Gates in '04 said 'spam soon to be thing of past' and me on Charlie Rose about the real solution
Summary: Last week, I published a video holding AOL, Google, Microsoft, and Yahoo's feet to the fire for not working together to put an end to spam. Because of how many global e-mail users are covered by them alone, if those four e-mail service providers agreed to some common approaches to addressing the growing spam problem, then the rest of the e-mail vendors and services in the world would have no choice but to go along.
Last week, I published a video holding AOL, Google, Microsoft, and Yahoo's feet to the fire for not working together to put an end to spam. Because of how many global e-mail users are covered by them alone, if those four e-mail service providers agreed to some common approaches to addressing the growing spam problem, then the rest of the e-mail vendors and services in the world would have no choice but to go along. As a result, spam might not be killed altogether, but it would probably be reduced to a trickle. More importantly, legitimate e-mail that's getting trapped in your junk mail folders (perhaps not ever getting viewed) would probably arrive in your inbox instead. Wouldn't that be nice? And maybe --- just MAYBE -- you could trust an e-mail that says its from your bank, eBay, or PayPal (not suspecting it to be a phisher).
In that post, I noted how, back in late 2002 when I first started looking into the problem and began calling for some sort of cross-industry effort (I eventually started something called JamSpam), the major e-mail tech providers said that they’d find a way to curb the problem. Yet today, the situation is markedly worse. There's more spam than ever. More spammers than ever. And, more mail that should be showing up in our inboxes is getting falsely classified as spam, in some cases never finding its way to us (I show this in the video).
In response to that post, ZDNet reader Richard Flude recalled that Microsoft Chairman Bill Gates told the BBC back in January 2004 that "Spam will be a thing of the past in two years' time." I searched for that story and sure enough, the BBC's Tim Weber quotes Gates as having promised that (right under the headline) at the World Economic Forum in Davos, Switzerland. Yet, here we are nearly four years later and we're worse off than we've ever been.
In fairness to Microsoft and Gates, I don't think any company has done as much both on and "off" the technology playing field (in other words, in the court systems) to combat spam. Microsoft's lawyers have been responsible for bringing some of the most prolific spammers to justice where few others have. But, despite all that Microsoft has done, other spammers remain undeterred (and, given how little actual spam traffic is impacted when one of these spammers is brought to justice, the main point of such legal action is deterrence).
This is why I'm asking for everyone with a stake in the problem (and that's all of us) to do as I said they should do on the Charlie Rose show back in June 2003. The video (from YouTube) appears below and Rose's segment on spam in which I was one of his guests starts about half way through the show (at the 29:30 mark).
As you can see at 52:40 into the show, I said,
Most of the antispam activities are either unilateral (one company going out there and fighting spam in its own way), maybe a little bilateral work -- one or two or maybe three companies getting together and trying to come up with an alliance that will stop it. But there's not enough multilateral activity. And what I mean by that is that you don't see enough collaboration between all those communities that I just identified [ISPs, anti-spam solution providers, e-mail solution providers, etc.] in a way that produces material that educates end users, produces guidelines for legislators on how to pass laws that are not too subjective and gets down to tests of what is and what isn't spam and what is and what is not permission.
That's the whole premise of JamSpam which is the organization I'm trying to set up. Which is to say let's bring all of these communities together. Let's take a big collective deep breath. And before we continue deploying the techniques we're deploying which are actually getting us into trouble (passing laws that are impractical or undermining other laws, setting up other laws that undermine other technologies), let's all look at the problem very holistically -- everybody together -- and start to look at the different laws and solutions that are being considered and figure out if one of those laws or solutions that we're just about to deploy will exacerbate the problem as opposed to eliminate it.
During that show, I called for exactly what I'm still calling for: a cross industry effort that yields interoperable standards for e-mail security --- standards that the major solution providers embrace in order to ensure their ubiquity.
In Davos, Weber reported Gates as predicting that "spam would be killed through the electronic equivalent of a stamp, also known as payment at risk." I'm not here to say whether that is or isn't a good idea. But clearly, that idea hasn't gotten any traction.
I'm here to say that whatever ideas the solution providers had five years ago have yet to result in the abatement that we we've been promised. At the very least, these ideas are no better than the idea that I proposed then and am still proposing now: Stop getting rich on the problem, work together, decide on some royalty-free standards (whatever interoperable standards are necessary), deploy them, and move on. Spam is not and should not be treated as a business opportunity. It is beholden on everyone with a stake in the Internet's viability to come up with a common solution rather than one that proves advantageous to one party, or another. I don't have a formal petition. But, if you want to send the same message to AOL, Google, Microsoft, and Yahoo, then answer "Yes" to the question below.
And just to make sure that there are no excuses, if AOL, Google, Microsoft, and Yahoo need someone to project manage this, they can let me know and I'll see to it that this project gets managed in a way that produces results.
[poll id=18]
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
The answer is obvious
1) Have every email go to a digital "Post Office". That Post Office generates an encrypted digital "envelope". At the beginning of each envelope is a counter. Initially the envelope counter is set to 5.
