I read with some amusement the pledge to end spam within 2 years that Microsoft Chairman and Chief Software Architect Bill Gates made during his annual visit to the World Economic Forum in Davos, Switzerland. I was amused because I woke up this morning, as I did yesterday, to dozens of spam messages, all of which had somehow made it past the cunningly created and continually updated server-side spam filters I erected on my mail server. Spam is like water poking away endlessly at a concrete barrier: No matter how well you build that wall, no matter how strong it's fortified, it's eventually going to give way to the water. And, like a force of nature, spam is seemingly invincible--oblivious to the blocks I put in its way. Every day I spend a lot of time--too much time--dealing with this plague. So, how will Gates end spam? We already know that Microsoft has created spam-filtering technologies for use in its Microsoft Exchange Server, Microsoft Outlook, and MSN Hotmail products. And last year, the company began working with state and federal governments to pursue the most virulent spammers, putting a less technological and more lawful face on the battle against spam. But recent legal moves in the United States will have little effect on most American spammers. Worldwide, spammers can set up virtual shops anywhere to bypass local laws; it happens every day. These technological and legal efforts have been largely unsuccessful if you measure success by whether they prevent spam from reaching end users. Many of you have probably experienced the pain of setting up a spam filter with a rating that's too high, causing important email messages to be blocked. But when you set it to a lower setting, you end up having to manually delete the email messages you don't want. Although we'll always be able to improve the fairly impressive results we get with the Bayesian-type spam filtering that most spam filters now use, such filters will never be a cure-all. I'm glad my spam filter caught 218 spam messages this morning (I checked); I'm not so happy that it let more than 50 spam messages through. Gates says that Microsoft is looking at several solutions, some of which are further along than others. One obvious solution is a challenge-response system, which Mailblocks and other innovative email services use. This system forces first-time emailers to respond to an email query before their messages are delivered to you, ensuring that they're human. If Microsoft were to adopt such a system--perhaps by purchasing Mailblocks--and use the system in its market-leading Hotmail service, the company could almost instantly stem the tide of much of the spam that's delivered worldwide. But other popular email providers, such as Yahoo!, would need to adopt similar systems for this approach to be globally successful. Another possible approach, Gates says, is an email payment system in which users can charge fees for email messages they receive. If the fee is too high, the theory goes, spammers and other bulk mailers won't bother sending email to users. This approach is interesting but is the least well defined, Gates admitted. One solution that Gates didn't mention that could be the most effective is a complete overhaul of the poorly designed email infrastructure. Right now, email users can pose as other users or obfuscate their identities and relay mail through remote hosts, making it next to impossible for authorities or angered email recipients to track them down. No company or organization is moving too quickly toward a reformation of the system, however, largely because of the pain and cost it would incur. Email has become a crucial business and social tool, and the email infrastructure we all use is clearly broken. I wonder which kind of catastrophe will have to happen before we take the necessary steps to fix this disastrous bit of technology that we rely on so heavily each day. In the meantime, I'll continue to wade through email I never should have received--email that advertises "V1@GRA," online football betting, auto loans, and possible financial relationships with suspicious people from Eastern Europe and Nigeria. Can't we put a stop to this silliness?
End of Article
"Right now, it's possible for any email user to pose as another user, or obfuscate their identity and relay mail through remote hosts, making it next to impossible for authorities or angered email recipients to track them down."
Excuse me if I these comments with a truckload of road salt. Have you heard of existing protocols such as digital certificates? Public key encryption? We don't need another Microsoft lock-in solution. We need to make better use of the tools available to us today. And an "e-mail payment" system is not the answer either. That ranks as one of the dumbest ideas I've heard yet.
Editor's note: Nobody's asking for Microsoft solution (though as an Apple backer, I question your ironic use of the term lock-in). I'm asking for a fundamental change in the way email works. That would require industry-wide support. --Paul
"I wonder what kind of outbreak we'll need before we take the necessary steps of fixing this disastrous bit of technology we rely on each day."
Indeed. I wonder when people are going to realize just how insecure Windows really is, and start investigating the very viable alternatives available to them. Case in point: this latest worm not only clogs e-mail servers, it makes changes to the Windows registry without the user's authorization (that's inconceivable in, say, OS X, where you specifically need to grant the OS permission to make such changes).
But by all means, Paul, let's overhaul the email infrastructure per your suggestion. And let's make sure Microsoft is in charge. Certainly, they've done a bang-up job thus far.
Wendy_Rebecca January 28, 2004
What about the internet Routers? Why are not they commissioned by the States to do something to stop viruses and spam when its on its way? (Please, do not involve the Feds-they can only turn it into a jumbled, go nowhere mess. The States can handle themselves just fine). The "email system" is basically servers processing messages. What about the traffic when it leaves these servers? Why, at this point in time and technology, is Sprint, AT&T, WorldCom, CISCO, IBM, MSFT, and every other traffic processor not asked why they allow all sorts of bad traffic to flow? Costs you say? At this point, email is such an important means of communication, that the States should work it out with the Internet infrastructure players and keep it free. WE HAVE TO. THE WORLD WOULD SWALLOW OUR ECONOMY OTHERWISE. We shouldnt have to all of a sudden pay for something to fix it, when it has been neglected up to this point by the owners, who are likely BETTING on the fact that the issue of money can be brought up to the extent that email stops being free. Lets say its not free. Then what? No spam, allright great, but probably nothing else will be sent either. Except for those who can afford it. This creates an unfair advantage over the "haves" and "have-nots" - to such an extent that it may be construed as bordering on or actually being, DISCRIMINATION. If this happened in finance markets then it would be called unfair faster than you could say "what?". Apply it to yourself, then your suburb, then to people who may not have enough for lunch every day, but rely on email to get jobs. So now what? And it sucks for the Feds too. The NSA has to sift through the spam as well.
