That's a TERRIBLE way to fix spam

A respected email technologist has been quoted in the mainstream media as saying he has a plan to solve spam. Oh really? Sadly, it seems he's just repeating a failed idea, as we'll see in The Long View...

By Richi Jennings.

If you've been following my Google+ stream today, you'll have noticed the conversation around the so-called 'father of the email attachment,' Nathaniel Borenstein. Nathaniel (nsb to his friends) is a smart guy, and his email chops were proved beyond doubt when he co-developed first the Andrew Message System at Carnegie Mellon, and then the MIME standard at Bell Communications Research. However, according to that august organ The Guardian, nsb's opinions on spam filtering are crazy-naïve. If the reporter is to be believed, nsb is proposing a solution that simply won't work, and has been proven not to work over and over and over again.

My favorite idea involves...attach[ing] to your mail a promise to pay the recipient a certain amount of money if they think it's spam. Spammers aren't going to be able to attach those bonds.

Whether or not nsb actually said such a bonkers thing, this, my friends, is what spam-fighters sarcastically call a FUSSP, or Final, Ultimate Solution to the Spam Problem. This one is a variant of the good-old e-postage idea: A variant known as "attention bonds." As I said back in the


last days of 2010, every e-postage proposal failed because they wouldn't work. Similar proposals seem to pop up every few years; these FUSSPs continue to reoccur because people are either too lazy to look back at computer-science research done in the past, or too arrogant to conceive that other researchers knew what they were talking about. Over the years, several researchers independently figured out that spam is too easy and cheap to send, in contrast to physical junk mail. So they concluded that what’s needed is the equivalent of a postage stamp, to destroy the profitability of spamming by increasing the cost of sending large volumes of email.

Sadly, despite some of the finest minds trying to perfect the idea over several years, nobody’s managed to solve its inherent problems, such as spammers simultaneously reusing the same micropayment token. Startups that tried to exploit similar ideas have also failed -- notably, Goodmail.

The plans also didn’t recognize the power of botnets, which placed immense computing power in the hands of spammers at low cost. ("Botnets" are networks of malware-infected, "zombie" PCs, which can be instructed to send spam and do other nasty acts under remote control.)

These e-postage ideas, like many other FUSSPs, also suffer from the problem that we already have a widely-deployed, decentralized, heterogeneous email network around the world. Mandating that the entire network be replaced or upgraded is simply naïve.

Dr. John Levine, president of CAUCE, Anti-Spam Research Group (ASRG) chair, and all-round email top-banana, agrees:

As soon as you make e-mail cost real money, you open up a wide range of financial frauds and scams. ... [T]here's no reason to assume that the result would be any less expensive and awful than the situation now. ... [And] we still don't have any workable authentication scheme for e-mail so there's no way to prevent bad guys from lying about who they are.

In fact, the finest minds in the ASRG have been round and round the e-postage problem once again, a couple of years back. After much deliberation, hair-pulling, and general geek-anguish, they too concluded that you can’t get there from here.

On closer inspection, all too many spam-fighting plans turn out to be re-hashed, discredited FUSSPs that the industry already knows will fail. But all is not lost: Today’s spam filters work extremely well.

Now, all that said, the last word has to go to nsb himself. It turns out that he was misquoted, or at least selectively quoted:

People who think we can do this today are naive, if not crazy. ... I believe that we will turn to economic solutions only when we have gotten all we can out of every other approach to spam. ... So almost all implementation-related arguments are irrelevant if they're based on today's capabilities. [But] it's a prediction so far in the future that it's irrelevant for any practical purpose.
It was overall a very good article, and the journalist was excellent. He only left out one thing on this topic, which is that I saw this as a long term phenomenon, not something to look for in the near term.

Well that's alright then. I suppose one of the dangers of dismissing a FUSSP out-of-hand is not realizing that the situation's changed.

However, in this case, there's a large number of anti-spam researchers who remain to be convinced.

How would you stop spam? Comment below...

Don't miss out on The Long View:

Richi Jennings, blogger at large

Richi Jennings is an independent analyst/consultant, specializing in blogging, email, and security. As well as The Long View, he's also the creator and main author of Computerworld's IT Blogwatch, for which he has won ASBPE and Neal awards. A cross-functional IT geek since 1985, you can read Richi's full profile and disclosure of his industry affiliations.


Copyright © 2012 IDG Communications, Inc.

Bing’s AI chatbot came to work for me. I had to fire it.
Shop Tech Products at Amazon