Spam Will Never Die

Regardless of how hard IT experts work to intercept the trillions of junk e-mails that bombard hapless in-boxes, the spammers will find ways to defeat them. Pro or con?

Pro: Teflon Nuisance

Spam pays—that’s the bottom line. Economics, not technology, carries the day.

Unlike surface mail, e-mail carries no incremental cost increases for larger volumes. Even if only 1 person in 1,000 responds to a solicitation for V1agr@ or L0west R4te Life Insurance, those businesses make money. More problematic from a consumer perspective is the impossibility of distinguishing a legitimate (albeit annoying) Internet business from an organized-crime spammer out to steal your credit-card information. As if that weren’t bad enough, sometimes the spam carries a virus or worm as a payload, intended to hijack or compromise your computer.

The economics have grown so overwhelming that more than 90% of e-mail traversing the Internet is spam. According to the ePrivacy Group, the volume of spam has been growing by 18% per month. The Internet service providers have a structural problem: The accidental blocking of legitimate e-mail messages irks customers even more than the receipt of bogus messages, and no tools can kill all spam without also eliminating some genuine mail.

"This situation has created an arms race between the spammers and spam blockers," says Daniel V. Klein of LoneWolf Systems, an authority in the field of e-mail security. "Spammers are smart—for every new anti-spam technique, there is a newer spam-sending technique."

Without a fundamental change to both the technology (use more authenticated protocols) and the culture of the Internet (restrict anonymity), the factors that have created this explosion of spam will persist. Proposals to balkanize e-mail by creating the equivalent of gated communities of "safe" mail senders and recipients—as well as proposals to monetize Internet e-mail to eliminate the economic incentives of spammers—have met stiff opposition.

For the foreseeable future, the only mitigation lies in accepting that the Internet will remain a hostile environment, and recognizing the need to deploy anti-spam tools (or to contract with an anti-spam service) to protect yourself or your organization as well as possible.

Con: In-box Inoculations

Spam will always be with us, but it won’t always be the headache it is today. The incentives that motivate spammers to send unwanted e-mail come from technology and law. In the long run, we’ll adjust both to drive them out of business.

Alarming reports about the total volume of spam on the Net are beside the point. What we really care about is how much spam actually lands in our in-boxes. Thanks to new technologies, the fraction of spam that sneaks past the filters is starting to decline faster than the total volume of spam messages is increasing—so the typical user will see fewer and fewer unwanted messages.

Network operators and software firms are deploying ever-better filtering tools, using advanced machine learning and collaborative filtering (if others say that a message is spam, you won’t have to see it) to lower the odds of unwanted messages sneaking into your in-box. Eventually, we’ll be able to authenticate where messages originate, making it harder for spammers to hide. Sure, the spammers will fight back with technical tricks of their own, but we can fight on the technical front at least to a stalemate.

On the legal front, we’re raising the cost of spamming by tracking down spammers and bringing criminal and civil actions against them. Jeremy Jaynes, purveyor of fraudulent get-rich-quick e-mails, went to prison for nine years. Jeffrey Goodin, who sent fraudulent e-mails to steal individuals’ account information, got 70 months. Adam Vitale pleaded guilty to breaking anti-spam laws, and faces up to 11 years of federal time. How did investigators track down these elusive cybercriminals? By following the money.

It’s no fun being a spammer these days. Every day, the business gets riskier and less lucrative. The good guys are winning the war. We’ll never be totally free of spam, but in the long run it’s a nuisance—not a fundamental threat—to the flourishing of the Internet.

Opinions and conclusions expressed in the BusinessWeek Debate Room do not necessarily reflect the views of BusinessWeek, BusinessWeek.com, or The McGraw-Hill Companies.

Reader Comments

Conner S

Agreed on the issues and the statement that it will eventually change from this pattern of growing percentages of spam emails in number.

(I'm 15 years old--just thought I'd add that.)

tina

Spam is the equal to bulk-mail snail mail. I hope the spam will stop and that the spammers will work on more people-friendly activities. The spammers are people who do not know how to form relationships with their customers and just want anyone who is desperate enough. It is too easy to hide behind an identity until getting caught, and lots of people are hurt in the process. Love the Internet anyway.

Dante

There is one simple solution to this spam mess: Send out the old-fashioned kill virus. Spam is a problem only because there is an army of retards with zombie machines out there doing the spammers' dirty work. Send out old-fashioned killer viruses that kill the PC permanently instead of turning it into a zombie. These killer viruses will only affect those that leave their machines open to become zombies, as the rest of us have anti-virus protection. Once these zombies die off, spam should drop dramatically.

zo.chin

Boo -- spammers suck.

me

Well, the main thing is that everyone will have to have an e-mail account from one of the big companies to prevent spam. I would think this is the most useful business information about the spam issue.

