April 17, 2014

avatar

Debate: Will Spam Get Worse?

This week I participated in Business Week Online’s Debate Room feature, where two people write short essays on opposite sides of a proposition.

The proposition: “Regardless of how hard IT experts work to intercept the trillions of junk e-mails that bombard hapless in-boxes, the spammers will find ways to defeat them.” I argued against, concluding that “We’ll never be totally free of spam, but in the long run it’s a nuisance—not a fundamental threat—to the flourishing of the Internet.”

Comments

  1. Vincent Clement says:

    I agree, kind of. Spam filters have reached a point where the overwhelming majority of spam does not make it to the inbox. I think the real issue is with the resources used to transport and then filter spam.

  2. Ed Felten says:

    Vincent,

    I had 300 words to make my argument, so I had to pass over your point quickly.

    In the long run, the main cost of spam is in wasted human attention, caused by the few messages that actually land in our inboxes. Transport and computer processing costs will become less significant as Moore’s Law drives down the cost of those resources.

    Sure, spammers will send more, but I don’t think the increase in (non-inbox) spam traffic will keep pace with Moore’s Law. To echo my conclusion, this will be annoying but not a fundamental threat.

  3. Faramond says:

    I do not receive any spam at all, and I do not use filters.
    How do I do it?

    I own my own domain name. All e-mails sent to my domain are forwarded to an e-mail account whose address I never give out. (I.E., *@mydomain.com => secretaddress@secretdomain.com)

    I give each of my friends and companies with whom I do business a separate address (e.g., I tell John Doe to e-mail johndoe@mydomain.com.) Then, if I start receiving spam messages sent to johndoe@mydomain.com, I can simply add a delete rule for that address to my domain at the registrar’s web site (I.E., all e-mails addressed to johndoe@mydomain.com => delete without forwarding.)

    Voila! No spam.

  4. ignorance says:

    Is it useful to think about spam only in terms of e-mail?

  5. I R A Darth Aggie says:

    I run a small mail server for, oh, I’d say probably 100 active accounts, and I’m blocking about 75-85% (about 7k-10K messages) per day. I can’t even begin to imagine what quantity of crap that gmail, yahoo, AOL, or hotmail fold/spindle/mutilate on a daily basis.

    Personally, I have similar capabilites as Faramond, and I’ve on occasion used customized addresses for blogs. One such blog has either been compromised, or sold collected address, as I’m receiving spam to it.

  6. Michael Weiksner says:

    You make a compelling argument, Ed. Moreoever, I hope you are right!

  7. Spudz says:

    Of course, your method for dodging spam is only usable by those of us wealthy enough to own and maintain in perpetuity a domain name of our own.

    What about the rest of us ordinary users?

  8. Candice says:

    I agree that spam doesn’t pose a fundamental threat. True, the spammers keep thinking up new ways to get us to see their messages, but at the same time, we keep thinking up new ways to filter or block them. So yes, it’s an arms race, and one that will never be definitively won by either side. However, I also think that as today’s younger and more computer-savvy people get older, mass spamming will become a less effective tool, and we’ll see a trend towards more targeted/individualized ads. The younger crowd is more adept at recognizing spam messages, and also at avoiding them, especially when they are completely irrelevant and of no interest whatsoever. I think that the presence of spam is one of the reasons that many people prefer to send messages mainly through social networking sites rather than by e-mail. It’s a form of whitelist, where the user can decide who can contact them. If someone is being overrun by spam, it’s a simple task to change a profile to “friends only”. I think that there is a limit to the amount of spam that most people are willing to tolerate. Beyond that point, someone will tend to move on to areas of the internet that are not yet overrun.

  9. Hello says:

    Give out fake/disposable emails to blog sites and other sites that you can post comments to, forums and, well, as much as possible. Don’t give your real one to people you don’t know personally and trust.

  10. Hello says:

    Mailinator.com
    Dodgeit.com
    Pookmail.com

  11. Hal says:

    The big problem with spam is not spam messages that get through, it’s non-spam messages that don’t get through. Spam has broken email reliability. As the percentage of mail that is spam increases, the problem of false positives (mail wrongly identified as spam) is only going to get worse. And hunting through your spam inbox before wiping it, to make sure there’s not a message from your buddy or your boss, is becoming impossible. My wife missed an important business message a couple of weeks ago because it was sent from an unusual address and landed in her spam box. This is the real cost of spam, that email no longer works.

  12. graphex says:

    hal has a good point that false positives are currently thy highest cost of spam. However, I don’t believe Faramond’s answer of obfscuated inboxes is effective. It is just easier to do the reverse and allow dissemenation of a single address, filter incoming mail with a mx-record based system like Postini, and whitelist addresses or domains that are important.
    After getting set up with an mx-record-based filter, which has a wider base of real time comparason potential, I cut my spam from 500/day to maybe 5/month.

    I get about 5 false positives per month, but almost all of those are “bacon” – you know, not spam but not exactly a real message either… newsletters or other mass emails that are actually requested. There is the odd non-bacon false positive, but an address-book-based whitelist keeps those to a minimum.

  13. I R A Darth Aggie says:

    Spudz inquires:

    What about the rest of us ordinary users?

    Well, you could go to http://www.cotse.net, and pay $5.95 a month for their privacy services. In addition to all addresses @.cotse.net subdomain, you get advanced spam detection, goldlists, whitelists, blacklists, and access to proxy servers.

    In the spirit of full disclosure, I’m a satisfied cotse customer.

  14. Alvaro Cardenas says:

    I believe spam is more than a nuisance to the Internet: Isn’t spam what keeps botnet owners alive and motivated in between DDoS attacks? Their main source of revenue?

  15. Spudz says:

    Obviously this suggestion is useless to anyone who doesn’t have a credit card, and therefore cannot make payments over the ‘net for anything.

  16. Nathan says:

    Spudz, a domain costs as little as $10 per YEAR. You don’t need a credit card to pay, you can mail the registrar a check.

  17. Spudz says:

    The $5.95 a month Darth Aggie mentioned adds up to a lot more than $10 in any year that is more than a month and a half long.

    I’d suggest remedial arithmetic classes, Nathan, but they’d probably just be a waste of your time and the tutor’s.

    (This assumes the same unit of dollars is being used, and constant dollars. If that year saw massive deflation…)

  18. Syndroma says:

    I think the technology to defeat spam already exists. It’s called ‘greylisting’. I seriously think it’s panacea. Highly recommended to all mailserver owners.