Thursday, December 11, 2003
Spam spam spam spam...
Well, there's been a lot of talk on the Screen Savers lately about spam. It seems like a lot of people are moving toward having digital signature certificates on e-mails (aparantly Yahoo was the first to implement this). If enough ISPs start to do this, then they may eventually stop accepting non-authenticated e-mails. On the surface, it seems like a good idea that could actually work. However, I'd really hate to lose the anonymity of the internet.
After doing a search, I came up with Brad Templeton's essays on spam. Brad has a ton of great information in there. Some history on spam, overviews of different ways of fighting it (along with pros and cons), classifications of what spam might be, and his own preferred idea of fighting it.
An interesting distinction he makes is between content and the way it is distributed. He makes the case that a single person decided to send you a commercial e-mail is not necessarily a bad thing. For instance, if you run a business, someone might e-mail you to ask if you're looking for new employees. It is unsolicited and business-related, but it is really directed right at you and isn't as big of a deal. On the other side is unsolicited bulk e-mails. These could be commercial or religious or political or a scam. He argues the problem is more about the fact that sending these out to a bazillion people at a time really causes problems and harms the internet experience. I think this is something that I generally agree with actually. If some guy with a local store visits my site, sees I'm into yo-yos and live locally and decides to e-mail me, I'll be less offended than someone who owns and online yo-yo site, harvests a thousand e-mail addresses off of a yo-yo message board and e-mails all of them.
Brad's thought on a technical solution is an interesting one. He proposes that there be whitelists for trusted users. These might be people who are authenticated or who are part of an ISP with a user agreement stating users can't send spam. These people wouldn't be restricted and could send normal e-mails or bulk mailings (presumed to be a mailing list). On the other hand, for people that aren't authenticated, e-mails would be brought to a different router which checks for bulk mailings (and perhaps other spam characteristics) and places restrictions it. E-mails get put in a holding area for a small time and if similar e-mails show up it is delayed even longer until getting outright rejected after reaching a certain size. Instead of making everyone have to be authenticated, this method only restricts bulk mailings to these people. It does seem kind of involved and I fear people may just go for a simple b&w approach, but hopefully enough people can support something like this for it to be practical.
With it estimated that now 58% of e-mail is spam, it seems like something has to be done. It is bad already... what happens when 95% of all e-mail is spam? Client-side bayesian filters are great, but that still doesn't help the massive load that networks and isps are being put under. It seems like something has to happen besides just a presently unenforcable national law. I just hope our rights and privacy won't be futher erroded in the process...
After doing a search, I came up with Brad Templeton's essays on spam. Brad has a ton of great information in there. Some history on spam, overviews of different ways of fighting it (along with pros and cons), classifications of what spam might be, and his own preferred idea of fighting it.
An interesting distinction he makes is between content and the way it is distributed. He makes the case that a single person decided to send you a commercial e-mail is not necessarily a bad thing. For instance, if you run a business, someone might e-mail you to ask if you're looking for new employees. It is unsolicited and business-related, but it is really directed right at you and isn't as big of a deal. On the other side is unsolicited bulk e-mails. These could be commercial or religious or political or a scam. He argues the problem is more about the fact that sending these out to a bazillion people at a time really causes problems and harms the internet experience. I think this is something that I generally agree with actually. If some guy with a local store visits my site, sees I'm into yo-yos and live locally and decides to e-mail me, I'll be less offended than someone who owns and online yo-yo site, harvests a thousand e-mail addresses off of a yo-yo message board and e-mails all of them.
Brad's thought on a technical solution is an interesting one. He proposes that there be whitelists for trusted users. These might be people who are authenticated or who are part of an ISP with a user agreement stating users can't send spam. These people wouldn't be restricted and could send normal e-mails or bulk mailings (presumed to be a mailing list). On the other hand, for people that aren't authenticated, e-mails would be brought to a different router which checks for bulk mailings (and perhaps other spam characteristics) and places restrictions it. E-mails get put in a holding area for a small time and if similar e-mails show up it is delayed even longer until getting outright rejected after reaching a certain size. Instead of making everyone have to be authenticated, this method only restricts bulk mailings to these people. It does seem kind of involved and I fear people may just go for a simple b&w approach, but hopefully enough people can support something like this for it to be practical.
With it estimated that now 58% of e-mail is spam, it seems like something has to be done. It is bad already... what happens when 95% of all e-mail is spam? Client-side bayesian filters are great, but that still doesn't help the massive load that networks and isps are being put under. It seems like something has to happen besides just a presently unenforcable national law. I just hope our rights and privacy won't be futher erroded in the process...