Can We Really Put an End to Spam?

Ah, spam. We curse and revile you. We loathe finding you in our inboxes when you should be nested comfortably in the junk folder. And we routinely check to make sure that our spam filters haven’t misidentified legitimate email from a trusted source. Spam has been an unfortunate fact of life – the price of playing, if you will – in the connected world. Pandora’s Box was opened in the early 1990s when email became widely available to the world, and what at first seemed like a neat idea soon grew into a giant killer that effectively supplanted snail mail, the telephone and even the customary jaunt down the office floor to speak with a colleague. In the early days, it was easy to see the benefits and even easier to disregard the potential problems associated with email.

In fact, it took a few years for those problems to become readily apparent, but now that we’ve lived with email for twenty years – and couldn’t live without it – we see the harm that misbehaved email can cause. Spam represents a significant amount of our work lives and costs insane amounts of money. In 2009, Ferris Research estimated that spam costs the world about $130 billion. It’s a big number, and spam has gone from being a minor inconvenience in the nascent days of email to a massive problem that plagues everyone, from the single user to the largest corporation or government.

So can we put an end to it?  It’s a compelling question. It’s no surprise that such a significant malaise has earned the attention of companies, tech firms, and law enforcement agencies. Over the past few years, several botnets have been taken down, and a dip in spam email numbers followed. But as quickly as those botnets were taken down, the spam numbers seemed to increase again. Most recently, the Grum botnet was yanked off the world stage, and depending on who you talked to, its shuttering represented between 17 and 50 percent of the world’s spam.

According to Atif Mushtaq, a senior scientist at FireEye, the security firm responsible for pulling the plug on Grum, taking down a few more botnets will be “enough for a rapid and permanent decline in worldwide spam level[s].”

True, we’ve had success identifying and dealing with the sources of unwanted Viagra ads and heartfelt messages from Bahamian princes; but is Mr. Mushtaq’s claim of a world without spam a realistic expectation or Utopian pipe dream?

Unfortunately, the latter is the answer that seems to resound truth. While we can all applaud Mr. Mushtaq’s enthusiasm, and we can all share in his ‘I have a dream’ approach to the future of spam, it’s just not practical to believe that spam will die (or be put to death).

Why? Well, in the proverbial ‘where do you want me to start?’ style, let’s consider what would be involved in putting a de facto end to badly-behaved email. First, you’d have to develop technology that would not only detect all the known methods of getting email past defense mechanisms, you’d have to have some serious heuristics that would make Steven Spielberg blush. There’d have to be AI that could anticipate new methods, and that includes anything the cybercrooks might throw at you. Look, it’s always been easier to break something than make something, a truism that antivirus developers have been dealing with for decades.

Next, you’d have to round up the world’s scam artists, grifters, and cybercriminals, and either cut off their mouse hands or lobotomize them. Mr. Mushtaq looks at the technical side of the argument, and well he should, since he’s a researcher. But the reality is that the technology is driven by two things: people and greed. And as long as people are around, and as long as we’re living in a cash-driven society, you’d better believe that spam will be alive and well and finding an inbox near you. It’s long been known that spammers make money doing what they do, and when you remove someone’s source of income, they’ll find a way to circumvent and reinvent.

Then, there are users. Spam, its malicious attachments and links, and ultimate success, all rely on one common factor: a user who’s willing to click. Simply put, without the users, spammers are out of business.

For such a complex topic, it doesn’t get much simpler than that. Please weigh in with your thoughts.

Written by Malcolm James

0 Comments

  1. Cathy Tess · July 31, 2012

    The question is a rhetorical one – spam will never end. The problem as I see it is if we can limit it to more acceptable numbers, like 5 t 10 percent of messages at most. If we manage to do this, this will be a victory.

  2. Perry White · June 19, 2013

    Jack Rickard of Boardwatch Magazine had the cure for spam in 1998. Unfortunately, everyone at the time wanted “free” e-mail. Well, they got their wish.

    From Boardwatch Magazine:

    The concept that there is a place for advertising via e-mail has some bare initial merit. I used to talk about treasure and trash being in the eye of the beholder and it might have been for a brief moment. But the bitter truth is that the spammers have so gruesomely soiled our network that no self-respecting marketer would use it at all as a legitimate advertising medium – at least beyond their own closed customer list. In practice, I DON’T get e-mail from Land’s End, or from Hummer add-on parts dealers, or from anything I would be remotely interested in. I would take it further that I don’t actually get spam even from legitimate companies offering things I’m NOT interested in. The only spam I get is from truly whacky rip-off artists and ne’er do wells offering pyramid schemes, netsex, or the tools so I too can spam. It is a total wasteland. And it comes in such huge numbers it almost makes e-mail unusable. Is anybody actually ordering this stuff?

