Editor's Note: Readers' Responses To April 7 Column
A broad coalition of industry, end-users and politicians is searching hard for a solution to the rising problem of e-mail spam. A mix of legislative and technological means to put a stop to (or at least limit) the problem been suggested. Here are some tips, ideas, and comments from InformationWeek readers in response to a recent column by Editor, Stephanie Stahl.
Have you found a way to stop the probl
I liked your "Editor's Note" in the most recent issue of IW. I would add one more factor to the solution. Make it a requirement for EXPLICIT consent to receive e-mail from unknown senders. There should never be implicit consent. I do not want and never consented to receive a barrage of e-mail from 20 different vendors just because I went to a website that had adds. I do want to be in control of what I receive. I should be able to set a price (paid to me, say by reducing the cost of my monthly ISP fees) for unsolicited e-mail. If it is not paid, the server trashes the message.
Clinical Informatics, Asante Health System
I agree that the rules of e-mail have to change. My ideas aren't yet fully baked, but are based on:
voluntary cooperation among e-mailers, ISPs, and clients
market forces and technology to encourage cooperation, and provide some funding for Internet operations
Here's the plan:
E-mailers would purchase "e-stamps" from ISPs, perhaps based on some sort of PKI certificate process. Rates would depend on class of e-mail, based largely on existing USPS categories, with some nuances added to recognize e-mail's peculiarities. (Some examples: First-class, Various levels of bulk, Subscribed Mail List, Individual Response, Automated Response.) These e-stamps would show that the mailer has paid appropriate fees to the ISP, and in some way unambiguously identify the e-mailer.
E-mailers could also characterize their mail as to content. (An obvious example: Pornography.)
Clients would have 3 significant options available to them:
They could elect to reject any unstamped e-mail out of hand
They could filter based on class and content
They could report mis-classed or mis-characterized e-mail via a very simple process (perhaps a single click) to a central authority who would confirm the fraud, and notify the ISP. The ISP could immediately block the offending e-mailer. If the ISP continued to allow e-mail fraud, he would be placed on a blacklist, similar to the way individual mailers are blacklisted today. Clients could, of course, elect to refuse mail originating from blacklisted ISPs.
So, most of the power is in the client, where I believe it belongs. The default is, as now, to accept anything or use the crude filtering available today, so that there would be no "big bang" date at which time everybody would have to turn all this stuff on. However, as soon as e-mail clients with these filtering capabilities become widespread, and end-users start using it, ISPs and e-mailers would be under intense pressure to join the club.
As for fees, I'd be happy to pay, say, $.01 per e-mail. I'm a pretty active e-mailer, but that would only cost me about $50/year, far less than the cost of a good rules-based or content-based filter software. Based on the amount of time I spend wading through the junk and worse that I get now, that cost would be justified in one day. Spammers who send millions of e-mails at a crack would get some sort of bulk rate, but by paying more would presumably be assured of a higher delivery rate. At some cost, a "return receipt" could be automatically provided so that the e-mailer would have evidence of his true reach in the marketplace.
Now for the real zinger - who should manage all this? I vote for the United States Postal Service. They've got the infrastructure, experience with classifying and inspecting mail, deserve some compensation for their loss of first-class mail revenue, and are the obvious choice, IMHO.
Who wins? Mainly the end user. Who loses? Mainly the anonymous junk e-mailer. Do I care? No. Do you?
Polk City, FL
There is a simple two step technology solution that has always been available. First, require a Type Identifier in the mail header, and a "Type" tag for HTML pages. Second, pass a Federal law requiring all mail and HTML pages to carry the Type Identifier with stiff penalties for absence or falsification. Foreign mail and HTML pages without the Type Identifier could be blocked at US hubs.
It would be child's play to develop categories and sub-categories, and the vetting and publication processes could be handled by W3C. Private industry would then be able to implement smart filters at both the server and mail/browser client levels.
The problem is that nobody really wants to address the issue.
Permission-based e-mail is certainly a good tool, but people get annoyed at having to apply for permission. It can also be confusing to some people and they won't complete the process - they just give up. :-)
TMDA is probably one of the best tools for doing this, although there are others.
They all require you to whitelist any mailing lists you subscribe to.
Spammers most likely will not apply for permission, although anything you can automate, they can too, so I expect that this method will become less effective in the future.
I have had very good luck with filtering based upon statistical analysis. What I'm using is the Junk Mail features of Mozilla 1.4a. It is very effective and, after a weeks worth of training and checking up on it, I don't see it tagging good mail as spam, nor does it miss much real spam. I highly recommend it.
Hostmaster & Purchasing Manager, APK Net, Inc.
I just read your editor's note for the April 7th Issue of InformationWeek. I wonder if you've yet heard of Bayesian filtering?
Bayesian filtering is a true breakthrough in spam-filtering technology. Basically, any time you mark a message as spam, it looks at it for patterns. Any e-mail you do not mark as junk, it also checks for patterns. This unique method allows it not only to identify potential spam, but to identify potential "good" mail. It then checks each new piece of e-mail for both "good" and "bad" identifiers, and makes a decision based upon the "good" rating and the "bad" rating. This helps greatly reduce false positives.
This means that, when you delete your spam in the mornings from now on, you can rest assured that the following morning, you won't have to delete quite as many. I'm sure I don't receive as much spam as you do (my e-mail address is not published in a national magazine), but I do post to newsgroups. Since I've begun using a Bayesian filter, I average about one spam e-mail per week. I've had about three false-positives in total, which I deselected as spam, which "taught" the filter that those e-mails were good.
The e-mail client in the current version of the Mozilla browser contains the Bayesian technology, which is itself Open Source. You can read about Bayesian filtering on any number of websites.
Potential downsides? The filtering is personal; you can't have just one Bayesian filter for an entire company. My "good" mail may look like spam to you. Therefore, each individual must have their own filter. Also, this method is more resource intensive. I only mention this because I've read it in other places -- I haven't noticed any speed problems myself. I'd say that those two minor caveats are a small price to pay to eliminate spam.
Just thought you'd like to know about it. Perhaps you can educate your many readers with some of this information. Please feel free to use this e-mail, in whole or in part.
I read your Editor's Note regarding spam. We have the alternative solution that you are looking for in your note. EM101 has deployed an anti-spam email service and appliance that quarantines and interogates each new email sender. The system can auto learn each users correspondents and automatically manage the accept and deny lists you mentioned.
Please check our website at www.em101.com.
Dear Ms. Stahl;
One way some people can reduce the amount of spam is by using a spam blocking service for publicly posted e-mail addresses. The one I use is despammed.com It has reduced the amount of spam I deal with every day quite a lot. I only wish I had known about this type of service earlier, so that my real e-mail address wasn't as common on the spam lists.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.