12 spam research projects that WON'T make a difference

12 spam research projects that WON'T make a difference

Summary: Today, InfoWorld has a story headlined 12 research projects that might make a difference. For starters, it is pretty infuriating to me when I visit a site I like, like InfoWorld, and the minute I arrive on the page, the audio from an advertisement starts blaring through my computer's speakers.


Today, InfoWorld has a story headlined 12 research projects that might make a difference. For starters, it is pretty infuriating to me when I visit a site I like, like InfoWorld, and the minute I arrive on the page, the audio from an advertisement starts blaring through my computer's speakers. The other night, this happened to me while I thought I was browsing in silence next to my sleeping wife.

Although it's not the sort of invasion that spam is, I feel as though this sort of taking over of my system is in the same vein. It feels like someone is taking liberties with my system that I don't want taken. I could understand if I was visiting a page that had nothing but a multimedia element to it (eg: audio or video). Even many of those pages default to a mode that requires the user to push the play button first. But where a text-based page is definitely the expectation of the end-user, those expectations should not be met with blaring audio from an advertisement. It already sucks how some video advertisement-bearing pages slow down the overall page-load time in order to cache the video up. But if you want me to continue to visit your site, default the audio to off and and if the auto-playing video or animation is something I desparately need to hear, I'll turn it on thank you very much (if the powers that be at ZDNet ever think otherwise, I will speak up).

OK, now back to our regularly scheduled programming: InfoWorld's story on 12 promising research projects. If I could say something to the author of that story, it would be that so long as any anti-spam solution is not deployed universally throughout the Internet's e-mail system (in other words, so long as some anti-spam tech is not a standard), that anti-spam solution actually makes the spam problem worse. You read that right. Worse. Proprietary anti-spam solutions make the global spam problem worse. They are digging us deeper into the hole that the Internet is already in because everyone who makes those solutions is under the false belief that "s/he who is finally successful at filtering out all spam while allowing the legitimate mail in wins."

I know I sound like a broken record on this. But when will the world (and especially journalists who cover e-mail security) finally realize that InfoWorld's story is a headline that gets repeated year after year after year after year. Yet despite the ritual, the only result we continue to see, year after year, is that spam keeps getting worse. Year in and year out, hundreds of anti-spam solution providers contact me to tell me that I have it all wrong and that their solution is actually the one that will make a difference. But no anti-spam solution provider is dumb enough to promise that if I buy or use their solution, it will guarantee that when I send mail, it will actually get into the intended recipient's inbox without mistakenly being classified as spam and being filtered off into a spam folder where the recipient might never see it. And herein lies the real problem with spam: So long as there are no standards and we rely on an ever increasing number of proprietary solutions to solve the spam problem, the deliverability of legitimate e-mail will never be guaranteed and in fact will become even less reliable. Let's face it: The deliverability problem of legitimate mail is actually worse than the spam itself. Much the way spam is on the rise, so too is the number of false positives. So too are the number of e-mails from our banks and other financial institutions that we won't even open for fear that they're phishing attempts and that they'll surreptitiously do something to our systems or finances. The sooner the world admits to this reality, the sooner we'll see an improvement to the situation.

The only way anti-spam vendor X can guarantee that when I send legitimate mail to someone else that it won't get falsely flagged by the recipient's anti-spam system as spam is if the recipient is also using vendor X's system. In other words, vendor X's antispam solution has to be deployed universally. In other words, it's a standard (strangely, most antispam vendors recognize this as being true and think that somehow, based on antispam prowess alone, they can wipe out all the other antispam solutions and be the last man left standing. It's a pipe dream). On the other hand, if I use vendor X's proprietary system and the recipient uses vendor Y's proprietary system, there's no way for the two to interoperate in a way that keeps legitimate mail from getting falsely classified as spam. Unfortunately, so long as we keep coming up with new anti-spam systems and those systems get deployed to just a portion of the Internet's e-mail systems, the problem gets worse.

In other words, the more proprietary approaches and solutions that are out there and that the world buys into (and that the press endorses), the worse the problem gets because we distance ourselves even further from what the true solution needs to be: something standard -- something that's inherently built into every e-mail system (regardless of who makes or provides it) much the same way all the current solutions know how to send and receive mail to and from one another (they work over a standard called the Simple Mail Transfer Protocol).

As I've said before, the only breakthrough that will matter will be when MAGY (pronounced "maggie"; Microsoft, AOL, Google, and Yahoo) finally gets together and commits to jointly supporting the same technical solutions. Until then, everything else is nothing more than placebos, leading all of us to false hope and an ever-worsening situation.

Topics: Collaboration, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Well might as well get this out of the way now...

    Non_Zealot hasn't shown up yet but I'm sure he will, so here's a pre-emptive strike:

    Snicker, smirk, sneer, sputter, spew, spit, spasm... :D
  • There's no easy way

    ... to do a hard thing.

