James Gleick, the science writer, had an article on spam in Sunday’s NY Times. Like Jon Udell, I found it disappointingly superficial — I could say the same about some of Gleick’s other writing.
Spam will be hard to legislate out of existence, mostly because of the Net’s global nature. I already receive a fair amount of Korean, Chinese, and Japanese spam, and a little in German. Perhaps, sooner or later, all these countries will pass legislation with teeth to crack down on spammers, but right now, even the USA doesn’t have any.
I already use Spam Assassin, and recommend it highly. It catches most of my spam, but about ten pieces slip past every day (I’m not sure how much I get, but I believe it’s about 100 pieces/day). My mail client, Apple’s mail.app, catches about half of the rest. We could do better–especially because I probably have a small number of false-positives, which bugs me a bit.
Here’s what I’d like to see:
Better collaborative filtering: mail.app already allows you to flag a message as spam, which refines an internal spam-filtering algorithm. This could be extended by submitting the offending message to a central database, which would then push out updates on a regular basis. Such software once existed on the Mac, called Spam Blaster. It was effective, but it was put out of business by Sound Blaster for infringing its trademark on anything with “Blaster” in the name. I believe that Spam Assassin also uses a small number of people to feed new spam into the system, but it can’t be as effective as a massively collaborative system.
Pay: I’d be happy to see a system put in place where everyone pays, say, $10 into an escrow account. If you try to e-mail me and you aren’t on my whitelist, one penny is deducted from your account (I don’t particularly care where the money goes — give it to your ISP). After I receive your message, adding you to my whitelist would just require pushing a button. This would effectively end spam, as spammers couldn’t or wouldn’t pay a penny for every piece of mail sent out. For individuals, though, it would take a long time to work down that $10–that’s sending e-mail to 1,000 new people.
The latter scheme would require some pretty basic architectural changes in the way e-mail works. But considering the gyrations ISPs and individuals are going to already, it’d be worth it. A bigger problem is that it is somewhat undemocratic and bureaucratic: it assumes that everyone has $10 to spare, and the creation of an escrow system (though the system could probably be funded on the interest of the escrowed money).
The former scheme would be somewhat less effective, but could get up and running quickly. Services like Spamcop are doing this now, but for a fee, and inconvenient if you don’t want an @spamcop,net address. It would be worth it for companies like AOL, Hotmail, and Yahoo to run the back-end of a service like this as a free service, simply because they are so relentlessly hammered by spam.
> I believe that Spam Assassin also uses a small
> number of people to feed new spam into the
> system, but it can’t be as effective as a
> massively collaborative system.
Spamassassin ties into two distributed databases: Vipul’s Razor http://razor.sourceforge.net/ (also available as Spamnet http://www.cloudmark.com/products/spamnet/ as a commercial Windows product) and DCC http://www.rhyolite.com/anti-spam/dcc/ .
The problem with Razor is not the size of the size of the input population (it’s large) but the trust model. Historically, there has been a problem with people feeding wrong information into the database, causing bulk (but opt-in) newsletters being marked as spam. This typically is a result of people feeding Spam Assassin output directly into Razor, false positives and all. It’s possible this problem has been addressed since I’ve looked.
I think DCC is a much more sound model. It provides a reliable measure of _bulkness_, not _spamness_. They’ve already whitelisted a large number of well-known mailing lists and newsletters. You may need to make local additions; I didn’t. I’ve found DCC so valuable, I’ve increased boosted its Spamassassin weight.
Unfortunately, right now too many people are chasing filtering as if it’s the solution to the spam problem. It isn’t. Technical solutions are never an appropriate long-term fix for social problems. I alluded to the limits of filtering in a blog article posted last month http://www.unicom.com/chrome/a/000037.html . I hope to be discussing this issue further in the near future.
That’s an interesting perspective, Chip. I’ve always thought of spam as a technological problem–not to the exclusion of being a social problem, but a problem created by technology. I guess it becomes a matter of semantics. Is drunk driving a social problem because people are idiots and it has social costs, or a technological problem because cars are dangerous? Both.
I’m holding out for technology that allows me to reply with a brick to everyone who sends me spam.
I like the escrow account idea.