2008-01-26
The funding capture problem
Here is a cynical truth:
No matter what they say, organizations eventually wind up working for the people who give them money.
This is a natural result of the fact that very few people ever deliberately try to put themselves out of a job. Organizations are driven to perpetuate themselves, which requires that money keep coming in, which requires that the funding sources be kept happy, and before you know it the organization's interests have become aligned with those of the people who give it money.
This sounds unexceptional, but flip it around to the corollary:
Unless you're paying them, you can't expect people to act in your interest.
(Paying them is of course not a guarantee that they will act in your interest, but it is generally a necessary prerequisite.)
There's a lot of organizations on the Internet that you would like to act in your interest, or that represent themselves as acting in your interest. There are remarkably few of them that you are actually funding.
('Follow the money' is in fact the general principle of figuring out who's interests an organization is really serving.)
This corollary is the rock on which many anti-spam ideas have floundered. In general, any anti-spam system that is not funded by the people receiving email is ultimately not going to act in their interests; it will be captured by the people who do pay it, and it will stop acting effectively against them. When this happens it is not a one time accident that can be fixed; it is an inevitable result of the funding method.
2008-01-04
One problem with the current anti-spam environment
One of the problems with the current anti-spam environment is that there are not enough disincentives against doing really horrible things, like spam, virus, and so on notification autoresponders, or challenge response systems, or your favorite abuse. Practically speaking, people doing these things do not bear any costs for their actions, or at least none large enough to make them notice anything wrong.
(In fact there pretty much aren't any disincentives at the moment. There are a few blocklists of places that do bad things, but I doubt they're very widely used.)
In the absence of any visible costs to you, or at least to your institution, many of these things look very attractive. (And when they are being driven by higher powers, the lack of consequences makes it harder to argue against them.)
Unfortunately it is difficult to see how to turn around this situation. I think that the only effective disincentive that people will notice is for their real email to start not getting through, but the problem with such punitive blocks is that users get upset when you block email that they genuinely want. Almost by definition the only useful places to apply punitive blocks are the places receiving a lot of real email from the misbehaving sources, which means a lot of displeased users.
This is in a sense a tragedy of the commons issue, much like the rest of the email situation. (And I don't think that explaining it to people will really help; most people are to some degree fundamentally selfish, so we are bad at enduring pain for the benefit of random strangers or some indistinct higher goal.)