadth of talents, deep insights, incredible wealth
of knowledge and experiences are so valuable to our
audience—thank you for sharing.
A: It has been a privilege and has been absolutely my
pleasure. Thank you so much for asking me, and please
consider me a resource and contact me any time.