    Assume, for the sake of discussion, two things:
    1) That the system allows you to receive mail from people you don't have whitelisted, and either
    2a) botnets, or
    2b) poor people who will spam for money.

    At that point, you're going to get spam because there is [b]no freaking way[/b] to tell mail from Jerry Davis in Atlanta (who wants to comment on something you wrote) from Jerry Davis in Atlanta (whose system has been 0wn3d) from "JERRY DAVIS" in Nigeria sitting at a keyboard in a cybercafe.

    Sorry, nice try, thank you for playing.

    As the antispam community has been saying, over and over, for more than a decade: the solution [u]must[/u] be social and legal. It's fundamentally a human/business problem, not a technical one.

    The fact that technology enables the process doesn't mean that we can solve it using only technology any more than the fact that gambling addicts use computers means that we can solve the problem of gambling addiction with a pure software approach.
    Yagotta B. Kidding
  • Turn off Flash

    There are a number of free applications that will prevent Flash ads from playing. Some even for FireFox.
    If you want to see something in Flash, the software can be turned off.

    That will improve load time and reduce unwanted noise, as you wanted.
    Anton Philidor
    • Ok, Who are you? This is not Anton Philidor

      D T Schmitz
  • Making life easy for spammers.

    If only one "solution" to spam exists, the spammers will have to defeat only one product.

    Creating a "standard" means only selecting a single approach, and not that that approach will be successful.

    Should spam identification be a monoculture?
    Anton Philidor
    • As if...

      the current polyculture that we were told would work works.

      gimme a friggin' break.

      By the way, HTTPS is a monoculture. Right?

      • You agreed.

        Yes, the current polculture doesn't work. And that indicates the probable success of a monoculture. The alternative to failure is not increasing the likelihood of failure.

        Anti-spam software is supposed to stop spam from being effective. If HTTPS intended to prevent people from doing something? Countering a villain is different from increasing efficiency.
        Anton Philidor
  • By Invitation Only

    Want to wall of unwelcome company? Be like private VPN communities.
    Encryption with signed certificates WILL make a difference, but you have to have an engraved invitation to come to the party.
    D T Schmitz
  • Profit

    In discussing the spam problem, it seems odd that economics aren't discussed. If MAGY, or the US Govt., really wanted to end spam, I think they would and could (or, at least, they'd throttle it down to manageable size). That's because lots of companies make profits on their products sold through spam.

    There are lots of remedies that would make a difference, but all of them require power and will. Those who have the power are too beholden to the profit makers (not to the spammers, but the companies who benefit from the spam including the companies profiting from anti-spam programs). When the Republican controlled Congress passed a pseudo anti-spam bill, it was just a way to deflect criticism by saying "Well, we tried. There's nothing else that can be done." If the US govt. imposed a penalty for all spam sales, so companies would have to take responsibility to make sure they were not selling products through spammers, it would hugely reduce the volume of spam I get pretty quickly. We could even get free enforcement, by making it profitable for lawyers to sue the companies violating the rule. Of course, no Republican Congress, nor any Republican President, would ever support such a rule because big corporations wouldn't like it. Every once in a while we get a government that generally cares more about the voters than about big corporations. Until them, jerry-rigged, fragmented, penetrable spam solutions are all we're going to get.
  • 12 spam projects . . .

    Within the last 3 weeks, I read about [b]"Knuj-On".[/b] ("No Junk" spelled backward) The concept intriged me. Their point is not to [b]stop spam, but to take down the websites that make it profitable[/b] (i.e. 'Follow the Money') Choke off the profit potential from spam. That will take the co-operation of the ISPs that host these sites. Personally, I think spammers ought to be boiled in oil.
  • Huh?

    I don't know what kind of spam you get, but the overwhelming majority of mine (A.) does not come from reputable companies and (B.) is not selling, even through a third party, something made by reputable companies. My spam is largely Nigerian attempts to get my cash or attempts to sell me drugs to enhance various body parts.

    The people sending this crap aren't donating money to Republican--or any other--members of Congress. Spam is most assuredly not a Republican vs. Democrat issue.
  • RE: 12 spam research projects that WON'T make a difference

    Content filtering products dont work. I have tried a product called Spamjadoo . I am using it on 410 users over 4 domains. Works as a deterrent and there is no need of a junk folder...
  • RE: 12 spam research projects that WON'T make a difference

    I agree with the comments,, we also selected spamjadoo
    as our vendor in Reserve Bank, Mysore and exteremely
    happy the way they could manage our emails and handel
    spam and virus problems. Six months 9/10 number i will
    give to spamjadoo. I dont want to give them full marks
    and ask them to keep up good work and work more hard
    for full marks.