|
|
|
Click the comments link on any story to see comments or add your own.
|
31 Jul 2004
IBM researcher Nathaniel Borenstein has commented that everyone agrees that spam is bad, and that's a huge impediment to doing anything about it. Having decided that spam is bad, it's tempting to divide the spam problem into smaller problems and try to solve the smaller problems, then put the solutions to the subproblems together and, voilà, no more spam. That would be fine if the combined subproblems were truly equivalent to the spam problem, but that's rarely the case. A common approach is to divide the spam problem in to the authentication problem and the introduction problem. The authentication problem involves ensuring whoever claims to have sent an e-mail message really did send it (or as a minor variant, that the recipient can detect and reject forgeries.) Authentication has gotten a lot of attention with systems like PGP, S/MIME, SPF, Sender-ID, and Domain Keys. While it's far from solved, it's fairly well understood. The introduction problem involves vetting mail from people who haven't written before. The idea is that a recipient keeps a list of people who've sent good e-mail. When a message arrives from someone not on the list, the sender does something to indicate good faith or non-spamminess, and is then added to the recipient's list. If the introduction fails, the recipient might put the sender into a bad senders list, or just ignore the message so future mail from the same sender will require another introduction attempt. The introductory something can be fairly complex and onerous, since each sender only has to introduce himself once to each recipient, and it should be onerous enough that spammers won't go to the effort to do it. In such a system, we'd expect bad guys to try to circumvent the introduction by forging mail from someone already in the recipient's list. That's why the introduction approach is only useful if the authentication is good enough to prevent forgeries. Viewed in this way, a lot of anti-spam proposals turn out really to be introduction proposals. Challenge/response, hashcash, CAPTCHAs (blurry pictures of words that the user has to retype), and refundable e-postage fall into this category. While some of these proposals are quite clever, and some of them are plausible solutions to the introduction problem, none of them solve the spam problem, because the introduction problem is not the spam problem. For one thing, the introduction approach doesn't match the way that people really use e-mail very well. Its model is that a stranger will write to you, you'll decide whether you like the stranger's mail, and then add that e-mail address to your accept or reject list. But people visit a vendor's web site, order something, get order confirmations and (if they ask for it) newsletters from the vendor. But what address will the confirmations and newsletters come from? It's rarely possible to predict. We can imagine schemes where as part of the ordering transaction the vendor adds its addresses to the user's good sender list, but even if such schemes could be designed and deployed, they would be a tempting target for bad guys to subvert and stuff their addresses into unwitting users' lists. For another, the introduction scheme presumes that senders' behavior stays the same, that someone who sends good mail will always send good mail and vice versa. That strikes me as extremely optimistic. In the late 1990s, spammers sent spam through other people's existing mailing lists. They don't spam that way now since other approaches are easier, but if the fastest way into people's good sender lists is to piggyback on other mailing lists, they'll do it again. They'll join the list, possibly sending out an innocuous message or two, then blast out spam to the list until the list owner notices and cuts them off. (Yes, this has happened.) The introduction approach presumes both that mail from unknown senders is probably spam, and that legitimate senders are interested enough in getting their message delivered to bear the burden of the introductory something. This may be true, or it may not be. I often see someone ask a question on a mailing list or newsgroup, send them an answer to the question, and get back some sort of introductory challenge. Am I going to jump through their hoops to do them a favor? Probably not. Finally, the spam problem is unwanted bulk mail, regardless of where it comes from, not mail from strangers. I publish contact e-mail addresses in my books, and readers send me a lot of mail. It's from people who haven't written to me before, and it's not spam. An accreditation system (third parties that vouch for senders) would help manage that problem a lot better than an introduction system. Introduction systems aren't inherently bad, but they're not inherently related to spam, either. posted at: 10:25 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/intro.trackback 28 Jul 2004
A proposed anti-spam technique called Attention Bonds has been getting a lot of press lately. It's not a particularly new idea; Philip Raymond of Vanquish, Inc. has a patent on the technique applied for in 2002 and issued earlier this year. In its latest incarnation, it's proposed by University of Michigan economists, starting with an analysis that comes to the not very surprising conclusion that we'd all be better off if something other than spam filters allowed more mail that people want to be delivered. Their propose a form of e-postage in which recipients can demand a monetary ``bond'' from unknown senders, which the receipient can either keep if the message is spammy, or return if the message turns out to be nice. Attention bonds are an unfortunate idea, particularly in an international forum. The first problem is that they make the all too common assumption that the bad guys will play by the rules. As I note in my e-postage whitepaper, as soon as you make e-mail cost real money, you open up a wide range of financial frauds and scams, ranging from fake payments from fake banks to scams where the bad guys induce people to send them mail and collect all the payments. Although it would be possible to create a set of rules and tribunals to deal with the new problems, there's no reason to assume that the result would be any less expensive and awful than the situation now. There's also the closely related problem that we still don't have any workable authentication scheme for e-mail so there's no way to prevent bad guys from lying about who they are and forging mail purporting to be from your friends. Second, they don't seem to appreciate how expensive it would be to build the necessary infrastructure, waving it away in one of their presentations by noting that phone systems bill to the second. The system that bills and settles payments among phone companies is big, complex, and expensive, and there are a lot more ISPs and networks than phone companies, even before you start to think about how you'd remit payments to individual mail users. Internationally, an attention bond system would kill e-mail from LDCs and countries with non-convertible currencies. For you or me, a bond of a couple of dollars is no big deal, but for someone at a cybercafe in Ghana or Nepal, or a student in Iraq using facilities at school (I currently correspond with one), two dollars would be a large chunk of a week's disposable income, if they could buy the bond at all, which