Breaking Spam

'SPAM, SPAM, SPAM, SPAM...lovely SPAM, wonderful SPAM'. Spam, like the Viking call in Monty Python's famous sketch, is persistent and annoying. Jesse Liberty offers his opinion on how we can combat this issue now and in the future.

Spam has finally gone from an inconvenience, to a significant annoyance, to an unmanageable burden.

Until recently, I was able to manage spam using software and it took only a few minutes out of each day, but with the stepping up of the amount of spam I’m receiving in my email (and apparently everyone else is too) it has become an international pestilence. What is worse, this is a problem fairly easily solved, and yet we are mired in argument about which ‘scheme’ to use. It is time to get off the dime and implement one.

Personally, I’d vote for stamps, a scheme that has been in the pipeline for years. I’d collapse two proposals into one, thereby overcoming the objections to both. Here is how it would work:

Stamps to Solve Spam

In order for my ISP to accept and pass on an email to me, it would need to have a ‘stamp’ on it. The stamp would have to match a hash-code algorithm (or an identification GUID) that the ISP would purchase from an international consortium, and that hash-code algorithm would be (a) secret, (b) free to the ISP, and (c) something that the ISP could process very fast. The cost to the ISP would be virtually zero – certainly less than the spam filtering being carried out today.

To generate such a stamp, the sender has two choices. They can ‘buy’ a stamp from their ISP, for $0.001USD, or they can pay for it by solving a hash-code problem expected to take about 1 second on a typical home computer. The ISP keeps the payment in exchange for the overhead of generating the stamps, and is permitted to sell them in bulk lots of ten (that is, a penny’s worth at a time).

By the same regulatory conventions that cover domain names and other aspects of the Internet, recipients will not be allowed to ‘demand’ higher cost stamps be affixed to incoming mail (all stamps will be of a single type as far as ISPs are concerned) and ISPs are not allowed to increase the cost of stamps without international agreement.

To the consumer, the cost of sending email remains virtually unchanged. I can send 100 emails a day, every day for a month for less than the cost of one first class stamp. And who sends 100 or more emails a day anyway?

Well, spammers do. Indeed, to a spammer, the costs escalate pretty quickly. A million outbound emails just went from free, to $10,000. If that spammer wants to avoid the deci-penny cost, they’ll have to pay the computing cost, and one million seconds is two years of computing power. Pretty soon, it’s time to buy more computers. In any case, spam stops being free.

We can, of course, get fancier, and have a sliding scale, in which stamps from any given ISP rise in cost during the course of a month. The first 100 stamps in a month are a tenth of a penny, the next 100 stamps are a penny each, each block of 100 stamps after that double in price (.02, .04, etc.). It quickly becomes prohibitive to buy from the same ISP, and spammers must spread their business across ISPs, creating more difficulties for them, more bookkeeping and greater overheads.

One objection, often raised, is that even twenty or thirty cents a month is prohibitive in some countries. There are many answers to this problem. First, it would be perfectly legal for an ISP to choose to deliver unstamped mail to anyone who wishes to receive it; this not only allows everyone in a given country to opt out, but international companies can also opt to receive unstamped mail from specific senders. Second, there is the computed hash-value alternative, which would be virtually unnoticeable for routine email.

The key question is whether spammers would be able to break the lock on the stamps themselves. If the stamps use the same level of technology currently used in Public Key Encryption, there is no reason to suspect that we can stop them cold. Yet if US, British and E.U. law enforces the stamp act, we should see a dramatic drop in inbox-stuffing junk email within days.

Personal Hacks

Until recently, I was happily using software called SpamCatcher, but the effort of sorting through the suspected spam became overwhelming with the volume of junk I was receiving. And SpamCatcher was actually an effective program! I may go back to SpamCatcher, but for now, I’ve been forced to stop taking email from all unknown addresses just to cut down on the time I’m spending dealing with email every day.

To do this, I’ve written a ‘rule’ in Outlook, that I run by hand twice or more every day that sends a polite note informing everyone who sends me email (whose address is not in my list of contacts) that their email was not read, but that they can reach me through my website. I then dispose of their email. This rule is shown in figure 1:

323-Fig1-breakingspam-dec06.gif

Figure 1. The Outlook Rule

(To create the reply template, use the Outlook editor, and save your email as a template rather than as an email).

To make this work, I had to create a program to accept email through my web site, as shown in figure 2:

323-Fig2-breakingspam-dec06.gif

Figure 2. Email Form

Having to cut out all incoming unknown mail turns out not to be all bad news. By being forced to change, I learned a few things along the way.

First, I was surprised to see how few folks objected to my polite note telling them that their email was not received and that to reach me they needed to log on to my site and send me email from there. This kind of reaction convinced me that I can’t have been the only one suffering from spam overload.

Second, I had a real-world opportunity to play with AJAX when creating the form, showing me (as I will detail in an article for Simple-Talk very soon) how incredibly easy it is to create water-marks (text that disappears when you type in the text box) as shown in figure 3. I also learned how easy it is to make animations, as shown in figure 4.

323-Fig3-breakingspam-dec06.gif

Figure 3. Watermarks

323-Fig4-breakingspam-dec06.gif

Figure 4. Animation (frozen)

The form asks the user to put in his or her return email, a subject and the text of the email. When the user clicks send, the email is sent to me from a known, safe, email address using SMTP.

I use Outlook to route these emails to a particular folder and reply as quickly as possible, often adding the author to my safe senders list.

This has worked quite well, at least for now. I’ve cut down on handling junk email from an hour a day to a few minutes, a few times a day, and I’m pretty comfortable that if I’m trashing important email at least the sender is being notified and offered another way to reach me. That said, this is a very ad-hoc solution, and one that is very dependent on user-intervention.

The right answer, of course, is not to have each recipient write code (and not every recipient has a website to redirect potential senders to in the first place) but to solve it at the ISP level. If the stamp idea has rough edges to smooth out, I’m convinced there are smart people who can solve the problem, if they are sufficiently motivated. The problem, of course, is that spammers make money on what they do, and have resources to defend their industry. Recipients, however, have no organized voice.

As spam increases, however, the cost in wasted time and effort is growing, so I’m reasonably optimistic that the balance may be shifting, and perhaps not long after you read this, those smart folks who are competing for our high speed internet connection dollars will discover that low spam is a competitive edge.