What to do about spam?
Not much to report in the life category, as things progress apace. The Linux learning curve is certainly fun, and I’m struggling to wrap my brain around Vi, which is an interesting task. Knowing my own proclivities, I think that I will really love the editor after I learn some of the basics, and it will be really hard to pry it out of my hands.
My roommate got a new computer last night, so I’m back to box-envy. It probably wouldn’t be so bad if it wasn’t like a $3000 machine, tricked out with all the best geek trimmings (visible case, 19inch flatscreen, and really spiffy colored stuff). It would hurt even less had it not been a gift for spending egregious amounts of time playing Ultima Online. A friend of his (who I can only assume works in computer sales) “hired” him to level his characters, so Mark basically got the computer for playing a game. I can’t complain too much, since Vader was basically obtained under similar pretenses, but his is better than mine… <pout>
My primary reason for writing today is to discuss the spam epidemic. While my own abhorrence to spam is not that extreme, I have had numerous calls from people complaining about the volume and content of the spam flooding their inboxes. At Trib, it’s become our #1 customer concern, and thus we’ve been spending a lot of time discussing it.
Currently, we have a machine that checks all incoming mail for malformed or invalid mail headers, the type that spammers typically use to send their nefarious offspring. It does a pretty good job, and we discard approximately 200,000 to 300,000 messages a day. Personally, I’ll vouch for the system, as I have two trib accounts and two corresponding external accounts that I can use for comparison. My non-spam-magnet (for general use, that I give out on a personal level) my trib address gets about 1-5 spam messages a day. My yahoo account, which is used in a nearly identical manner, gets about 15-30 spam messages a day. As for my spam magnet accounts (which are posted on my site, and also used for any other “spam-risk” activities), my trib account gets 5-15 messages a day, while my ugcs account gets at least 30 messages a day. Both of those have also gone down significantly since I started masking my addresses using HTML escape characters. In any case, the spam doesn’t really bother me that much, as it takes around 30 seconds to a minute to sift through and delete any spam I do get, and I waste more time each day figuring out what clothes to wear.
That said, I have, in the course of my misadventures as a help-desk technician, seen people who get well over 100 spam messages in a day. Now, I’ve realized that over my years of development as a connected member of the Internet, I’ve grown less and less dependent on email. I send perhaps five email messages in the course of a week that are not somehow related to my job, and I receive approximately ten to fifteen messages a week that are likewise not work-related or part of a mailing list. Most of the people I’ve worked with receive substantially more email, though the vast majority of it is in the form of various mailing lists or mass-forwards, both of which are only slightly removed from outright spam in my mind. Is my low level of spam a direct result of my generally lower level of email usage, or is there some other factor to consider? I suppose that as a relatively tech-savvy individual I’m better at not falling into the spam-trap, and unfortunately, once an email address has been tainted by spam, there’s very little you can do to stop the tide. Simple user filters are no longer useful, because spammers tactics have changed to evade them with ease, and the basic user isn’t really capable of setting up an advanced anti-spam filtering system. It basically comes down to minimizing your profile, and unfortunately most people have no idea where to begin.
Which brings me to the counter-point: what can we do to stem the tide? I’ve heard many theories bandied about, from making spamming illegal, to making it legal to kill a spammer. Unfortunately, many of those theories are nigh impossible to implement, because the simple definition of spam can vary. These are some of the theories I’ve heard proposed, and my general response:
- Make killing spammers legal - Do I really need to rebut this one? Yes, spamming is annoying, but is it really so aggravating as to require the forfeiture of human life?
- Make sending unsolicited email illegal and prosecutable - The problem stems from the fact that basically ALL email is unsolicited. Theoretically, I could get in a spat with my brother, and declare that he’s sent me hoards of unsolicited email over the years. There really is no guaranteed way to clearly identify spam without some margin of personal bias.
- Block email by content - I’ve heard this one primarily in reference to the increasing level of pr0n spam, and it’s one of the things that our customers report the most. I’ll admit, I can’t really figure out why someone would think I’d be interested in watching girls have sex with horses, or any of the other preposterous things I’ve gotten over the years. But where do we draw the line? I’m sure 99.9% of the US populace will agree that bestiality should be banned, but does that restriction carry over to dirty jokes that are occasionally sent as forwards? Some puritanical individual might decide that any email containing a swear word was verboten. In the end, there is no way to define an “acceptable” level of content without pissing off a large percentage of the populace.
- Make opt-out or unsubscribe links actually work - One of the big issues with spammers today is that those unsubscribe links you see don’t actually do anything to reduce the spam. In fact they’ll usually increase it, since it makes your email address that much more valuable to the spammer. Making these links work would allow consumers to pick and choose which email they want to receive, in theory. In practice, it would open up an entirely new can of worms, allowing all the big companies that have avoiding bulk emailing due to the stigma attached to jump into the fray with all their economic might. You think spam is bad now? Wait until companies can farm your address and send thousands upon thousands of nearly identical messages every day. It’s perfectly legal for them to do so. All you have to do is click the unsubscribe link, but that will only get you off of list AjKle1198071. This would simply change the default behavior on getting spam from “delete” to “unsubscribe”.
There are two methods that I think may actually work, though I’ve only seen them in limited context, and there’s undoubtedly something I’m missing.
First, something the Network Administrator at Trib recommended. Simply make it illegal and prosecutable to hide your identity or originating location on email. If spammers could no longer forge email to change addresses at will, it would make standard blocking and filtering systems almost 100% effective, and eliminate the need to enforce additional anti-spam measures. The biggest issue I can see with this is the elimination of anonymity, and the possible extension to other applications, such as proxy servers and encryption. People are entitled to a measure of privacy, but there are current precedents where privacy can be invaded given just cause.
The second resolution is one of my own devising. It’s quite possible (and likely, given that I’m not all that original) that someone else has had the idea, but I honestly came to this conclusion myself. Under the current system, an email account costs the same whether you send one email per year, or ten million emails per minute. This makes it extremely easy to send egregious amounts of email for a relatively small cost. This makes spamming profitable. If you send out ten million advertisements selling a product that costs $39.95, and even ONE of those ten million people follows the add and buys your product, you’ve totally recouped your expenses and made a decent profit. Repeat this process every day for a month, and you can make some pretty decent cash. If we could implement a system where spammers are charged based on the volume of email they send, we could make the whole process unprofitable and thus stop the spam at it’s source.
I’m not recommended charging a flat rate per email sent, because that really doesn’t make sense. An exponential pay scale, where the first 100 or so messages are free or nearly so, with extremely high prices for those that send messages in the millions, would be the scale I’d recommend. If it costs $1000 to send out ten million messages, then the spammer would have to convert 25 customers just to break even, and the conversion rate is seldom that good. If the cost doesn’t reduce the spam, simply keep increasing the charges until simple economics forces them to seek other employment.