Gates in '04 said 'spam soon to be thing of past' and me on Charlie Rose about the real solution

Gates in '04 said 'spam soon to be thing of past' and me on Charlie Rose about the real solution

Summary: Last week, I published a video holding AOL, Google, Microsoft, and Yahoo's feet to the fire for not working together to put an end to spam. Because of how many global e-mail users are covered by them alone, if those four e-mail service providers agreed to some common approaches to addressing the growing spam problem, then the rest of the e-mail vendors and services in the world would have no choice but to go along.

SHARE:

Last week, I published a video holding AOL, Google, Microsoft, and Yahoo's feet to the fire for not working together to put an end to spam. Because of how many global e-mail users are covered by them alone, if those four e-mail service providers agreed to some common approaches to addressing the growing spam problem, then the rest of the e-mail vendors and services in the world would have no choice but to go along. As a result, spam might not be killed altogether, but it would probably be reduced to a trickle. More importantly, legitimate e-mail that's getting trapped in your junk mail folders (perhaps not ever getting viewed) would probably arrive in your inbox instead. Wouldn't that be nice? And maybe --- just MAYBE -- you could trust an e-mail that says its from your bank, eBay, or PayPal (not suspecting it to be a phisher).

In that post, I noted how, back in late 2002 when I first started looking into the problem and began calling for some sort of cross-industry effort (I eventually started something called JamSpam), the major e-mail tech providers said that they’d find a way to curb the problem. Yet today, the situation is markedly worse. There's more spam than ever. More spammers than ever. And, more mail that should be showing up in our inboxes is getting falsely classified as spam, in some cases never finding its way to us (I show this in the video).

In response to that post, ZDNet reader Richard Flude recalled that Microsoft Chairman Bill Gates told the BBC back in January 2004 that "Spam will be a thing of the past in two years' time." I searched for that story and sure enough, the BBC's Tim Weber quotes Gates as having promised that (right under the headline) at the World Economic Forum in Davos, Switzerland. Yet, here we are nearly four years later and we're worse off than we've ever been.

In fairness to Microsoft and Gates, I don't think any company has done as much both on and "off" the technology playing field (in other words, in the court systems) to combat spam. Microsoft's lawyers have been responsible for bringing some of the most prolific spammers to justice where few others have. But, despite all that Microsoft has done, other spammers remain undeterred (and, given how little actual spam traffic is impacted when one of these spammers is brought to justice, the main point of such legal action is deterrence).

This is why I'm asking for everyone with a stake in the problem (and that's all of us) to do as I said they should do on the Charlie Rose show back in June 2003. The video (from YouTube) appears below and Rose's segment on spam in which I was one of his guests starts about half way through the show (at the 29:30 mark).

As you can see at 52:40 into the show, I said,

Most of the antispam activities are either unilateral (one company going out there and fighting spam in its own way), maybe a little bilateral work -- one or two or maybe three companies getting together and trying to come up with an alliance that will stop it. But there's not enough multilateral activity. And what I mean by that is that you don't see enough collaboration between all those communities that I just identified [ISPs, anti-spam solution providers, e-mail solution providers, etc.] in a way that produces material that educates end users, produces guidelines for legislators on how to pass laws that are not too subjective and gets down to tests of what is and what isn't spam and what is and what is not permission.

That's the whole premise of JamSpam which is the organization I'm trying to set up. Which is to say let's bring all of these communities together. Let's take a big collective deep breath. And before we continue deploying the techniques we're deploying which are actually getting us into trouble (passing laws that are impractical or undermining other laws, setting up other laws that undermine other technologies), let's all look at the problem very holistically -- everybody together -- and start to look at the different laws and solutions that are being considered and figure out if one of those laws or solutions that we're just about to deploy will exacerbate the problem as opposed to eliminate it.

During that show, I called for exactly what I'm still calling for: a cross industry effort that yields interoperable standards for e-mail security --- standards that the major solution providers embrace in order to ensure their ubiquity.

In Davos, Weber reported Gates as predicting that "spam would be killed through the electronic equivalent of a stamp, also known as payment at risk." I'm not here to say whether that is or isn't a good idea. But clearly, that idea hasn't gotten any traction.

