Today marks the 30th anniversary of (what is reputed to be) the first spam email. Here’s the body of the email:
DIGITAL WILL BE GIVING A PRODUCT PRESENTATION OF THE NEWEST MEMBERS OF THE DECSYSTEM-20 FAMILY; THE DECSYSTEM-2020, 2020T, 2060, AND 2060T. THE DECSYSTEM-20 FAMILY OF COMPUTERS HAS EVOLVED FROM THE TENEX OPERATING SYSTEM AND THE DECSYSTEM-10 (PDP-10) COMPUTER ARCHITECTURE. BOTH THE DECSYSTEM-2060T AND 2020T OFFER FULL ARPANET SUPPORT UNDER THE TOPS-20 OPERATING SYSTEM. THE DECSYSTEM-2060 IS AN UPWARD EXTENSION OF THE CURRENT DECSYSTEM 2040 AND 2050 FAMILY. THE DECSYSTEM-2020 IS A NEW LOW END MEMBER OF THE DECSYSTEM-20 FAMILY AND FULLY SOFTWARE COMPATIBLE WITH ALL OF THE OTHER DECSYSTEM-20 MODELS.
WE INVITE YOU TO COME SEE THE 2020 AND HEAR ABOUT THE DECSYSTEM-20 FAMILY AT THE TWO PRODUCT PRESENTATIONS WE WILL BE GIVING IN CALIFORNIA THIS MONTH. THE LOCATIONS WILL BE:
TUESDAY, MAY 9, 1978 – 2 PM
HYATT HOUSE (NEAR THE L.A. AIRPORT)
LOS ANGELES, CATHURSDAY, MAY 11, 1978 – 2 PM
DUNFEY’S ROYAL COACH
SAN MATEO, CA
(4 MILES SOUTH OF S.F. AIRPORT AT BAYSHORE, RT 101 AND RT 92)A 2020 WILL BE THERE FOR YOU TO VIEW. ALSO TERMINALS ON-LINE TO OTHER DECSYSTEM-20 SYSTEMS THROUGH THE ARPANET. IF YOU ARE UNABLE TO ATTEND, PLEASE FEEL FREE TO CONTACT THE NEAREST DEC OFFICE FOR MORE INFORMATION ABOUT THE EXCITING DECSYSTEM-20 FAMILY.
This is relatively mild by the standards of today’s spam. The message announced legitimate events relating to legitimate products in which the recipients might plausibly be interested. The sender was apparently unaware that this kind of message was against the rules.
Yet this message has much in common with today’s spam. The message used ALL CAPS, which was more common in those days but not the universal practice for email. The list of recipients was long. The message was incorrectly formatted – the original had more recipients than the email software of the day could handle, so what was supposed to be the recipient list actually spilled over into the body of the email, apparently unnoticed by the sender.
At the time, the Net’s rules forbade commercial activity, so the message was against the rules. Beyond the rule violation,the message’s propriety was widely questioned, and people debated what to do about it. (Brad Templeton has posted parts of the debate.)
Thirty years later, there is more spam than ever and no end is in sight. This shouldn’t be surprising, because the spam problem is fundamentally driven by economics. If anyone can send to anyone, and the cost of sending is nearly zero, many messages will be sent. Distinguishing unwanted email from wanted email is notoriously difficult – often you have to read a message to decide whether reading it was a waste of time. In this environment, spam will be a fact of life. The surprise, if anything, is that we have done as well as we have in coping with it.
The story behind Spam:
“Thirty years ago next week, Gary Thuerk, a marketer at the now-defunct computer firm Digital Equipment Corporation, sent an email to 393 users of Arpanet, the US government-run computer network that eventually became the internet. It was the first spam email ever”
Good or bad we have to acknowledge that Gary Thuerk is a genius. hehehe “‘)
If we can build a secure digital cash system (the obstacles are legal, not technical) and pass just a tiny bit of sensible law, then we can implement (a variant of) Jim Horning’s solution:
My email price is, say, ten cents. If you want to send me email, enclose at least ten cents or I’ll never see it. Any money you enclose goes into my bank account whether I see the message or not.
What’s that? You’re a friend of mine? Or I opted into something? Well then I gave you a passport code you can enclose in the email, and it’ll get in free. If I start receiving spam with that code, I’ll strike it from the list (and I’ll know you spilled it).
What’s that? You’re a penniless organization with something important to say? No problem, just enclose the money and after I’ve read the message I’ll remit it– if I agree that the message was worth reading. I might even donate a few cents, to help you in your good works.
What’s that? You think the message was worthy and you want your money back. Tough, I thought it was a waste of my time, so I’m keeping the money.
What’s that? You put some legal stuff in there saying that accepting the money means I’m your slave? Sorry, we passed some sensible law, and “contracts” that I didn’t sign don’t bind me. I owe you nothing, not even ten cents.
You say some people can’t/won’t set up doorkeeper robots like this? Fine, they don’t have to. The system still works for me.
You say some people can’t/won’t use digital cash? Fine, they can contact me some other way (e.g. telephone, paper mail) and ask me for a passport.
You say a virus stole digital cash from your computer? Well then call the police. Better still, don’t keep more than a few cents on a computer you don’t know how to secure. If you can’t handle your money, hire a banker.