    I’m sympathetic to the role of the network as a great leveler allowing the smallest entrepreneur to work on an even field against DuPont, 3M, and Sears. But in practice, it just draws cranks and wackos who go beyond the quick buck artist level to just slimy. I really am not sympathetic to anyone I can see that is currently spamming. My concern was with the reaction ISPs are taking to SPAM, and the potentially bad effects it will have on them ultimately.

    As to solutions, I may have one. I’m still working on it. Basically it takes your concept of free e-mail and turns it on it’s ear. How about we all PAY for e-mail?

    Yes, let’s say that to send a piece of e-mail, we’ll pay 32 cents – the same as a first class letter via street mail. But instead of giving it all to the post office, let’s do something creative with it. Let’s give a nickel to the ISP at the originating end, and a nickel to the ISP at the receiving end. Let’s set aside 7 cents to run the clearinghouse and infrastructure needed to keep track of the money. And let’s give 15 cents to the RECIPIENT.

    Sounds mad doesn’t it. But wait a minute. Most of us using e-mail legitimately, both send and receive e- mail. If I get 15 cents to read a message, and I spend 32 cents to write one, on balance e-mail costs me 17 cents. But if I want to spray a million messages out on the Internet to advertise my product, there is no offset on return messages, aside from a handful of flames, and I pay the full 32 cents. This sets up a cost differential between abusive use of the e-mail system to market stuff, and legitimate personal e-mail use. Mail is cheap for private use (17 cents) and somewhat dearer for mass marketing purposes (32 cents.)

    I think you’ll find end users reaction to spam somewhat different as well. If you send me junk, but I get 15 cents to hit the next key, which I’m hitting now for free, send it on. I’ll take your money. Dufus.

    Further, let’s say there WAS a legitimate marketer wanting to reach me, but didn’t want the hit of being associated with SPAM. Since everyone they send their sales pitch to gets fifteen cents for doing almost nothing, it rather puts it in a different perspective doesn’t it. It’s almost like getting flowers, instead of inconvenience.

    I would propose this pay mail scheme be entirely voluntary and parallel to the current e-mail service. Nobody should HAVE to do anything. If you want to live in the swamp with the free e-mail service, go girlfriend. If you want safe harbor from SPAM, join pay mail and if anyone has anything sufficiently important to send you, they should care enough to cough 32 cents. If they care enough to cough 32 cents, I’ll read it.

    Once in place, the system spews some side benefits. It essentially fills the micropayments economic system that people have been wanting for years. You can sell your recipe’s, poems, nuclear weapons plans, whatever for 15 cents to anyone that will pay 32 cents. The process could be reversed for mailing lists, so that you pay the sender 32/15 cents for each message they send – a kind of el cheapo subscription service. And if they send too many stupid ones, I can resign and join some other list elsewhere. All these guys slaving thanklessly maintaining these lists get a few bucks, and I suddenly find I’m getting a lot better quality messages from the list, which is now moderated as it turns out. You could even extend this to the point of opting out of messages with a certain subject line – turning off entire subjects and discussions from a mailing list you otherwise did want to stay on.

    There are some server, distribution, and authentication issues, some of which are probably non-trivial but all doable. All of the numbers can be moved around. The basic point is to set up some ECONOMIC motivators to quell spam, not simply announce (via e-mail usually) that you don’t like it and wish they would stop. Or wish some legislature will magically become wise in netlore and save you by criminalizing it, or by scapegoating ISPs everywhere and holding them severally and as a group responsible for everyone with a dialup account and a keyboard.

    Free e-mail sets up a “free” marketing channel. With that kind of incentive, I can send 45 million e-mail messages hoping to get THREE orders at $12.95 each, and I’m in tall clover here. Never mind that 44,999,997 people were inconvenienced – I’ve got my thirty-nine bucks and I like this Internet stuff real well. If it costs me $12 million bucks to send those 45 million messages, $39 doesn’t cut it and I’m outta here.

    That’s the heart of the problem. And until you are willing to attack this beast it at its heart, whining and whacking away at its fingers is going to have limited impact.

    Jack Rickard

  3. Osama Bin Login · July 30, 2013

    That’s the way to do it. Even 1c per email (per recipient) would reduce spam. At that price, sending spam would cost $10,000 per million. You’ve got to have some legitimate business reason to do that.

    And, no human email user would balk at that. You can send 100 emails a day for just $1.

Leave A Reply