they probably couldn't since they don't have a bank account. Even if you wave your hands and give everyone a bank account, the system is not set up for vast numbers of automated transactions. Paypal is the most widely used online payment system. It's a swell system, and their highly automated system is cheaper than manual credit card charges. but each transaction requires logging in and working through a series of screens, both to be sure the transaction is the one the user wants, and for Paypal to minimize the risk of fraud. Paypal currently handles about 500,000 payments per day (according to their SEC filings). Even if only one message in a hundred did a bond thing, when you consider how much e-mail flows around the world every day, that's still something like a thousand times more transactions than Paypal handles, and considerably more than the entire credit card system handles. Scaling that up wouldn't be either easy or cheap, and would require the investment of many billions of dollars. More hand-waving argues that there'd be multiple banks to spread the load around, so you need only verify a message's bond with the bank that's issuing its bond. That's OK, but we have to assume that spam will all have fake bonds that will need to be checked and rejected, which is nearly as expensive as a successful verification, but doesn't lead to a transaction that helps pay for the transaction system. Futhermore, if you, the recipient, expect to be paid, you'll need to check with your own bank to see if they trust the other bank to pay up, since it won't take long for the First Deceased Military Officers' Bank of Lagos, Nigeria to start issuing bonds that they will cheerfully verify but never pay. It's not impossible for your bank to provide you with an updated set of other banks whose bonds they'll accept, but lacking a central registry like Visa and Mastercard have, which would be a chokepoint, negotiating all of the agreements between all of the banks all over the world would be at the least painful, sort of a throwback to the way international banking worked in the 1930s with letters of credit to correspondent banks overseas. A friend of mine noted that any e-postage system needs good authentication to make sure the money flows to and from the right people. But with good authentication, there's more direct ways to deal with spam, such as third party reputation systems. Rather than spend billions of dollars to build a system that people will hate becuase it'll be a non-stop source of fraud and scams, wouldn't it make more sense to address the spam problem more directly? Addendum: one of the U.Mich group, Thede Loder, was at the ITU WSIS spam conference pitching attention bonds, and I had a chance to talk to him at some length. I hope he's now less underinformed about the realities of the world of e-mail, but based on subsequent e-mail correspondence, I'm not sanguine. posted at: 02:36 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/attentionbond.trackback
The first week in July I went to an acronym-heavy World Symposium on the Internet Society Thematic Meeting on spam in Geneva. A few people have reported this as a meeting by "the UN", which it wasn't. Although the International Telecommunications Union is now part of the UN, it dates back to an 1865 treaty to manage international telegraph communication. The ITU is now three pieces, the ITU-T which handles telephony and related things, the ITU-R which handles radio spectrum, and the ITU-D which coordinates telecom related development in less developed countries (LDCs.) The ITU-T coordinates telephone number country codes, standards for interconnection phone and data networks, and other things to glue the world's phone systems together, and was the main part of the ITU visible at the meeting. The ITU isn't the part of the UN that's supposed to have black helicopters; they would be across the street at the Palais de Nations. Since most countries have permanent delegations in Geneva or nearby, there were representatives from lots of little countries present as well as most of the big ones. The big country reps tended to be political, so that for example the US delegation was from the State Department, appeared to have no experience or instructions relative to spam, and merely objected to language in the report that might have required that the US do something. A fair amount of the conference was spent on describing the spam landscape (I discussed the limited standards efforts currently under way) and a bunch of snoozers in which various governments told us that they sure thought it'd be a good idea to do something about spam. We all agreed that from the point of view of the governments represented, the most urgent need is to coordinate laws and law enforcement so they can pursue the crooks who send the bulk of today's spam and frequently use computers in multiple countries to do so. Most countries have laws that the crooks are breaking, about computer fraud and abuse or plain old theft, so the immediate issue is to enforce them. The American Federal Trade Commission and the corresponding British and Australian agencies recently signed a Memorandum of Understanding to cooperate in anti-spam enforcement. There was some sentiment for a MOU that lots and lots of countries could join, which would be administered by the ITU, but I got the impression that the big countries would rather not have the baggage of little countries to deal with. A topic that came up repeatedly was the disproportionate effect that spam has on LDCs. One problem is that their net connections tend to be slow and expensive, so merely downloading the spam to throw it away costs them a lot of time and money. This could presumably be solved at some cost to national pride by locating inbound mail servers or at least mail proxies in places with better connections so that most of the spam is filtered out before being sent down the expensive connection. A more subtle but more important problem is that the all of the spam and phishing and other misbehavior on the net makes LDCs reluctant to use the net at all. People in LDCs are no less smart than people elsewhere, but they rarely have the technical training or experience that their counterparts in developed countries do. The buzzphrase here is human capacity building, something the ITU-D does. The outspoken delegate from Syria made these points quite forcefully. The last session in the conference was the horse-trading leading to the conference report. (There's audio archives of the whole thing, so if you want, you can listen to the horses being traded.) I'm not sure exactly what this conference accomplished, but was clear that there's finally a global consensus that spam is a problem that needs to be fixed, and no country (well, except maybe the resurgently exceptionalist US) can do it alone. posted at: 01:08 :: permanent link to this entry :: 0 comments Trackback link is http://weblog.johnlevine.com/Email/wsis.trackback |
Topics
My other sitesOther blogsWord
to the Wise
Related sitesCoalition Against Unsolicited Commercial E-mail
|
||||||||||||||||||||
© 2005-2009 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will
not give, sell, or otherwise transfer addresses maintained by this
website to any other party for the purposes of initiating, or enabling
others to initiate, electronic mail messages.
![[Valid RSS]](http://www.taugh.com/valid-rss.png "Validate my RSS feed"){kind=small}