12 spam research projects that WON'T make a difference
Today, InfoWorld has a story headlined 12 research projects that might make a difference. For starters, it is pretty infuriating to me when I visit a site I like, like InfoWorld, and the minute I arrive on the page, the audio from an advertisement starts blaring through my computer's speakers. The other night, this happened to me while I thought I was browsing in silence next to my sleeping wife.
Although it's not the sort of invasion that spam is, I feel as though this sort of taking over of my system is in the same vein. It feels like someone is taking liberties with my system that I don't want taken. I could understand if I was visiting a page that had nothing but a multimedia element to it (eg: audio or video). Even many of those pages default to a mode that requires the user to push the play button first. But where a text-based page is definitely the expectation of the end-user, those expectations should not be met with blaring audio from an advertisement. It already sucks how some video advertisement-bearing pages slow down the overall page-load time in order to cache the video up. But if you want me to continue to visit your site, default the audio to off and and if the auto-playing video or animation is something I desparately need to hear, I'll turn it on thank you very much (if the powers that be at ZDNet ever think otherwise, I will speak up).
OK, now back to our regularly scheduled programming: InfoWorld's story on 12 promising research projects. If I could say something to the author of that story, it would be that so long as any anti-spam solution is not deployed universally throughout the Internet's e-mail system (in other words, so long as some anti-spam tech is not a standard), that anti-spam solution actually makes the spam problem worse. You read that right. Worse. Proprietary anti-spam solutions make the global spam problem worse. They are digging us deeper into the hole that the Internet is already in because everyone who makes those solutions is under the false belief that "s/he who is finally successful at filtering out all spam while allowing the legitimate mail in wins."
I know I sound like a broken record on this. But when will the world (and especially journalists who cover e-mail security) finally realize that InfoWorld's story is a headline that gets repeated year after year after year after year. Yet despite the ritual, the only result we continue to see, year after year, is that spam keeps getting worse. Year in and year out, hundreds of anti-spam solution providers contact me to tell me that I have it all wrong and that their solution is actually the one that will make a difference. But no anti-spam solution provider is dumb enough to promise that if I buy or use their solution, it will guarantee that when I send mail, it will actually get into the intended recipient's inbox without mistakenly being classified as spam and being filtered off into a spam folder where the recipient might never see it. And herein lies the real problem with spam: So long as there are no standards and we rely on an ever increasing number of proprietary solutions to solve the spam problem, the deliverability of legitimate e-mail will never be guaranteed and in fact will become even less reliable. Let's face it: The deliverability problem of legitimate mail is actually worse than the spam itself. Much the way spam is on the rise, so too is the number of false positives. So too are the number of e-mails from our banks and other financial institutions that we won't even open for fear that they're phishing attempts and that they'll surreptitiously do something to our systems or finances. The sooner the world admits to this reality, the sooner we'll see an improvement to the situation.
The only way anti-spam vendor X can guarantee that when I send legitimate mail to someone else that it won't get falsely flagged by the recipient's anti-spam system as spam is if the recipient is also using vendor X's system. In other words, vendor X's antispam solution has to be deployed universally. In other words, it's a standard (strangely, most antispam vendors recognize this as being true and think that somehow, based on antispam prowess alone, they can wipe out all the other antispam solutions and be the last man left standing. It's a pipe dream). On the other hand, if I use vendor X's proprietary system and the recipient uses vendor Y's proprietary system, there's no way for the two to interoperate in a way that keeps legitimate mail from getting falsely classified as spam. Unfortunately, so long as we keep coming up with new anti-spam systems and those systems get deployed to just a portion of the Internet's e-mail systems, the problem gets worse.
In other words, the more proprietary approaches and solutions that are out there and that the world buys into (and that the press endorses), the worse the problem gets because we distance ourselves even further from what the true solution needs to be: something standard -- something that's inherently built into every e-mail system (regardless of who makes or provides it) much the same way all the current solutions know how to send and receive mail to and from one another (they work over a standard called the Simple Mail Transfer Protocol).
As I've said before, the only breakthrough that will matter will be when MAGY (pronounced "maggie"; Microsoft, AOL, Google, and Yahoo) finally gets together and commits to jointly supporting the same technical solutions. Until then, everything else is nothing more than placebos, leading all of us to false hope and an ever-worsening situation.