I'm here to say that whatever ideas the solution providers had five years ago have yet to result in the abatement that we we've been promised. At the very least, these ideas are no better than the idea that I proposed then and am still proposing now: Stop getting rich on the problem, work together, decide on some royalty-free standards (whatever interoperable standards are necessary), deploy them, and move on. Spam is not and should not be treated as a business opportunity. It is beholden on everyone with a stake in the Internet's viability to come up with a common solution rather than one that proves advantageous to one party, or another. I don't have a formal petition. But, if you want to send the same message to AOL, Google, Microsoft, and Yahoo, then answer "Yes" to the question below.

And just to make sure that there are no excuses, if AOL, Google, Microsoft, and Yahoo need someone to project manage this, they can let me know and I'll see to it that this project gets managed in a way that produces results.

[poll id=18]

Topics: Microsoft, Collaboration, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

14 comments
Log in or register to join the discussion
  • The answer is obvious

    Everyone has known the answer to spam for a long time. No one wants to implement it:

    1) Have every email go to a digital "Post Office". That Post Office generates an encrypted digital "envelope". At the beginning of each envelope is a counter. Initially the envelope counter is set to 5.

    2) At each intermediate station from source to recipient the station subtracts 1 from the counter.

    3) When the counter reaches 0 that station performs an envelope verification [b][i]through the Post Office[/i][/b].

    4) Anytime an envelope cannot be verified it simply is discarded on the assumption it is spam. A validated envelope gets reset to 5 and continues on its way.

    5) Regarding the "increased overhead" of envelope validation, it would be nowhere near as much as having 75-90% of emails being spam, the current situation. Once this process made spam essentially obsolete the counter could be increased to 7 or higher.

    6) Counterfeiting an envelope is a criminal offense, just like counterfeiting stamps or tampering with a postage meter.


    PROBLEMS:

    1) Who will pay for it? This would require some form of postage. 1 cent per email would be crippling for large non-profit organizations, etc., and third-world businesses.

    2) Different countries would want to run their own digital Post Offices, not something run by the U.N., the U.S., or the E.U.

    3) Everyone would starting adding their own "little charge" to the postal fee.

    4) Having all email run through central government-controlled locations--possibly one per country--would present irresistible opportunities for spying and control of communications.
    Rick_R
    • Just Communicate as we do here on Zdnet. Who needs email with Web 2.0?

      NT
      mighetto
  • David, you are so far off...

    thinking the four e-mailers you mentioned could even have an effect on spam. They have nothing to do with spam
    bjbrock
    • Not quite nothing

      [i]They have nothing to do with spam[/i]

      Well, not quite. However, they're actually doing an extremely good job. The filters on my Yahoo and GMail accounts let almost zero spam through, with no false positives so far.

      IMHO (and I'm a mail admin) they're doing about all that can be done at the receiving end. There's no practical way for them to know that any one message sent from a Comcast server is different from another message coming from one of Comcast's servers. Which is where most spam comes from now: botnets.
      Yagotta B. Kidding
      • Exactly my point

        the existence of spam marginalizes other email solution providers. you're right... they are doing what can be done... and do a pretty darn good job eliminating the false positives (although try explaining how my partner's email ended up in my junk mail folder when Google Apps is actually the host of our e-mail system). But then what? We must go to one of the big four for our e-mail solutions and that's it? I'm not accusing them of monopolizing (or oligopolizing). But they've known for quite some time that if they work up some standards that every user, regardless of the e-mail system they use (as long as it conforms to those standards) would benefit. It's to their advantage NOT to cooperate like that, to develop a reputation for minimizing things like false positives through their proprietary approaches, and marginalize all other solutions.

        db
        dberlind
      • re: Not quite nothing

        Yagotta:

        "IMHO (and I'm a mail admin) they're doing about all that can be done at the receiving end. There's no practical way for them to know that any one message sent from a Comcast server is different from another message coming from one of Comcast's servers. Which is where most spam comes from now: botnets."