Any more objections?
There are some problems in the world that have simple solutions. There are others that will never be solved by anything simple. There’s no more a silver bullet for solving the spam problem than there is for solving global warming or infectious diseases. Instead, we have a handful of techniques that are amazingly effective, but spammers adapt and move on.
Examples: Paul Graham popularized a Plan for Spam in 2002 that focused on machine learning techniques to classify spam. It was amazingly effective. Now, however, we see spammers doing all kinds of weird tricks to defeat this, including image-based spam or very short messages with URL links (which Graham predicted would happen). Likewise, issues like open mail relays have been dealt with very successfully using techniques like black-hole lists, which led to spammers ultimately latching onto botnets as a way to sent a huge amount of spam from a seemingly infinite number of sources.
If you cause spam to cost “virtual” money (e.g., per-user quotas enforced by ISPs), then the botnet system will still win, since a million real hosts can accumulate plenty of virtual currency. Even if you start attaching “real” money to the system, then the botnets will start digging deeper into your mail application (or webmail server) to get at that currency. Be careful what you ask for!
At this stage, I think the technical tactics we’ve collectively taken are doing a great job and it’s well worth pushing them further. The next big push needs to happen in the legal realm. The way to make spammers pay is to track them down and drag them and their customers to court. If a botnet herder faced a year in prison, per machine infected, they could spent far more than the rest of their natural life in jail. But then you get into international jurisdiction issues, never mind “legitimate” businesses with lobbyists.
Like I said, there’s going to be no simple solution to spam.
One way to deal with botnets is simply lock out customers who send a certain amount of email. Once that limit is hit they can be warned – If they didn’t hit it deliberately then they are part of a botnet and need cleaning.
Either that or simply force users to explicity allow ANY application access to the internet when it wants it for the first time or after so many hours of use offline. Same for incoming command & control connections – ALWAYS ASK. People will start to investigate apps if they keep asking for the net with odd names.
Thirty years later, there is more spam than ever and no end is in sight. This shouldn’t be surprising, because the spam problem is fundamentally driven by economics. If anyone can send to anyone, and the cost of sending is nearly zero, many messages will be sent.
This observation is trite.
There is an implicit assumption in the predicate: “anyone can send to anyone”. Specifically, this assumes that all potential senders belong to an equivalence set.
While on a gross level, it may be more-or-less true that one sender is about equivalent to another sender, there is no reason to believe this is true within the context of “the spam problem”—especially the spam problem as it is manifested today.
Most email senders will obey reasonable rules. Those senders may not be strongly motivated to send large quantities of mail to strangers. Even if they are slightly motivated, they most probably are aware of the social norms discouraging spam. Or they may be responsive to appropriate administrative action by their provider’s abuse team.
Some senders—a relative few—create vast botnets for the purpose of sending spam.
Current estimates range from roughly about 1e7 to 1e8 compromised machines on the net today.
Thirty years later, there is more spam than ever and no end is in sight. This shouldn’t be surprising, because the spam problem is fundamentally driven by economics. If anyone can send to anyone, and the cost of sending is nearly zero, many messages will be sent.
This observation is trite.
There is implicit assumption in the predicate: “anyone can send to anyone”. Specifically, this assumes that all potential senders belong to an equivalence set.
While on a gross level, it may be more-or-less true that one sender is about equivalent to another sender, there is no reason to believe this is true within the context of “the spam problem”—especially the spam problem as it is manifested today.
Most email senders will obey reasonable rules. Those senders may not be strongly motivated to send large quantities of mail to strangers. Even if they are slightly motivated, they most probably are aware of the social norms discouraging spam. Or they may be responsive to appropriate administrative action by their provider’s abuse team.
Some senders—a relative few—create vast botnets for the purpose of sending spam.
Current estimates range from roughly about 1e7 to 1e8 compromised machines on the net today.
Jim & Ed,
Part of the problem is that it is hard to see how to organize the web so that spammers will have to pay that one cent. There are many ways for them to arrange to pay themselves. So all us honest users will pay that cent, and the spammers will continue their free ride.
– tobias robison
Firstly thanks for this tidbit of information Ed. I suppose it was reasonably common knowledge before this article, but heck I didn’t know and don’t recall reading of it so yeah thanks. BTW I’ve been reading FTT for a while but haven’t been moved to comment yet. I tend to find most of what I read here to be well-written and informative, so thanks and keep it up 🙂
Sorry Jim but I must disagree with you. What would you do with non-profits that have been able to better communicate with the desiring public given the free communication model they now enjoy? If they are sending out 1000 emails a month it would be a paltry 10 dollars, but what if they don’t have the money? Do they and their voluntary opted-in recipients simply suck eggs because others want a quick fix for spam emails? But ignoring polite details like that, just ask yourself “who gets the money” before asking “who will be willing to break the new rules for one percent of one cent” and you’ll see why charging for sending email is doomed to fail. In a civilized world we would violently and painfully execute spammers. With the video released into the public domain in an open source format of course.
I’ll say it again: The only thing that will effectively throttle spam is charging for e-mail delivery. I’d happily pay one cent per recipient for all the mail I generate, in exchange for not being subjected to all the spam I receive that is unlikely to generate a cent per recipient in revenue for its sender.
Jim H.