Counterstrike on Spam

Paul Gra­ham high­lighted an inter­est­ing con­cept in fight­ing off spam­mers. The basic idea is to make anti-spam tools do a counter strike in sites pro­moted by spam­mers. The basic idea is that a black­list would be cre­ated to include repeat offend­ers. When a spam is seen, the server would check the black­list to see if the site is on there. If it is, the tool would crawl the site, gen­er­at­ing use­less traf­fic for the spammer’s source, hence increas­ing the cost of send­ing out spam.

On its face, the argu­ment seems to work. Some more thoughts on it:

High-volume auto-retrieval would only be prac­ti­cal for users on high-bandwidth con­nec­tions, but there are enough of those to cause spam­mers seri­ous trouble.

This part could be han­dled by hav­ing the mail servers them­selves take care of this. In most cases, mail servers are sit­ting on broad­band lines. The rea­son for this is that they need to always be on to receive mail. If such coun­ter­strike is to work, it has to come from those mail servers.

A refine­ment to the sys­tem would be to also include a whitelist. The rea­son for a whitelist is that it would allow pub­lish­ers to reg­is­ter with the whitelist in order to avoid a coun­ter­strike. One of the dif­fi­cult issues in deal­ing with spam is iden­ti­fy­ing false pos­i­tive. A false pos­i­tive occurs when a piece of mail is marked as spam even though it isn’t a piece of spam. Most false pos­i­tives arise out of email lists from pub­lish­ers because some of the cri­te­ria used to iden­tify spam (lots of URLs, sent to many peo­ple, sender is not same as reply-to, etc…) are also met by pub­lish­ers. By cre­at­ing a whitelist, one could remove some of those false pos­i­tives. Over time, an increas­ing amount of legit­i­mate sources would be identified.

There is, how­ever, a need for some level of account­abil­ity. Any list (either a black­list or whitelist) should be pub­lished for every­one to look at and some pol­icy should be set to estab­lish steps as to how one can go about being removed or added from/to one of those lists.

Another item that needs to be addressed in this is the user-agent string gen­er­ated by such a fil­ter that fight back. Such a tool should use a pop­u­lar user-agent like the one for IE so that it becomes indis­tin­guish­able from other traf­fic, mak­ing it harder to block it out. The tool should also gen­er­ate IP addresses that are equiv­a­lent to the addresses of sub-domains below the mail server (oth­er­wise, a spam site might just block the mail server from doing traf­fic blasts).

In gen­eral, I like the con­cept and hope that some­one out there is work­ing on imple­ment­ing it. It falls in the great tra­di­tion of the net rout­ing around prob­lems. Spam is now get­ting to the level where it under­mines the net as a whole, as spam mes­sages are grab­bing increas­ing amounts of band­width. Reg­u­la­tion alone can­not work as a lot of spam emerges from coun­tries beyond US juris­dic­tion and it would take a very long time to imple­ment any kind of pol­icy that works globally.

The answer to the spam prob­lem must thus be an engi­neered solu­tion and the coun­ter­strike approach seems sound. One could envi­sion this being imple­mented as part of mail servers in the future, a step that would ensure some higher level of support.

How­ever, the coun­ter­strike approach will only work for so long as spam­mers will find new ways to sub­vert the sys­tem. A ques­tion remains as to what will be the next step. The coun­ter­strike model will work in terms of hedg­ing out some of the smaller play­ers but larger sites might still con­tinue to strike. A way to han­dle this part might be to com­pletely black them out of the net. In order to do so, one would take the black­list of sites and add it to a web proxy blocked site list. The effect here would be to black-out sites over time, based on their being found guilty of spam. This may be the next level of esca­la­tion in the spam wars and might get us to the point where, unfor­tu­nately, we might all end up in gated online com­mu­ni­ties, block­ing out some of the peo­ple who are not will­ing to play nice. The net may lose some of its own free­dom in the process but that, unfor­tu­nately, may be the only way to com­pletely erad­i­cate spam in the future.