Got Spam?
If you’ve got an email account, chances are you have received some spam — unsolicited commercial email — over the years. In fact, in February of 2004, over 90% of all email sent was spam. This figure is rising, despite the fact that the United States has a nice new anti-spamming law on the books. Indeed, over half of all spam is proudly made in the USA.
Of course it is an annoyance to delete all the unwanted offers for mortgages, debt consolidation, “herbal viagra”, and other stuff you don’t want. Of course office workers collectively spend many hours doing the same at work — time they could be spending doing actual work. Spam costs money by using bandwidth and storage space that could be used for much more important things. Nobody feels this more than ISPs, who unwillingly transmit gigabytes of spam each and every day.
Spam prevention as we know it usually relies on blacklists of servers known to send spam. This technique works acceptably for most users, but depends on a continually upgraded list combating continually moving spammers. An alternate technique, sometimes used alongside a blacklist, is the algorithmic approach. In this method, a smart program looks at your email, analyses it, compares it to known spam, and decides how likely it is to be spam. The program might take the liberty of routing suspected spam directly to your “deleted items” folder. This carries the risk of accidentally deleting something important.
Part of the problem is that spam is very cheap to send. All it takes is one person to submit a credit card number, and the day is profitable. Another part of the problem fighting spam is the anonymous nature of the internet. It’s easy to be nobody, or anybody. You might get spam with a “forged header” that makes it look like it came from somebody famous, somebody you know, maybe even from yourself.
The next wave of spam control, we are told, will be about identifying senders. This will make it possible to prosecute spammers who break the law. This will also open the door to charging spammers. A Microsoft solution to this problem is expected tomorrow.
The “caller ID” paradigm of spam prevention is doomed before it begins. First, the vast majority of them do not verify that someone is John Doe, they verify that someone is at John Doe’s computer. This same flaw plagued the much protested security features of the Pentium 3 chip some years ago. This distinction is critically important. Not only might somebody else be at the computer, the computer might be under the control of a virus. You knew viruses could use email to send themselves to all your contacts, but maybe you didn’t know that a virus can use your computer to send spam. In fact, some experts think as much as 30% of spam is sent by “zombie-bot” virus infected computers. There you have it, the reason most computer security experts consider spam and virus control related.
There is another reason that “being at your computer means being you” will not control spam. It doesn’t allow for the possibility that you might not be at your computer, sending mail from your email client. Anyone who uses a web-mail client, anybody who must use email remotely, anybody who uses the “send this link to a friend” feature of a website may find themselves shut out of a “caller ID” model of spam filtering. Although some sites that run web-based email services appear to be sensitive to that, most people forget that there are many reasons you and your computer are not the same thing.
There is one sure way to keep spam and viruses off your computer. Unplug it.