200,000


September 16, 2003

My spamcop filter just trashed a piece of spam numbered 200,000. That means that I’ve received 200,000 pieces of junk email since January 1st of this year, a new high watermark for my inbox. These days, I use a combination of spamcop, spamassassin, and the junk rules within the Apple mail.app to get the email I want and based on this, I can say that it is almost possible to live a life where most of the email you see is spam-free. A cursory study of the spam, though, shows something that few people seem to have mentioned: you cannot legislate spam out of existence.

Looking at my spam folder, I’ve noticed spam coming from countries as far as China, South Korea, Australia, Togo, Niger, Egypt, and Russia. Whatever rule is passed in the US will not apply to those people, as they sit outside of US jurisdiction. As a result, legislation alone will not work in appeasing that burden on our mailboxes.

This brings up an interesting point. The openness of the Internet is what spammers are relying on. This openness is one that has acted as a fundamental part of the success of the Internet. The old idea of routing around any problem is one that lets spammers do their thing without any problem. I believe that it is almost impossible to fight spammers at the current time without calling for an escalation in the war on spammers.

The first issue around spam is that it is an economic problem. Spammers are sending out their queries in vast amounts for two reasons:

Based on those assumption, the only way levels of spam will diminish is if the economic incentive for spam is removed. But how do you do that?

Some solutions have offered the idea of a counterstrike on spam, which I believe could work some of the way but would not go the full range. While this would probably squeeze out some of the smaller players, it will fail in eliminating the larger ones. Furthermore, the way spammers will handle this is by upgrading the systems they have to avoid those strikes.

What I would propose is an advanced system that would be a global whitelist, not of mail addresses but of mail server. In order to sign-up, an ISP would have to agree to certain terms of services (my system is not an open relay, I will not distribute spam, I will prosecute any spammer that uses my system, etc…). Those terms would be jointly agreed upon and a non-profit organization would be set up to manage the whitelist and work on negotiating with parties that are breaking the rules.

Any signer to this charter in good standing would get their mailed relayed across all other signer’s system without any other check. Members who are not in good standing but are found by the organization to be working on establishing remedial steps would be moved to a lower level of priority and their mail would be relayed much more slowly for a period of time (30 days?). Members who are not in good standing and who are not working on remedying the situation in a timely manner would be banned from the network, and their emails would be dropped.

Under this approach, the system would eventually get to the point where spammers are working on a different network. As more and more members sign on (meaning administrators of mail servers), the system would increase in value for any subsequent member, hence squeezing spammers further and further out, up until the point where most systems would be charter signers. Once that has happened, non-signers would be squeeze out of the system, and their emails would not be relayed.

All these, of course, would have to happen in an automated fashion so that a system from which a spam emerges would be moved to non-compliant mode automatically. The process to get back on the “good guys” list, however, would be one that would be manual, serving as a penalty box. Violators (meaning administrators of mail systems which are violating the terms of services) would not only have to show that they are working on resolving the problem but would also have to pay a fine to the organization that administer the network. That money would be used to pay the cost of administering the network. The advantage in that approach is that it might allow mail administrators to show real financial damage and sue people who have abused their systems to recover that cost. This, in itself, could increase the cost of spamming and take out some of the financial incentives of the practice.

Ultimately, spam is a technical problem and the only way to stamp it out will be a technical solution. However, coupled with a legal one, it could become a real winner. I am not a lawyer so my legalistic argument may be unsound. If you think it is (or if you think it can be refined) or if you think there is a better technical solution, drop me email.

Bookmark and Share:

Leave a Reply (or use Trackback)