2) At each intermediate station from source to recipient the station subtracts 1 from the counter.
3) When the counter reaches 0 that station performs an envelope verification [b][i]through the Post Office[/i][/b].
4) Anytime an envelope cannot be verified it simply is discarded on the assumption it is spam. A validated envelope gets reset to 5 and continues on its way.
5) Regarding the "increased overhead" of envelope validation, it would be nowhere near as much as having 75-90% of emails being spam, the current situation. Once this process made spam essentially obsolete the counter could be increased to 7 or higher.
6) Counterfeiting an envelope is a criminal offense, just like counterfeiting stamps or tampering with a postage meter.
PROBLEMS:
1) Who will pay for it? This would require some form of postage. 1 cent per email would be crippling for large non-profit organizations, etc., and third-world businesses.
2) Different countries would want to run their own digital Post Offices, not something run by the U.N., the U.S., or the E.U.
3) Everyone would starting adding their own "little charge" to the postal fee.
4) Having all email run through central government-controlled locations--possibly one per country--would present irresistible opportunities for spying and control of communications.
Just Communicate as we do here on Zdnet. Who needs email with Web 2.0?
David, you are so far off...
Not quite nothing
Well, not quite. However, they're actually doing an extremely good job. The filters on my Yahoo and GMail accounts let almost zero spam through, with no false positives so far.
IMHO (and I'm a mail admin) they're doing about all that can be done at the receiving end. There's no practical way for them to know that any one message sent from a Comcast server is different from another message coming from one of Comcast's servers. Which is where most spam comes from now: botnets.
Exactly my point
db
re: Not quite nothing
"IMHO (and I'm a mail admin) they're doing about all that can be done at the receiving end. There's no practical way for them to know that any one message sent from a Comcast server is different from another message coming from one of Comcast's servers. Which is where most spam comes from now: botnets."
Though I receive very few spam emails (and thank Bog for that!), there is something that the Big Four could do: examine each of their client mail accounts' sending activities for potential abuse. Not [b]what[/b] they send (which would be an invasion of privacy) but [b]how much[/b] they send in a given time period. You may be correct in stating that much of the spam in circulation is generated by botnets, but there is still a significant slice that is generated through free accounts that are offered by AOL, Google, Yahoo, MSN, Hotmail, et cetera. Those accounts can be targeted.
How long does it take a spammer to upload and disseminate 1,000 spam emails? One minute? Ten minutes? 30 minutes? An hour? I don't know. Perhaps you, being a mail administrator, have some idea how mass email lists are organized and used.
And don't tell me that it would take up too much precious processing time to examine every account that each company registers. How many extra specialized servers would each of the Big Four have to place on line to inspect the [b]sending[/b] records of their client accounts? 10? 100? 1000?
Presuming that they found accounts that sent far more (thousands or even tens of thousands) mail than they received, those accounts could then be flagged and more closely inspected. If they were found to be spam senders or have been in violation of the company's Terms of Service (and spamming is a ToS violation), the account could be locked out. And inspecting account activity suspected of ToS violation [b]is[/b] legal and not a violation of privacy.
It wouldn't be a complete solution, but should put a good-sized dent into the spam problem.
RE: Gates in '04 said 'spam soon to be thing of past' and me on Charlie Ros
Exactly. Those are the companies that could make/save billions if people trusted their emails. Google, Yahoo, MSN - what do they care? Their business model is about exposing people to ads and they do that whether we trust the senders or not.
I'd like to put the challenge at the feet of those who'd really benefit from reducing spam/scam email - the financial services and retail industries.
:)
Identify every email owner
The identification can simply be by charging a micro-amount on a credit card which needs to be verified by looking at ones bank statement (the same way eBay and paypal verifies owner of accounts), it could be verifying the adress through a password in phisical mail sent to the owners adress, or any other ID that can be shown thus verified by someone that would be responsible to identify users.
Having the email owner identified, doesn't mean the emails cannot be sent out anonymously, it just means one is help responsible for not sending out spam or doing any other illegal activity using that email account. Cause one would be able to easilly filter to "only read emails from verified email accounts".
Although it shouldn't be used too extensively, there could also be a service that allows the sender and receiver to check that the identity of the sender is correct. Of course the sender would simply tick a box saying "allow receiver to verify my identity".
Trying not to be to...
This, also, would do wonders for the people in those countries where the authorities persecute political opposition.
Google, Yahoo, MSN shouldn't prosecute
CIA, chinese government and so on already read your emails, so it's not for changing that, if you want to keep privacy in your emails you need to use PGP or something like that.
The option to "filter only verified emails" doesn't mean the email owner can still read all non-verified emails and add certain trusted email adresses in their list of "trusted non-verified emails".
And I say again, you incorrectly assume they want to end spam.
And gates' 640KB commandment also proved wrong.
What I find interesting is...
RE: Gates in '04 said 'spam soon to be thing of past' and me on Charlie Ros