Don

Our "con" writer makes at least two fundamental errors, which may be ivory tower symptoms: (1) We do care about how much spam traverses the Net, not just how much arrives in our in-boxes, because spam uses bandwidth and bandwidth costs money--maybe not much, but someone has to pay for it. (2) The legal front only works within a particular legal domain. As long as spammers can come and go like boiler-room operations and can operate from countries out of reach of the legal system of the targets, little can be done there.

The best solution I have found is disposable-address services like the now-defunct Mailshell (at least its consumer version is defunct) and the still-operating volunteer SpamGourmet (www.spamgourmet.com). Combined with an unpublished, garbled e-mail address that's not subject to dictionary attacks, this will stop most spam cold, and help identify the third parties who sell our e-mail addresses to spammers. And if you start getting spam, you can just turn off the offending address.

thehynie

Dante has an interesting idea, but too harsh. Is the "death" penalty warranted when reasonably careful consumers can be victimized? How about a vigilante force that looks for vulnerable computers and finds a way to notify them of their vulnerability so they can get help? Or a requirement that ISPs take on this task in order to have access to the Web?

philip robert chanin

I'm not down with spam.

Dante

"Thehynie" has an interesting concept: A "reasonably careful consumer can be victimized." I find this "reasonably careful consumer" to be another urban myth. People who find a need to click on penis and breast enhancement e-mails or "psst, buddy, here's a hot illegal stock tip" are generally scum who will always be catching viruses. As the saying goes, you can't scam an honest person. And a kill virus will not kill an honest person's PC. It will knock out all the PCs that send out spam over and over again--through "no fault" of their scamming owners, of course. Their PCs just happen to load botnet software all by themselves.

Robert Moskowitz

The problem is already solved. Those of us using the free e-mail system from EnterTo.com have an "invisibility cloak" that spammers can never pierce. It doesn't matter if they try pdfs, graphics, spoofing, or anything else. We've leapfrogged the "arms race" and gone right to an impenetrable shield.

Game over.

Robert

dr2chase

The problem is that the virus-spreaders know how to target people who are not just looking for a quick buck. I regularly get e-mail telling me to check some aspect or another of my Paypal account. My wife reports "post card" spam; the first time you get it, it looks like someone has sent you some sort of an e-postcard.

But I am rather surprised that companies like Comcast are not doing more to recognize and control zombied boxes. They've started using filters that throttle and interfere with the BitTorrent protocol, so they've set a precedent--and perhaps invalidated any "common carrier" status that they might claim for themselves.

Rip

The solution is the pocketbook.

As a not-too-recent episode of NBC's Dateline demonstrated, you can always find the spammer, by using IP addresses and keys in the message itself. (If you couldn't, the spammer could not get paid.) The problem is that no one is tracking these guys down.

So here's how a solution would work: You the spammed would reply to the spammer with a "Leave me alone"--and cc an appropriate government agency.

That agency would then fine the spammer $1,000 for every subsequent e-mail you the spammed would cc them from the same spammer.

The agency would be self-funding. (Heck, the law could just authorize bounty hunters.)

If the spammer fails to pay the fine within 30 days; the agency/bounty hunter can take him or her to court for $10,000 per infraction (e-mail).

Adding a mandatory $100-per-e-mail contribution to the local (spammers' home) governing authority would ensure the immediate implementation of laws in lawless areas such as Nigeria, Ukraine, Sudan, etc.


Next problem.

blarman

The biggest problem is that there is no way to enforce that the senders of e-mails are who they say they are. Change that, and it becomes much easier to police, and enforce anti-spam laws. I would propose that it become the ISPs' job to do this: (1) because they are the most able; and (2) because they will be freeing up their own pipes for legitimate traffic by doing so.

brent

Spam? Don't you people know about gmail yet?

ricco

All e-mail providers should allow users to select a box on an options page that prevents any and all incoming spam from entering their mailbox after whatever preselected number of spams from the same spam sender have been received and sent to the recipient's spam folder. How can this be so difficult that it is not now being done? It is so totally simple that I truly believe that e-mail providers that do not provide this "prevent receipt" option have to be getting paid by the spammer to overlook any such remedial action.

MIKE

I agree with Dante. Users who are too lazy or too dumb to install and maintain a good firewall (some of which are free) don't belong on the Internet.

Rahil Shaikh

Spammers really suck.

