The fundamental problem of spam

June 3, 2006

Recently, yet another article on the death of email ran in the Register, 'The time has come to ditch email' (which I saw due to a Slashdot article). As usual, it advocates replacing SMTP email with something that is more 'secure', whatever exactly this means.

Unfortunately, this misses the fundamental problem of spam:

You want to get email from strangers, but only good strangers.

Telling good strangers from bad strangers is a hard problem, to put it one way. There is no indication that computers are going to be any good at it any time soon, and certainly current technology is not up to the job. Magic new security technology for a new email protocol would have to be very magic to solve the problem, and so far no one has even come close. Worse, a great many people (including the author of the piece in the Register) seem completely oblivious to the issue.

Indeed, today's antispam technology has false positives and false negatives precisely because it has to use heuristics like 'did a copy get emailed to a lot of other people' or 'does it have bad phrases' as a proxy for the real question.

(If you think that assigning people identities on the Internet will solve this problem, please see TwoSidesOfIdentity.)

(This idea isn't original to me; I think I picked it up in Usenet's news.admin.net-abuse.email.)


Comments on this page:

From 67.181.30.74 at 2006-06-03 14:13:06:

Kevin Martin obviously does not know what he is talking aboug, despite "being an editor of Security Focus and working with computers since 1986". However, what do you think about Bernstein's ideas of rearranging the delivery mechanism with I2000?

By cks at 2006-06-03 16:08:19:

I2000 doesn't solve the problem directly, because you still can't tell whether a piece of 'email' is from a good or a bad stranger before you read it. Its claim to effectiveness is shifting the costs of sending email more towards the senders, but this doesn't affect spammers unless you assume that they're going to stop stealing access to compromised machines.

(I also think that I2000 has a number of significant technical and political problems, but they don't sink it as an effective solution in the same way.)

And on Kelly Martin and the actual content of the article, I entirely agree, but then I just remind myself about the real purpose of the trade press.

Written on 03 June 2006.
« An object identity gotcha in Python
Weekly spam summary on June 3rd, 2006 »

Page tools: View Source, View Normal.
Search:
Login: Password:

Last modified: Sat Jun 3 01:30:50 2006
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.