Ah, spam. We curse and revile you. We loathe finding you in our inboxes when you should be nested comfortably in the junk folder. And we routinely check to make sure that our spam filters haven’t misidentified legitimate email from a trusted source. Spam has been an unfortunate fact of life – the price of playing, if you will – in the connected world. Pandora’s Box was opened in the early 1990s when email became widely available to the world, and what at first seemed like a neat idea soon grew into a giant killer that effectively supplanted snail mail, the telephone and even the customary jaunt down the office floor to speak with a colleague. In the early days, it was easy to see the benefits and even easier to disregard the potential problems associated with email.
In fact, it took a few years for those problems to become readily apparent, but now that we’ve lived with email for twenty years – and couldn’t live without it – we see the harm that misbehaved email can cause. Spam represents a significant amount of our work lives and costs insane amounts of money. In 2009, Ferris Research estimated that spam costs the world about $130 billion. It’s a big number, and spam has gone from being a minor inconvenience in the nascent days of email to a massive problem that plagues everyone, from the single user to the largest corporation or government.
So can we put an end to it? It’s a compelling question. It’s no surprise that such a significant malaise has earned the attention of companies, tech firms, and law enforcement agencies. Over the past few years, several botnets have been taken down, and a dip in spam email numbers followed. But as quickly as those botnets were taken down, the spam numbers seemed to increase again. Most recently, the Grum botnet was yanked off the world stage, and depending on who you talked to, its shuttering represented between 17 and 50 percent of the world’s spam.
According to Atif Mushtaq, a senior scientist at FireEye, the security firm responsible for pulling the plug on Grum, taking down a few more botnets will be “enough for a rapid and permanent decline in worldwide spam level[s].”
True, we’ve had success identifying and dealing with the sources of unwanted Viagra ads and heartfelt messages from Bahamian princes; but is Mr. Mushtaq’s claim of a world without spam a realistic expectation or Utopian pipe dream?
Unfortunately, the latter is the answer that seems to resound truth. While we can all applaud Mr. Mushtaq’s enthusiasm, and we can all share in his ‘I have a dream’ approach to the future of spam, it’s just not practical to believe that spam will die (or be put to death).
Why? Well, in the proverbial ‘where do you want me to start?’ style, let’s consider what would be involved in putting a de facto end to badly-behaved email. First, you’d have to develop technology that would not only detect all the known methods of getting email past defense mechanisms, you’d have to have some serious heuristics that would make Steven Spielberg blush. There’d have to be AI that could anticipate new methods, and that includes anything the cybercrooks might throw at you. Look, it’s always been easier to break something than make something, a truism that antivirus developers have been dealing with for decades.
Next, you’d have to round up the world’s scam artists, grifters, and cybercriminals, and either cut off their mouse hands or lobotomize them. Mr. Mushtaq looks at the technical side of the argument, and well he should, since he’s a researcher. But the reality is that the technology is driven by two things: people and greed. And as long as people are around, and as long as we’re living in a cash-driven society, you’d better believe that spam will be alive and well and finding an inbox near you. It’s long been known that spammers make money doing what they do, and when you remove someone’s source of income, they’ll find a way to circumvent and reinvent.
Then, there are users. Spam, its malicious attachments and links, and ultimate success, all rely on one common factor: a user who’s willing to click. Simply put, without the users, spammers are out of business.
For such a complex topic, it doesn’t get much simpler than that. Please weigh in with your thoughts.