Business Technology: A Trip To The Woodshed For Serving Tainted Spam - InformationWeek
Software // Enterprise Applications
04:30 PM
Bob Evans
Bob Evans
[Cybersecurity] Costs vs. Benefits
Feb 28, 2017
This online event, hosted by the editors of Dark Reading, brings together IT security leaders, bus ...Read More>>

Business Technology: A Trip To The Woodshed For Serving Tainted Spam

Three letter-writers take Bob Evans to the woodshed for publishing anti-spam solutions from readers without vigorously vetting the efficacy of those suggestions. Also, they offer a range of rich anti-spam resources and perspectives.

Last month, I put together a couple of columns about how readers were approaching the anti-spam battles that get bigger, uglier, and more costly each day. From the substantial volumes of mail these columns generated, it's clear this topic is of great importance to many of you--and it's equally clear that massive confusion--some would say ignorance--abounds regarding precisely what to do about this electronic pestilence.

And from a handful of the letters I received, it's also perfectly clear that some readers feel I don't know the difference between spam and filet mignon. If that's all they had to say, I congratulated them on their insightfulness and filed the letters appropriately. However, three writers in particular delivered not only vigorous woodsheddings but also some terrific resources and connections for the anti-spam warriors so many of you are becoming. So I'd like to share with you the important resources those good folks offered, as well as--in the interest of full disclosure, healing, and penance--some of the verbal thrashings. Here we go.

I'd like to ease into it a bit by starting with comments from a colleague--heck, a longtime friend!--who, although speaking softly, carried a big stick, and that stick bore this message in big fat letters: THE IDEAS ARE USELESS! Mitch Wagner, editor of the Security Pipeline site from InformationWeek sibling TechWeb wrote an excellent response to my Dec. 20 column, and this excerpt is typical: "Like all the usual proposed spam solutions, InformationWeek's readers' ideas are great. But, alas, they won't work."

For example, regarding the idea proposed by numerous readers that an ISP-imposed "tax" on each E-mail message sent would eliminate spam, Wagner says, "... the problem with all proposals like Mr. Lepant's, requiring that Internet service providers charge an E-mail tax, is that many ISPs are unscrupulous. They're spam-friendly. They won't charge the high rates for E-mail, and [thus] they'll rake in even more dirty profits than they did before."

And Wagner has this to say about readers' suggestions that federal-government legislation will do the trick: "The problem with that solution is that it assumes the federal government actually cares about spam.

"In fact the government just doesn't care. Not a bit. Congress passed the Can-Spam Act last year, with its sponsors claiming that it would put a stop to spam. Now it's a year later, and the Can-Spam Act has had very little effect, and the effect it has had has been bad--Can-Spam cancelled out tougher state laws that might have actually worked. If Congress had simply done nothing, it would have been bad enough. But the Can-Spam Act is worse than nothing, it's an insult to the Internet community."

After that wrist-slap, things got more intense with this well-reasoned and resource-rich reply from Andy Lester. While Andy's opening sentence did a pretty good job of expectation-setting, I still somehow managed to disappoint: "I don't always expect computer journalism to be of the highest quality, but Bob Evans' column in the Dec. 20 issue of InformationWeek has turned into the print equivalent of a talk-radio show about spam, providing a non-critical platform for any old idea in the guise of public forum."


Microsoft wouldn't say if it plans eventually to charge for the Windows AntiSpyware application. "We want to get the beta out there to focus on customer feedback," [ Microsoft security business unit director Amy] Carroll says. "We'll decide later how we will productize it."

--, Jan. 6

Here's Andy's reaction to ideas that ISPs should be targeted: "Again, no commentary from Bob. Anyone who's vaguely aware of the issues surrounding spam knows that it's impossible to get all ISPs to do something, and that legislation is not global. It's impossible to get 'each ISP' to 'simply charge for E-mail.' "

To ideas that spam messages be automatically returned to the spammer, thereby overwhelming its systems, Andy said, "That's fine, but where's the analysis? At the very least, Bob should have pointed out that all these ideas won't work because the spammer has no reason, other than basic human decency, to not bother you. He should also have pointed out that yes, there is a way to tell the spammer the message is no good. It's a 550 response code in the SMTP transaction, which the spammer gets and then tries another E-mail address to see if it's valid. This approach is called a dictionary attack. "

I think Andy then got to his basic point: Wicked problems can't be solved by lightweight solutions, and that I had thereby done a disservice to readers by summarizing their "unworkable" ideas without supplying my own accompanying critical analysis. On that one, I stand guilty as charged. Yet, I could also say that the point of the column was not so much for me to attempt to demonstrate that I have deeper technological insight into spam and anti-spam than you do (a prospect that is beyond absurd), but rather to use these collected submissions as a reflection back to you of how some of your peers currently view this rapidly escalating problem. Does the IT community seem to have a handle on stifling spam? Based on the ideas some of you sent, apparently not. And that's where the value of people like Andy Lester and Mitch Wagner is truly revealed, because they went well beyond constructive criticism and offered numerous ideas and solutions. I've offered some of those below, and you can find even more-complete lists from Andy and Mitch here.

1 of 2
Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll