News
Commentary
3/4/2003
02:07 PM
Commentary
Commentary
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Editor's Note: Readers' Responses To April 7 Column

A broad coalition of industry, end-users and politicians is searching hard for a solution to the rising problem of e-mail spam. A mix of legislative and technological means to put a stop to (or at least limit) the problem been suggested. Here are some tips, ideas, and comments from InformationWeek readers in response to a recent column by Editor, Stephanie Stahl. Have you found a way to stop the probl

Ms. Stahl,
I liked your "Editor's Note" in the most recent issue of IW. I would add one more factor to the solution. Make it a requirement for EXPLICIT consent to receive e-mail from unknown senders. There should never be implicit consent. I do not want and never consented to receive a barrage of e-mail from 20 different vendors just because I went to a website that had adds. I do want to be in control of what I receive. I should be able to set a price (paid to me, say by reducing the cost of my monthly ISP fees) for unsolicited e-mail. If it is not paid, the server trashes the message.


Regards,
Tad Edwards
Clinical Informatics, Asante Health System



I agree that the rules of e-mail have to change. My ideas aren't yet fully baked, but are based on:

  • voluntary cooperation among e-mailers, ISPs, and clients
  • market forces and technology to encourage cooperation, and provide some funding for Internet operations
  • mailer pays
Here's the plan:

E-mailers would purchase "e-stamps" from ISPs, perhaps based on some sort of PKI certificate process. Rates would depend on class of e-mail, based largely on existing USPS categories, with some nuances added to recognize e-mail's peculiarities. (Some examples: First-class, Various levels of bulk, Subscribed Mail List, Individual Response, Automated Response.) These e-stamps would show that the mailer has paid appropriate fees to the ISP, and in some way unambiguously identify the e-mailer.

E-mailers could also characterize their mail as to content. (An obvious example: Pornography.)

Clients would have 3 significant options available to them:

  • They could elect to reject any unstamped e-mail out of hand
  • They could filter based on class and content
  • They could report mis-classed or mis-characterized e-mail via a very simple process (perhaps a single click) to a central authority who would confirm the fraud, and notify the ISP. The ISP could immediately block the offending e-mailer. If the ISP continued to allow e-mail fraud, he would be placed on a blacklist, similar to the way individual mailers are blacklisted today. Clients could, of course, elect to refuse mail originating from blacklisted ISPs.
So, most of the power is in the client, where I believe it belongs. The default is, as now, to accept anything or use the crude filtering available today, so that there would be no "big bang" date at which time everybody would have to turn all this stuff on. However, as soon as e-mail clients with these filtering capabilities become widespread, and end-users start using it, ISPs and e-mailers would be under intense pressure to join the club.

As for fees, I'd be happy to pay, say, $.01 per e-mail. I'm a pretty active e-mailer, but that would only cost me about $50/year, far less than the cost of a good rules-based or content-based filter software. Based on the amount of time I spend wading through the junk and worse that I get now, that cost would be justified in one day. Spammers who send millions of e-mails at a crack would get some sort of bulk rate, but by paying more would presumably be assured of a higher delivery rate. At some cost, a "return receipt" could be automatically provided so that the e-mailer would have evidence of his true reach in the marketplace.

Now for the real zinger - who should manage all this? I vote for the United States Postal Service. They've got the infrastructure, experience with classifying and inspecting mail, deserve some compensation for their loss of first-class mail revenue, and are the obvious choice, IMHO.

Who wins? Mainly the end user. Who loses? Mainly the anonymous junk e-mailer. Do I care? No. Do you?

Mike Armstrong
Polk City, FL



There is a simple two step technology solution that has always been available. First, require a Type Identifier in the mail header, and a "Type" tag for HTML pages. Second, pass a Federal law requiring all mail and HTML pages to carry the Type Identifier with stiff penalties for absence or falsification. Foreign mail and HTML pages without the Type Identifier could be blocked at US hubs.

It would be child's play to develop categories and sub-categories, and the vetting and publication processes could be handled by W3C. Private industry would then be able to implement smart filters at both the server and mail/browser client levels.

The problem is that nobody really wants to address the issue.

Tom Byrne


Permission-based e-mail is certainly a good tool, but people get annoyed at having to apply for permission. It can also be confusing to some people and they won't complete the process - they just give up. :-)

TMDA is probably one of the best tools for doing this, although there are others.

They all require you to whitelist any mailing lists you subscribe to.

Spammers most likely will not apply for permission, although anything you can automate, they can too, so I expect that this method will become less effective in the future.

I have had very good luck with filtering based upon statistical analysis. What I'm using is the Junk Mail features of Mozilla 1.4a. It is very effective and, after a weeks worth of training and checking up on it, I don't see it tagging good mail as spam, nor does it miss much real spam. I highly recommend it.

Stuart Krivis
Hostmaster & Purchasing Manager, APK Net, Inc.



Dear Stephanie,
I just read your editor's note for the April 7th Issue of InformationWeek. I wonder if you've yet heard of Bayesian filtering?

Bayesian filtering is a true breakthrough in spam-filtering technology. Basically, any time you mark a message as spam, it looks at it for patterns. Any e-mail you do not mark as junk, it also checks for patterns. This unique method allows it not only to identify potential spam, but to identify potential "good" mail. It then checks each new piece of e-mail for both "good" and "bad" identifiers, and makes a decision based upon the "good" rating and the "bad" rating. This helps greatly reduce false positives.

This means that, when you delete your spam in the mornings from now on, you can rest assured that the following morning, you won't have to delete quite as many. I'm sure I don't receive as much spam as you do (my e-mail address is not published in a national magazine), but I do post to newsgroups. Since I've begun using a Bayesian filter, I average about one spam e-mail per week. I've had about three false-positives in total, which I deselected as spam, which "taught" the filter that those e-mails were good.

The e-mail client in the current version of the Mozilla browser contains the Bayesian technology, which is itself Open Source. You can read about Bayesian filtering on any number of websites.

Potential downsides? The filtering is personal; you can't have just one Bayesian filter for an entire company. My "good" mail may look like spam to you. Therefore, each individual must have their own filter. Also, this method is more resource intensive. I only mention this because I've read it in other places -- I haven't noticed any speed problems myself. I'd say that those two minor caveats are a small price to pay to eliminate spam.

Just thought you'd like to know about it. Perhaps you can educate your many readers with some of this information. Please feel free to use this e-mail, in whole or in part.

Shawn Milochik
Shawn@Linurati.net



Ms. Stahl,
I read your Editor's Note regarding spam. We have the alternative solution that you are looking for in your note. EM101 has deployed an anti-spam email service and appliance that quarantines and interogates each new email sender. The system can auto learn each users correspondents and automatically manage the accept and deny lists you mentioned.

Please check our website at www.em101.com.

Sincerely,
Harry Perper
www.EM101.com



Dear Ms. Stahl;
One way some people can reduce the amount of spam is by using a spam blocking service for publicly posted e-mail addresses. The one I use is despammed.com It has reduced the amount of spam I deal with every day quite a lot. I only wish I had known about this type of service earlier, so that my real e-mail address wasn't as common on the spam lists.

Glenn Laubaugh
Northwest Rail Electric
brasil98@despammed.com



Have you found a way to stop the problem? Let us know your thoughts in Stephanie Stahl's forum.

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek - July 21, 2014
Our new survey shows fed agencies focusing more on security, as they should, but they're still behind the times with cloud and overall innovation.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
In this special, sponsored radio episode we’ll look at some terms around converged infrastructures and talk about how they’ve been applied in the past. Then we’ll turn to the present to see what’s changing.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.