Listen guys and gals, hire me as a global Spam server Terminiator. I will travel around the globe, always linked to SPAMHAUS.ORG and others, and I will hunt down the offending servers, and Office Space those bastards.
Keep THAT up for a few months, & I bet the spam will subside. Just watch...
On the other hand, it could all be a HUGE conspiracy where everyone is involved in sending spam, viruses, and bad code out, to PCs worldwide, and then they wait for folks to buy software from them. Talking about the big players folks, you know who. I doubt it, but its not hard to do with a little cooperation, I suppose.
Thanks. GO NEW ENGLAND PATRIOTS! GONNA WIN BABY!
Alice in Chains January 28, 2004
Bill Gates end spam? Yeah right. Just like Microsoft's Security Computing Initiative is ending exploits against their operating system, their browser, and their protocols. heh. We'll see...
The Clone January 28, 2004
I've read this on a few other news sites, and they all mention another method: making the computer solve some kind of puzzle for every email it sends. Granted, this would only slow down sending and not stop it, but it would certainly help to an extent.
Benedict January 28, 2004
One of the big problems is with SMTP. I don't understand why SMTP servers allow me to send mail without a user name and password, and without checking my "From" address. As far as I can see it's the biggest security hole on the Internet, allowing people to send mail posing as someone else. The latest mail worms prove that every day.
Donn Edwards January 29, 2004
Something I've noticed is that when I set my span filter to exclusive, removing all non-known address and spend time going through my Junk Mail in Hotmail that after a time the amount of Junk Mail decreases. I think that after awhile the spam programs assume your e-mail address isn't active anymore if you just don't open the e-mails they send. Eventually you get off of the lists. In 3 months I've gone from 20 spam a day to a spam every other or every 3rd day.
Orion Adrian January 29, 2004
Paul, I don't want to advertise, but I personally use Spamcop with all its blocking features turned on and its SpamAssassin threshold set to 1. Like this, it blocks 100 spam mails per day and very rarely lets one slip through.
Tom January 30, 2004
Challenge-Response is a great theory, but breaks down in practice. Amazon is not going to be able to handle 1 million challenge-response messages each day when it sends it's confirmation emails.
The only way to stop spam is to update SMTP and create the ability to verify that the sender is who they say they are. Then sdnvsdgsgj@sdgsdhgjasgfal.spammer.com won't be a valid from address any longer, and the truly legitimate email-marketers and the valid emails from companies can get through to their intended audiences.
Email is a great medium for communicating with customers and providing effective, personalized, and relevant information for people who request to receive that information...
Locke January 31, 2004
The idea of the one time human response is good for most cases but if you ever do on-line shopping (I know I do) then you always get an automated mail confirming your order and order status. Surely this will then fail as a result? A good idea in theory but I think they will have to think of some way around this defence to allow these mails through. As well as these you would be faced with issues for Out of office replies and the like if you mail someone for the first time, their response would not get through to you either?!
Matt Hamilton February 02, 2004
if you did "human response" plus an ability for your mail software to not require a human response from certain first-time mailers, that's effectively saying anyone who wants to email you will either have to beg you to add their email address to your accept list, or act in response to your automated email system. smart idea.
You must be a registered user or online subscriber to comment on this article. Please log on before posting a comment. Are you a new visitor?
Register now
An often irreverent look at some of the week's other news, including some more Windows 7 sales momentum, some Sophos stupidity, Microsoft's cloud computing self-loathing, more whining from the browser makers, Zoho's "Fake Office," and much, much more ...
Let Your Users Reset Their Own Passwords: Free Download Try a 30 day free trial of Desktop Authority Password Self-Service – it provides an easy-to-use, robust system for allowing users to reset their own forgotten passwords or locked accounts.
Get Windows IT Pro & Mark Minasi’s Favorite Power Tools Guide Order Windows IT Pro now and get "More of Mark Minasi's Favorite Power Tools"--a in-depth guide to the most useful Windows commands --FREE with your paid order! Subscribe today, and save 58% off the cover price!
Deep Dive into VMware vSphere, eLearning Series Join John Savill to explore the major functionality capabilities of the vSphere virtualization platform, including identification of the changes from ESX 3.5.
Register
Excuse me if I these comments with a truckload of road salt. Have you heard of existing protocols such as digital certificates? Public key encryption? We don't need another Microsoft lock-in solution. We need to make better use of the tools available to us today. And an "e-mail payment" system is not the answer either. That ranks as one of the dumbest ideas I've heard yet.
Editor's note: Nobody's asking for Microsoft solution (though as an Apple backer, I question your ironic use of the term lock-in). I'm asking for a fundamental change in the way email works. That would require industry-wide support. --Paul
"I wonder what kind of outbreak we'll need before we take the necessary steps of fixing this disastrous bit of technology we rely on each day."
Indeed. I wonder when people are going to realize just how insecure Windows really is, and start investigating the very viable alternatives available to them. Case in point: this latest worm not only clogs e-mail servers, it makes changes to the Windows registry without the user's authorization (that's inconceivable in, say, OS X, where you specifically need to grant the OS permission to make such changes).
But by all means, Paul, let's overhaul the email infrastructure per your suggestion. And let's make sure Microsoft is in charge. Certainly, they've done a bang-up job thus far.
Wendy_Rebecca January 28, 2004