• United States
by Paul Graham

Face-off: Filtering works, new laws won’t

May 26, 20033 mins
Enterprise ApplicationsMalwareMessaging Apps

There are two senses of stopping spam – stopping it from filling up our in-boxes and stopping spammers from sending it. Of course, if you solve the first problem, you also solve the second. Spammers send spam to make money. If no one sees the spam, they’ll be wasting their time sending it and soon will stop.

Two of the most promising solutions to the spam problem are to filter it and to outlaw it. It’s too early to say for sure which will win, but so far, filtering works and laws don’t.

The other side by Jason Catlett

Forum: Share your thoughts

Debate the issue with Graham and Catlett.

A year ago, few people thought filtering was a practical solution. Earlier filters, which identified mail as spam based on whether it contained specific words, were not very effective. If you made them tight enough to catch most spam, you got too many false positives – e-mails mistakenly identified as spam.

The new generation of statistical (also known as Bayesian) filters are much better. Mine lets through 2.5 spams per 1,000, with about 0.5 per 1,000 false positives. Moreover, the false positives that statistical filters yield tend to be mail that resembles spam: newsletters and advertising, not personal mail.

The argument against filters is that we still have to pay the cost of transmitting the e-mail. But this cost would go away if filters were widespread because response rates would be so low that it wouldn’t pay to spam. And filters are becoming widespread because it is in the interest of the big online services to implement them. It decreases their infrastructure cost if they’re known to be spam-proof, and, as MSN’s full-page ads testify, effective spam protection is a big marketing advantage.

There are two problems with trying to outlaw spam – the legitimate direct marketing lobby and the difficulty of enforcement. Direct marketers want to ensure that spam laws still permit them to contact their customers. The resulting loopholes are so big that spammers get through, too. Because the company they bought your e-mail address from is an “affiliate,” they consider you their customer, too. Perhaps a law could be written that is tight enough to prevent this, but I doubt it.

There are several grades of spammers, from companies that call themselves “opt-in” mailers to the guys who hijack mail servers to send pornography. A tightly written law might shut down the “opt-in” spammers, but without effective enforcement the pornography spammers will just ignore it.

Enforcement is a hard problem. Spammers route a lot of their spam through servers offshore. What happens when they move their companies offshore, too? Are we going to be able to extradite people for spamming?

I’m not against trying to outlaw spam. I just don’t think new laws will work any better than the current laws. Filtering works now.

Graham has written two books on Lisp and was a founder of the start-up that became Yahoo Store. Recently he has worked on spam filters and a new language called Arc. For more on filtering, see