Note to all anti-spam vendors: Why your solutions stink and standards are needed instead

Whenever I write about spam (a lot recently), the press relations corps for the great many anti-spam solution providers (there must be thousands by now) out there bombard me with e-mails to tell me why the solution they're hocking is that one solution that will blow my mind.  Through the magic of some Kool-Aid they've been drinking (served up by some hyper-excited CTO), they're relatively certain that once I see what it is they've got, I will rave about here in my blog.  Even in the Talkbacks to what I've written about spam, there are countless readers who write about the solution that works for them.  David obviously hasn't seen XYZ.

Guess what. I don't have to see it to know that it's not the answer to the larger spam problem that is choking the Internet, causing users all sorts of grief, and in some cases, either resulting in damages through fraud or malware.

In most cases, I don't bother responding.  There are simply too many people that think they've got it all figured out for me to get back to all of them. So, at best I get back to a few and I ask one very simple question: what does your solution do to guarantee that the e-mail I send to other people doesn't get falsely classified as spam by whatever antispam solution the recipient is using.  This is referred to as spam's "non-deliverability" problem. It's really quite nice that your spam solution has found that perfect balance where it blocks everything that's spam without ever blocking the good e-mail too.  But, as a result of spam, all sorts of solutions are in place -- many of them not nearly as good as yours and as a result, when I send someone and important piece of mail, it's not until I pick up the phone that we figure out that my e-mail never got to them.

Judging by the answers I get, most of the time, the people I send this question to either don't understand what I've asked them, they lie, or they use some easily recognized strain of double-speak that's designed to put me back on the trail of why their solutions do such a great job dealing with inbound spam (when my question had nothing to do with inbound spam).  If you're reading this and saying "he's talking about me," trust me, there are so many e-mails and Talkbacks that go down one of these three paths that it isn't just about you.  But it is most definitely about you and your comrades.

Eventually, the PR corps step out of the way (their brains fried from my insistence that we talk about the "non-deliverablity" problem) so that the CTO at Acme Antispam Company can personally pour me some Kool-Aid at which point, I ask the question again. Eventually, we part ways and the answer ends up being the same from one CTO to the next.  It's quite simple: the recipient needs to be running our solution as well.

In other words, in order for Acme Antispam Company's solution to do as good a job making sure everyone's e-mail safely arrives at their targeted recipients' inboxes as the job does handling inbound spam, everybody (in the world) has to be running it.  The CTO at Acme Antispam Company is usually VERY happy when s/he realizes I've come to this conclusion.  "Yes! Finally!" thinks Acme's CTO "My master plan is nearly complete.  Once David Berlind repeats this secret formula on ZDNet, the world will be mine!!! Ah ha ha ha ha ha ha ha," s/he diabolically laughs. "All mine!!!!!!"

Don't get your hopes up Mr/s. CTO.  First of all, there isn't a snowball's chance in Hell that everyone in the world is going to adopt your solution.  Not only is there just way too much noise from way too many antispam solution providers for any single provider to even come close to this ridiculous goal, neither David Berlind nor ZDNet have that kind of weight with the world.  All this sad, Mr/s. CTO has a great point that I'm constantly reiterating.

It is probably true that if everyone in the world ran just one solution, we'd be able to tweak that solution in such a way that we'd finally get a handle on the inbound and outbound problems associated with spam.  When everyone has access to the same technology, there's a name for that.  It's called a standard.  There is zero chance of some proprietary solution becoming the defacto antispam solution for the world.  But, if only AOL, Google, Microsoft, and Yahoo (the world's leading e-mail solution/service providers)  would get together and decide on what the non-proprietary standards should be and implement them in their systems, it wouldn't be long before every other e-mail solution provider would have to follow suit (in order for their e-mails to interoperate). Pretty soon, guess what? Everyone would have access to the same anti-spam technology and not only would the inbound problem be solved.  So too would the "non-deliverability" problem.

But so long as end-users keep adopting proprietary solutions that do nothing about the deliverability problem (there's not much they can do about what's on the other end of the pipe unless it is their's) and so long as AOL, Google, Microsoft, and Yahoo don't act multilaterally, we'll keep digging ourselves deeper into to the illusion that we've got a handle on the problem when it reality, we're not even close.