Skip Links

Spam-busters

MIT recently brought together the nation's top spam fighters at its annual anti-spam conference. Network World caught up with some of the speakers and participants. Here are their stories.

By Steve Ulfelder, Network World
March 22, 2004 12:06 AM ET

Matthew Prince

Network World - Spam credentials: CEO, Unspam, a consulting company specializing in anti-spam laws; adjunct professor of law, John Marshall Law School, Chicago.

Most-hated spam: "That which contains inappropriate content and is targeted at children: solicitations for pornography, gambling, alcohol, tobacco. In most states it's illegal to target these solicitations to children in the off-line world. It is disgusting to me that spammers can get away with doing it online."

Favorite spam-fighting weapon: "I'm skeptical about filtering technology, on its own, as a solution to spam. Since there's essentially no cost to sending e-mail, spammers' response has been to increase the volume they send. The rise in spam almost exactly correlates with the deployment of filters."

"I chose this work not only because unwanted messages constitute a modern plague I hoped I could help do something about, but also because spam presents challenging and cutting-edge legal issues," Prince says.

As an example, he points out that while a number of states and countries have passed anti-spam laws "the problem is that an e-mail address alone doesn't reveal its owner's jurisdiction. So when you send to my address, there's no way to tell what state or country's laws you are subjecting yourself to," he says. That causes trouble because "under just about every modern legal system, unless you have 'purposefully availed' yourself of a jurisdiction, you cannot be subject to its laws," Prince says.

This loophole brings to mind the famous New Yorker cartoon by Peter Steiner with the caption, "On the Internet, nobody knows you're a dog." Such "semi-anonymity creates a problem for enforcement of anti-spam laws," Prince says. "The caption could read, 'On the Internet, no spammer can tell you're a New Yorker.'"

This has been a problem on the state level and will continue to be a problem on the federal level. Prince says spam fighters tend to be passionate about their work. "Spam stirs people's emotions because people view it, rightly, as an invasion," he says. Unspam's Web site gets reams of e-mail from users who are sick of spam, he says, and "the passion these people have for getting rid of spam spills over to those of us trying to come up with solutions."

It's not surprising that Prince says there is a place for law in the war on spam. "The law has one clear advantage over technology: It can impose costs," he says. "While law will never be as efficient as technology, technology has no mechanism in an environment where the marginal costs are virtually zero to increase the cost." As a result, he says, filters can stop a majority of e-mail from being delivered, but spammers just increase the number of messages they send. Therefore, virtually the same number of messages get through, and the spammers' costs are unchanged. "But the overall costs to the network increase dramatically," he says.

However, Prince says the first generation of anti-spam laws, including the new federal CAN-SPAM Act and European and Asian opt-in regulations, have been ineffective. "They did little to make prosecution cost-effective," he says. "And an old legal adage says, 'Without prosecution there is no law.'"

Thus, if new anti-spam laws are to be enforced, and therefore effective, Prince says he believes they must "decrease the cost of tracking down spammers, decrease the cost of bringing a trial, increase the likelihood of success at trial or increase the social benefit from winning a trial." He applauds some state efforts that he says are headed in the right direction, such as child protection registries under consideration in Utah and Michigan.

"At its heart, spam is a problem of identity," Prince says. "If you can tell who is sending the messages, then you can write laws to punish bad actors. Moreover, you can create filters that will actually be effective. As a result, the technologies that interest me the most are the ones that help establish and verify a sender's identity. Until we can do that, I suspect spam will continue to be a serious problem, even as we develop better filters."

Prince is optimistic about spam's predicted demise. "If the spam economy behaves in a classical way, it should eventually defeat itself," he says. "As the response rate for messages drops, eventually the costs should be high enough that being in the business of spam isn't profitable. The advantage of a problem like spam over a problem like computer viruses is that the spammers aren't just sending their messages for fun - they're out to make money. If their costs get too high, they'll move on to some other business."

To hasten the death of spam, he says, "you need to impose a marginal cost on each message spammers send. This is why [Microsoft Chief Software Architect Bill] Gates' proposed solution is to charge a small fee for every e-mail sent. That would work to impose significant costs on spammers and may stop a lot of spam, but I'm not sure the cure isn't worse than the disease."

Asked if he has conversed online or otherwise with spammers, Prince says, "The problem is very few people sending spam think of themselves as spammers. I've talked with a lot of people who think of themselves as 'e-mail marketers' but who engage in practices that are particularly troubling - trading lists, 'losing' opt-out requests, having an extremely loose definition of what it means to have opted in. Some of them genuinely don't see a problem with what they're doing. And if they were the only ones doing it, it wouldn't be much of a problem.

"However, just as people who throw trash on the ground in a park justify it by thinking their trash alone won't do much harm, some marketers I've talked to justify their behavior by arguing that their little indiscretions aren't that bad. Unfortunately, just like trash in the park, a lot of small acts of bad behavior quickly multiply to a significant problem," he says.

Terry Sullivan

Spam credentials: Software developer and Dallas-based researcher focused on statistical analysis and characterization of spam. Led the Internet Research Task Force workgroup on fighting spam.

Most-hated spam villain: "All of them! All spam is a form of attention theft, which is precisely what makes it bad. That said, I felt most heartsick when I ran across the foreign-currency-smuggling spam (commonly referred to as 'Nigerian' spam) that cloaked itself in religious language and Biblical quotations, trying to prey on the religious sentiments of unsuspecting innocents."

Favorite spam-fighting weapons: "I favor a belt-and-suspenders approach. My in-box is protected with a heavily optimized rule-based classifier, a Bayesian filter, a small whitelist/blacklist and some minimal DNS-related stuff. Still, I do have a favorite genre of anti-spam solutions: the heuristic classifier (aka the rules-based classifier, sometimes called a feature detector)."

Sullivan joined the war on spam because of "a gradual, increasing frustration with the sheer amount of dreck that was accumulating in my in-box and a sense that if I wasn't interested in 'herbal Viagra' yesterday, or the day before, why on Earth would I be interested in it today?"

When the aggravation hit a certain point, Sullivan says, "I finally said to myself, 'I'm a bona fide expert in some very sophisticated, automatic, document-classification technologies. Why am I putting up with this?'" Within 24 hours, Sullivan says, two-thirds of all his incoming spam was being piped straight into an archive. "Two weeks later, it was around 98%. And I never looked back," he says.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News