        Though I receive very few spam emails (and thank Bog for that!), there is something that the Big Four could do: examine each of their client mail accounts' sending activities for potential abuse. Not [b]what[/b] they send (which would be an invasion of privacy) but [b]how much[/b] they send in a given time period. You may be correct in stating that much of the spam in circulation is generated by botnets, but there is still a significant slice that is generated through free accounts that are offered by AOL, Google, Yahoo, MSN, Hotmail, et cetera. Those accounts can be targeted.

        How long does it take a spammer to upload and disseminate 1,000 spam emails? One minute? Ten minutes? 30 minutes? An hour? I don't know. Perhaps you, being a mail administrator, have some idea how mass email lists are organized and used.

        And don't tell me that it would take up too much precious processing time to examine every account that each company registers. How many extra specialized servers would each of the Big Four have to place on line to inspect the [b]sending[/b] records of their client accounts? 10? 100? 1000?

        Presuming that they found accounts that sent far more (thousands or even tens of thousands) mail than they received, those accounts could then be flagged and more closely inspected. If they were found to be spam senders or have been in violation of the company's Terms of Service (and spamming is a ToS violation), the account could be locked out. And inspecting account activity suspected of ToS violation [b]is[/b] legal and not a violation of privacy.

        It wouldn't be a complete solution, but should put a good-sized dent into the spam problem.
        M.R. Kennedy
  • RE: Gates in '04 said 'spam soon to be thing of past' and me on Charlie Ros

    [i]And maybe ??? just MAYBE ??? you could trust an e-mail that says its from your bank, eBay, or PayPal (not suspecting it to be a phisher).[/i]

    Exactly. Those are the companies that could make/save billions if people trusted their emails. Google, Yahoo, MSN - what do they care? Their business model is about exposing people to ads and they do that whether we trust the senders or not.

    I'd like to put the challenge at the feet of those who'd really benefit from reducing spam/scam email - the financial services and retail industries.



    :)
    none none
  • Identify every email owner

    How about a service from the big email providers, ISPs and the government to provide identification of the owner of an email account including the smtp/pop/webmail/IP adresses associated with that email account, and thus identify the identity of each email owner.

    The identification can simply be by charging a micro-amount on a credit card which needs to be verified by looking at ones bank statement (the same way eBay and paypal verifies owner of accounts), it could be verifying the adress through a password in phisical mail sent to the owners adress, or any other ID that can be shown thus verified by someone that would be responsible to identify users.

    Having the email owner identified, doesn't mean the emails cannot be sent out anonymously, it just means one is help responsible for not sending out spam or doing any other illegal activity using that email account. Cause one would be able to easilly filter to "only read emails from verified email accounts".

    Although it shouldn't be used too extensively, there could also be a service that allows the sender and receiver to check that the identity of the sender is correct. Of course the sender would simply tick a box saying "allow receiver to verify my identity".
    charbax@...
    • Trying not to be to...

      sarcastic here...but, why not just implant a chip in everybody's butt and when you want to send email wave the magic wand over your ass to ID yourself.

      This, also, would do wonders for the people in those countries where the authorities persecute political opposition.
      Cardinal_Bill
      • Google, Yahoo, MSN shouldn't prosecute

        It's not about invading people's privacy, it's verifying people's ID by secured connections before and after they send their emails.

        CIA, chinese government and so on already read your emails, so it's not for changing that, if you want to keep privacy in your emails you need to use PGP or something like that.

        The option to "filter only verified emails" doesn't mean the email owner can still read all non-verified emails and add certain trusted email adresses in their list of "trusted non-verified emails".
        charbax@...
  • And I say again, you incorrectly assume they want to end spam.

    These companies have actively FOUGHT various states when they tried to pass anti-spam laws.
    No_Ax_to_Grind
  • And gates' 640KB commandment also proved wrong.

    Anyone old enough to remember Gates' 640KB commandment? :)
    kraterz
  • What I find interesting is...

    the fact that my wife and I, using different accounts, can send email to people with AOL accounts. They can't reply.
    Cardinal_Bill
  • RE: Gates in '04 said 'spam soon to be thing of past' and me on Charlie Ros

    Who cares! don't use them don,t get spam
    On Site PC