Paul

Spam is rampant because the costs of the infrastructure are not shared by its users. With every good intention, the 1960s-counterculture creators of our information infrastructure decided the Internet should be "free." (Translation, subsidized by corporations.)

As a result, bulk e-mails cost spammers nothing, and those with nothing to lose will be a persistent nuisance to the rest of us.

Even a charge of a fraction of a cent would be enough to eliminate significant spam volume. Spam is a public restroom, what economist call a "tragedy of the commons." Only when we restore the natural checks and balances imposed by capitalism can we solve the problem.

Bremmer Mandrake

Years ago, it was easy to write a program to crash or attack a computer. Now it's just not that easy. To write programs, it takes groups of people just to get past the minimum security system. Years ago, they had radar detectors for your car; then they found out the company that made the radar guns also made the detectors. Hmmm. Buy any anti-virus spyware spam remover lately?
--Mandrake

Day Traders Win

The latest spam action for me: dozens of unreturned e-mail notices. No idea what would happen should I open one to find out what they are about.
John

Rather not say

Well, it's pretty clear you need to take the economic incentive away from spammers and the people who employ them.

That's what I am trying to do. I hope to go to market this year. Just wait--it should be fun.

Cedric Chin

There's another pretty simple solution to spam--remove the idiots who fall for it. Somehow, these spammers are actually making money. I guess quite a few people have visited Nigeria.

I also like charging users for sending e-mail. That's how snail-mail works, so why not e-mail? I'd fully support a millionth of a cent tax on per-address e-mails.

Just make it un-economical to send spam, and the problem goes away.

Spammers be gone

A scum like Jaynes is still free while he appeals. Other than for clogging mailboxes with unsolicited junk via fraudulent means, he desperately needs to be locked up so he can lose lots of weight--the side effects of being a spammer is too much sitting.

Why do people still click on emails from unknown sources who promise to have the panacea that includes "EnLAR_ge you" or "LooSSe weight now"?

sue

Charging a very small amount per e-mail sounds like a good idea. If spam wasn't free, it wouldn't pay.

Dante

I don't know. Yahoo and Gmail appear to do a very good job at filtering out spam. I only see about one spam every two months on these services. But lawmakers can make spam disappear. They just need to enact tough, "fit the crime" laws. For wasting millions of people's time in their lives, these spammers should be made to follow a mandatory organ donation program. This way, these scum can finally be of use to society. And they compensate society for wasted time by extending the time people have in living. We'll see how fast spam stops when we start doing the chop chop.

Mara JVG

Prácticas antispam
Cuando hablamos del spam, siempre hacemos referencia a los spammer, mas nunca reflexionamos en cuales son las prácticas de los usuarios comunes que incentivan o facilitan las prácticas de estos.
Estamos acostumbrados a escuchar sobre lectores inteligentes, consumidores inteligentes, público inteligente, tal vez cuando la penetración de esta tecnología sea aún mayor los "usuarios serán mas inteligentes" y no caerán en prácticas que promuevan el delito en la red.
Si está en contra del Spam:
 No se haga eco de cadenas.
 Desarrolle estrategias de reconocimiento de Spam (dirección desconocida o sin dirección de respuesta, asunto llamativo, etc) y Hoaxs (redacción, atemporalidad, etc).
 Use la CCO "copia oculta" cuando sea necesario enviar un mensaje a muchos destinatarios
 No lea ni permita imágenes Spam.
 No use la dirección privada de e-mail en sitios webs, foros, conversaciones online o suscripciones. Utilice una cuenta alternativa o temporal de la que no se leerá el correo entrante.
 No conteste nunca un Spam.
 Mantenga la seguridad del equipo o red informática para evitar ser usado como zombie (utilizando sus recursos para enviar spam).
 Esquive a los Robots: Distribuya la dirección de mail en forma de imagen o disfrazada.
Tome recaudos análogos para evitar la proliferación de:
 Spim: específico para aplicaciones de tipo Mensajería Instantánea (MSN Messenger, Yahoo Messenger, etc).
 Spit: spam sobre telefonía IP. La telefonía IP consiste en la utilización de Internet como medio de transmisión para realizar llamadas telefónicas.
 Spam SMS: spam destinado a enviarse a dispositivos móviles mediante SMS (Short Message Service).

Accuracy

Jeremy Jaynes did not spend a single day in prison, though sentenced for 9 years. The case was overturned, then dropped when the US Supreme Court refused to hear the prosecution.

Join the Debate

 

Participate More!

Please send us your ideas for new Debate Room topics. If you're an academic, association officer, or other industry expert and would like to write a Debate Room essay, send us a query. Questions? See the

BW Mall - Sponsored Links

Buy a link now!