Everyone on Spam

Spam is now the biggest tech/society news item. Earthlink won $16.4 million and an injunction in federal court suing a spammer (stories in news.com.com, siliconvalley.com). At the same time, Earthlink is accused of patent infringement for their new challenge-response anti-spam technology (news.com, New York Times). SpamCon has established a legal defense fund for anti-spam groups (news.com story). Oregon is just one of many that states that has recently passed anti-spam legislation (requiring ADV to appear in subject lines for spam). AOL is blocking email that originates from cable modem/DSL dynamic IP addresses, as a kind of “scorched earth” spam prevention technique. Microsoft just announced new anti-spam tools (news.com).

As a side note, Microsoft is charging $21.95 for the anti-spam service. I wonder if this suggests the kind of symbiotic relationship that currently exists between Microsoft, virus writers, virus protection companies (everyone profits) might be extending into new realms. Having a captive audience of millions of “free” Hotmail users, they can make it unbearable to continue to use the service without subscribing to these additional features (more disk space, spam filters). Since Hotmail doesn’t allow you to automatically forward to other accounts, you might just be stuck (of course there are ways around this).

Larry Lessig has dramatically staked his job on a solution which involves establishing a bounty for anyone who tracks down spammers violating the law.

I don’t believe this issue is as pressing as everyone makes it out to be, and I wish Lessig would stake his job on something else.

Usually, you’ll see spam described as an “onslaught” “plague”, “scourge”, etc.. But is it really costing us millions (or billions) of dollars to deal with? My email address has been available on the Internet since at least 1991, and probably longer. I imagine almost every spam database in the world has 10 of my addresses. Yet I only see one or at most two spam emails a day, and always recognize them from their subject line. It takes all of 1-2 seconds to delete them.

For me, SpamAssassin works great. It catches the 100 or so spam messages I receive every day and puts them in a separate folder. Occasionally, I glance in that folder to check for false positives, but at this point it’s been months since I’ve had a single one (once in a while there will be “semi-spam” in the spam folder, for example, offers from my credit card company that I don’t care about but aren’t truly unsolicited). Other tools like Vipul’s Razor use a collaborative approach to filtering (SpamAssassin works in conjunction with Razor). Bogofilter uses a modified Bayesian technique, originally described in Paul Graham’s article A Plan for Spam, to weed out spam based on messages you’ve received. In my experience, any of these tools work better than the latest technology deployed by Microsoft, Yahoo!, or Earthlink. They’re also relatively invisible to the user.

It seems to me that a combination of simple technological measures combined with enforcement of existing anti-fraud laws should really take care of the problem, and it’s not worth all this hand-wringing “what are we going to do about SPAM???” debate. Almost every spam you receive has some way to purchase the advertised item, and even if you can’t track down the sender of the email, you can track down the merchant, if they hope to do any business with you! The States have a well-defined infrastructure in place for dealing with misleading advertising or unfair business practices.

Internet Email has always been easy, flexible, and simple. By enacting a barrage of anti-spam legislation and adopting stupid spam filtering technologies, we’re ruining the simple end-to-end nature of email. We also risk treading on the 1st amendment, as political and other protected speech gets ensnared in the spam net.

I suggest we just keep it simple.