What's the Best Way to Can Spam?
April 20, 2001
The fundamental weakness of email is this: It is predicated on the assumption that humans are 100 percent good, but this assumption is hardly borne out by the online experience. If I place my email address out on the Internet anywhere at all, I have to assume that people will send me unsolicited email. That's just the way it works, like it or not.
Well, I don't like it. Not one bit. So I've been thinking lately about what can be done to stop unsolicited email and have collected a few interesting gems about the various strategies out there to curtail it. Today I'm going to take a look at a few of the many technical and not-so-technical approaches to the problem and point out their flaws.
If you'd like, skip to near the end of this article to read my idea about canning spam. I think it's pretty obvious, yet also pretty radical; I'd really like to know what you think of it.
Email Redirection and Filtering Services
Services like Bigfoot.com have existed for a while and are used by many, including the Curmudgeon. Bigfoot.com offers email-forwarding and spam-busting services. When email goes through an address you set up with Bigfoot.com, it is checked for how "spammy" it is; if Bigfoot.com determines that it is spam, it isn't delivered to you.
While this antispam approach is the most successful one out there, none of the systems like Bigfoot.com can keep up with the antics spammers pull to get that email into your inbox. For example, how can an email that has neither a "From:" or "Reply To:" address be filtered?
And how many perfectly legitimate emails get misidentified as spam and thus never reach the recipient? These services risk causing more harm than good. But the biggest problem is an economic one: Sending spam is cheap, filtering it isn't. Companies that filter it need to have a business model that accommodates this reality.
Single-Use Email Systems Like Mailshell
Mailshell takes a novel approach to the spam problem. It fights fire with fire by allowing you to generate one-time-use email addresses. When you want to submit an email address to a list subscription, a contest, or any e-commerce system, you first use Mailshell to generate a unique email address to use for this purpose. Email sent to this address will automatically be forwarded to your main Mailshell inbox or to your regular email address, as you like.
As soon as you start receiving email you no longer want, just tell Mailshell to stop delivering to that email address and Presto! that email address is dead. Senders will just get bounce-backs and they will stop sending to the deactivated email address eventually. The problem with this system, of course, is the myriad email addresses you now have to generate. Should you give a new email address to each of your friends? And what a pain it is to have to go into Mailshell every time you want to subscribe or buy something online.
The barrier is just a bit too high for this Curmudgeon.
An Advanced, Wholly Separate Email System
This idea goes against the very nature of a unified Internet and proposes that a separate email system be set up that limits who can send mail to whom. It puts all sorts of restrictions on email exchange and forces two email servers to authenticate each other while they do their magic email handshake. This idea mimics intranet email systems where all the senders and recipients are known at all times and any senders that are not "members in good standing" just do not get their email processed.
Not a pretty picture, is it?
Systems That Put Email to the Test
Web-based email systems exist that force a "Turing test" on an email message to determine if it was sent by a human or churned out in bulk by a computer. It works like this: When you send an email to me, you automatically get an email response that asks you to respond to a question like "What is 2+2?" or click on a randomly placed spot in an HTML email.
If you do not answer the question or do not click where you're directed to, then your email simply is not delivered to me; the assumption made is that the email you've sent is part of a bulk mailing. One can place known, friendly email addresses on one's "accept" list and thus exempt them from having to pass a Turing test. (But can you imagine how much work you would have to do to create a decent "accept" list?!) When you initiate an email, the assumption is that the response will be automatically accepted, but not if it comes from a different email address. In that case, the Turing test kicks in.
This makes for a fairly unfriendly email system where no one really trusts anyone and the ease of email exchange is lost.
A Simple Solution
So this is my idea. Instead of seeking a technological solution, let's hit spammers where it hurts: in the pocketbook.
This is the way it would work: Every time you send an email, you are charged a very small amount of money for the privilege of sending it. Email is not a constitutional right, but a privilege, isn't it? So why is it free?
The basic question you have to ask yourself is this: Would you pay a bit more for Internet access to radically reduce spam? Your ISP would charge for Internet access plus a tiered cost for the number of emails you send. All email sends would be authenticated with your email account and then recorded. Using email would become analogous to using a cellphone that has a certain amount of minutes of use per month.
If you want to play, you must pay, simple as that.
Do the math: An above-average business user may send 100 emails per day for a total of 3,000 emails per month; at 0.001 cent per email, this would cost $3 per month. The average spammer sends 1,000,000 emails per day; that would cost $1,000.
Would spam deliver a strong return on investment if every time people sent spam they were billed $1,000 for the privilege, on the spot?
by Alex Sirota, Copyright 2001 internet.com Corp.