Oren Etzioni: Fighting Spam with Spam

Oren Etzioni: Fighting Spam with Spam

Even though I’m a Professor of computer science, I have failed to protect myself from the daily nuisance of unsolicited and unwanted commercial e-mail known as “spam”. It’s time to fight back. Last week, a consumer association called for new legislation to combat spam, but the legal process is cumbersome and ineffectual in this case.

Although more than ten states have enacted anti-spam laws, courts in at least two states have ruled that the laws are unconstitutional. Furthermore, spam is a global phenomenon, and much of the spam we receive originates outside the United States.

I say let’s fight spam with spam!

Spammers rely on most of us to quietly delete their unwanted e-mail and go about our daily business. They hope to lure the few who are potentially interested in their dubious propositions (“URGENT AND CONFIDENTIAL BUSINESS PROPOSAL”…”Watch Monika live”). What would happen if many of us responded to each spammed message? Unlike viruses, whose authors can hide in the shadows of the Internet, each piece of spam has to have a simple trail for recipients to follow so that the spammer can ultimately make money. Faced with hundreds of thousands of responses, the spammer would have to employ substantial resources to find genuinely responsive individuals — the cost of successful spamming would shoot up and its frequency would naturally drop. Of course, responding to spam requires more effort than merely deleting it, but fighting back is also more satisfying. More important, if doing so will result in a chilling effect on spam, the effort will pay off over time.

Spammers will inevitably cower behind walls of automation. However, anti-spammers could find a receptive ear at their payment processor be it Visa or Paypal. Also, we could contact a spammer’s ISP. Web sites could spring up that would direct anti-spammers to the appropriate contact points. In the rare cases where there is no person to contact, anti-spam activists could mount a legitimate grass roots “denial of spam” attack on spammer web sites, flooding them with requests which would grind them to a halt.

One might question whether anti-spam forces could muster large enough numbers of volunteers. But remember that the Internet community is huge, and none of us get a free pass from spam. To bolster the effort, we could build anti-spam amplifiers that take each bona-fide individual request and turn it into ten or even one hundred requests directed at the spammer. We would need safe guards to prevent the abuse of such amplifiers, but the small “volume” of the amplifier ensures that only a large group of individuals could have any real impact. This sort of approach may need further refinement, but it has a satisfying symmetry to it — any spammer can count on a powerful torrent of counter-spam directed right back.

The effort to fight spam is also justified by its growing cost.

The most immediate cost of spam is the momentary irritation of identifying and deleting it; multiplied by literally billions of e-mail readers, this cost is substantial. Spam also results in a financial burden to the companies that operate the Internet infrastructure.

Hotmail estimates that it receives over a billion spam messages per day, and that number is growing rapidly. Finally, spam has an intangible cost that arises from its negative impact on electronic discourse. For instance, people obscure their e-mail addresses, or refrain from posting their address in public forums to try and avoid spiders that collect e-mail addresses as grist for spam-spewing mills.

There are some measures already in place to fight spam. America Online, for example, enables users to elect to only receive e-mail from designated, pre-approved e-mail addresses. If you’ve tried sending a legitimate message to such a user, then you’re aware of how annoying this measure can be. Moreover, users are forced to continually update such lists and inevitably fail to receive important messages. A cottage industry has sprung up of companies attempting to filter e-mail and prevent spam from reaching its target. However, filters run the risk of inadvertently blocking desirable e-mail. As a result, the filters are conservative in blocking messages and often let spam through. Spammers have also become increasingly adept at creating spam that masquerades as ordinary e-mail.

One of the more promising technical proposals for blocking spam is the use of mini Turing tests. Turing tests are puzzles that are intended to discriminate people from programs. Such schemes work as follows. Whenever I receive an e-mail message from an unknown recipient, my mailer automatically sends a message back politely requesting that the sender solve a simple puzzle to demonstrate that they are a person and not a spam machine. The original e-mail is transmitted to me only if the sender does indeed reply with a solution to the puzzle. In that case, the sender’s e-mail is placed on a list of approved senders so that the sender does not have to solve a puzzle every time they send a message. Nevertheless, this process is awkward, potentially insulting to the sender, and far from fool proof.

The limitations of blocking and filtering approaches have led experts to consider a range of economic remedies. Such remedies focus on the fact that the cost of sending e-mail is close to zero. Increasing that cost, by paying the recipient of a message or by introducing a post office of some sort into the Internet, would clearly “can” much of the spam we receive. The downside of such remedies is that they take a free service and attempt to charge for it. History shows that such attempts meet overwhelming resistance from people. My colleague Fernando Pereira has suggested that each Internet Service Provider (ISP) ought to compensate other ISPs for the spam that they send. Thus, if a Korean ISP sends Hotmail more spam than it receives from Hotmail (a spam surplus) then it would have to pay Hotmail, or Hotmail would refuse to receive e-mail from that ISP. This innovative proposal would incent ISPs to better police their accounts and cut down on spam, but would require multi-lateral agreements that may be difficult to achieve and enforce.

Yesterday, I created a new e-mail account, and within twenty four hours I received over twenty five pieces of spam. The Internet is drowning in spam, and it stinks! Virtually all of us simply hit the delete button on our key board. Let’s distribute software that automatically converts that single key stroke to a clear response to the spammers — stop spamming or taste your own medicine.

By Oren Etzioni

Leave a Reply