InformationWeek undermines the fight against spam
by Andy Lester
but Bob Evans' column in the latest issue of InformationWeek (12/20/2004)
has turned into the print equivalent of a talk radio show about spam, providing a
non-critical platform for any old idea in the guise of public forum.
I understand that the web's like that, but I expect a bit more from
print magazines. (I've
called out InformationWeek before
for equating "extreme programming"
with "pair programming.")
Under the false headline "Readers' Ideas Take A Bite Out Of Spam", Bob
Evans prints letters from readers on how to get rid of spam.
Space is wasted on pointless ideas of retribution ("the
old English Navy used fleet whippings..."), but then he lists, unchallenged, some technological suggestions:
first, "Isn't there a way to send a reply message to the spammer saying
that the address is no good?" (thank you, James A. Olson); second,
"... an E-mail tool that simply returns the message to the source, with
a header that says something to the effect of, 'not interested'" (thank
you, George Archibald); and third, "Instead of servers just filtering
and dropping spam out of E-mail, send each unwanted message back to the
spammer with a message, 'Returned to Sender'" (thank you, Bob Bucciferro).
That's fine, but where's the analysis? At the very least, Bob should have pointed out that all these ideas won't work because the spammer has no reason, other than basic human decency, to not bother you. He should also have pointed out that yes, there is a way
to tell the spammer the message is no good. It's a 550 response code
in the SMTP transaction, which the spammer gets and then tries another email address to see if it's valid.
This approach is called a dictionary attack.
Then, more unworkable solutions:
... Greg Litchfield suggests that "each ISP charge its customers one-half
penny per E-mail sent [and delivered], all fees are paid in advance,
[and if you] want to send a million E-mails ... ante up the $5,000"...
... John Lepant says we should "simply charge for E-mail: right now
it's a free service: I can send 10,000 of these messages, or 10,000,000
or just one for the same price. Charge 1 cent per E-mail, and spam
Again, no commentary from Bob. Anyone who's vaguely aware of the issues surrounding spam knows that it's impossible to get all ISPs to do something, and that legislation is not global. It's impossible to get "each ISP" to "simply charge for E-mail."
(It's also worth noting that all these ideas are good solid
CYJs: "Can't you just...?"
If you think you can "simply return the message to the source" or
"simply charge for E-mail", then you're not thinking the problem through.
However, you can rest assured that others have.)
For real questions and answers, here are some sites:
I wouldn't mind so much if InformationWeek weren't aimed at
"440,000 Business Technology professionals", the higher
level IT executives who may well believe these things.
How about providing some real news about real progress? How about covering
Certainly, content-based spam filtering is no panacea, but it's a damn sight better than "just tell them I'm not interested".
platform for discredited ideas does nothing to take us forward in dealing
with the problem.
Another useful tool - OpenBSD's spamd
Spamassassin is a nice tool, which can even be set up to filter before local delivery from your MTA. Coupled with some mechanism for training the bayesian learning functions, it's quite good. We've had such a setup running here for a while. However the situation improved even more after we set up our PF equipped firewall to greylist smtp connections, redirecting known spamming hosts to a spamd tarpit.
Be thankful that he was at least pretending to write about technology. I cancelled my subscription because of the number of times he filled his column with jingoistic right-wing claptrap instead of content more suitable to a publication titled "Information Week."
send them this
hi bob---that's quite a claim. i'd be happy to discuss it with you, either in this forum or directly---my e-mail address is firstname.lastname@example.org.