Posted by: admin in Untagged on Jan 8, 2009
by Stephen Swaney
Spam, spam and more spam. When will it stop?
I've been working as an e-mail administrator since 1987 when my company, Summit Computers Inc., joined the Internet as summit.com. A trickle of e-mail then started flowing, mostly to and from our high tech partners Sun, DEC and Silicon Graphics. Most of the business world was still blissfully unaware of e-mail.
While unsolicited e-mail existed even then, most of the net abuse took place in USENET and other community spaces on the Internet. A short but comprehensive history of Spam can be found at Brad Templeton's web site. The site is definitely worth a visit if you're not familiar with the history and timeline of abuse on the Internet.
My first personal experience with spam occurred in 1995. By then I was a Wall Street consultant working on e-mail infrastructure for Goldman Sachs. In my spare, time I ran an e-mail server for friends and a few small businesses. I wish I remembered what the first piece of spam I received was but it didn't seem that important at the time. Only a few of us who were working on the first web based business applications saw the potential of e-mail and the web. Even then, we really underestimated the speed and size of the web revolution.
The "few spams" of 1995 exploded to the point where today, over 95% of all e-mail traffic on the Internet is spam.
Back to 1996. A spam a week became a spam a day if your e-mail address had been posted on a web site or USENET. By 2000 spam had grown to the point where anti-spam sites and tools had emerged and software to detect and stop spam messages was beginning to become available. It was about this time that spam became a highly profitable endeavor run by relatively small number of criminals. It has remained so ever since.
It wasn't until the spring of 2003 that Julian Field and I formed Fort Systems Ltd. and I became a full time anti-spam advocate. I had been using Julian's MailScanner software for almost two years. It was and still is the best Open Source tool for blocking spam as the many awards, citations and honors that Julian has collected over the last eight years proves.
During the last five years, the anti-spam tools that have been developed by our staff and partners have become very accurate, effective and efficient in blocking spam and other e-mail net abuse. Anyone who is getting more than a spam or two a day is just not getting good spam filtering from their ISP or IT department.
But when will this avalanche of spam end? The answer is very simple. Spam and e-mail fraud will stop when it is no longer profitable.
Creating laws to end spam has been proven to be impossible. The CAN_SPAM Act of 2003 was only useful to the lobbyists who made a bundle tailoring the legislation to allow the major companies to legally send us spam. Even if the legislation had any teeth, it would still have been ineffective because the World Wide Web does not stop at our borders.
Just recently a group of Internet access providers shut down a California hosting service, McColo , by cutting off their access to the Internet. Mcolo was a hosting company that provided services to the spammers and the "Bot Masters" who create and run the hundreds of thousands of hijacked Internet connected computers. These are the systems that the spammers rent out to send spam. The result of the shutdown was an immediate 30% to 50% reduction of the total spam on the Internet. But this spam reduction was temporary as the crooks just regrouped in more friendly climes. Most of them appear to have quickly moved their operations to Eastern Europe and spam levels are now pretty much back to normal.
While it might be possible to create an "Internet Boycott" of countries which allow Internet crooks to exist and prosper, it has been impossible to seal off countries for much more serious offenses such as genocide or harboring terrorists. I don't hold out much hope for blocking spam through international cooperation.
I see only a few ways to make spam unprofitable.
Effective filtering of all Internet e-mail. This is possible but improbable. Many companies and ISPs see spam filtering as a cost and don't realize how much money can be saved by effective spam blocking. Also many people object to any e-mail scanning or blocking and in this country, they have a right to. My best guess is that until over 75% of the worldwide Internet has decent spam blocking; there will still be enough profits to keep spammers going.
Shine a light on the crooks. Coordinated and organized worldwide publicity to make people very aware of the scams and scammers. But as the great Barnum once said "there is a sucker born every minute". After reading some of the spam that is being sent (so it must make money) I believe Barnum's estimate of the sucker birth rate to be a bit low.
International fund transfer limitations. If Internet fund transfers to certain countries and companies were subject to delays or third party validations, it might be possible to put a dent in the scammers revenue stream, but this would not be simple to implement.
In summary, don't expect any reduction in spam volume in the near future. But there is no need for anyone to be subjected to more than a trickle of junk e-mail. Detection of almost all spam is possible. It's best done at the e-mail gateway of your ISP or your company. And the quality of the software they use, determines how much spam is blocked and how many real e-mails are blocked by mistake. The right numbers for filtering today are to block over 99% of all junk e-mail, while blocking less that .01% of real e-mails.
Spam would end if everybody would provide effective spam filtering.