Our mail servers are clogged with the stuff; system administrators waste vast wodges of their daily time playing a never-ending game of catch-up trying to filter it; our bandwidth is having its life sucked out by it; and worst of all, people like me seem to be writing in ever-increasing volume about this ... this cruft, and the morons who shove it down our throats. :-(
From an email developer's perspective, spam is the worst waste of time and resources there has ever been ... Using myself as an example, I'd estimate that in the last three or four years around 35% of all my development efforts have focused on trying to alleviate the problem posed by spam -- time utterly wasted, because once spam is brought under control, all those efforts will be totally superfluous.
"Brought under control?" I hear you say; "How can spam be brought under control?". In fact, all it requires is a little political backbone -- effective laws and aggressive enforcement in a few key countries would dramatically reduce the amount of spam we have to ingest. After all, once spammers have seen ten or fifteen of the biggest players sent to prison or bankrupted, it's hard to see how they could remain sanguine about sending out their pollution at the same levels.
Of course, I realise that depending on "political backbone" to solve a problem is probably rather naive, and that the issue will have to reach the level of a global crisis before our so-called leaders will act, but technical measures simply aren't working. Despite the extravagant claims made by developers about the efficacy of their anti-spam technologies, the fact remains that some 65% of all mail crossing the internet is now spam, and the ratio gets worse every day. Most current anti-spam technologies simply stop a proportion of the spam from reaching end-user mailboxes -- the server still has to expend considerable amounts of processor time on spam, and network bandwidth is still consumed by it.
What's worse, as the "arms race" between spammers and filterers gets more and more aggressive, false positive rates inevitably have to rise. I'm old-school enough to believe that email is about communication, and the idea of any message being missed because an AI mistakenly thought it was spam is anathema to me.
What really scares me most about spam, though, is that in the long run the technical fallout of the problem risks being far worse than the spam itself. Even as I write this, I know of at least eight different major technical proposals being thrashed out within the IETF and other technical discussion groups -- proposals that, if implemented, will change the way we use email forever. Most of these proposals focus on the so-called weaknesses of the SMTP protocol; in particular, its lack of sender authentication.
Many of these proposals, such as Yahoo's "DomainKeys" initiative, rely on extensive public key cryptography Infrastructure (PKI) to work -- they assume the existence of a global chain of trust, in which it is possible to identify a person reliably and with certainty. The problem is that PKI of this kind does not exist at the moment -- it will have to be created. Unfortunately, creating such a global chain of trust will rapidly become a political hot-cake far more incendiary than anything we've seen with ICANN: who issues certificates? Who gets the money for doing so? Who manages the PKI that handles the authentication? How do you handle disputes and revocation? You can be sure that the US government has its own answers to these questions, and that those answers are likely to bring it into conflict with every other government in the world ... And what of the major corporates? There's money in PKI -- big money -- and you can bet they'll be wanting their piece of it. It's all one big black hole brim-full of creepy-crawlies.
Other proposals doing the rounds at the moment accept a level of "collateral damage" to email functionality as a side-effect of their implementation --SPF, for example, introduces considerable difficulties for mailing lists, mail forwarding services and roaming users in exchange for a level of spam reduction. It's proposals like this that really bother me, because once in place, they will be very difficult to undo, and will endure long after the spam problem has gone.
Twenty years of software development have taught me the difficult and unintuitive lesson that even simple-sounding alterations to well-established protocols can have far-reaching consequences, so I am watching with trepidation as the technical community rushes helter-skelter towards an avalanche of such changes. I only hope that sounder and cooler heads will eventually prevail, and that the most excessive overreactions to the spam crisis can be mitigated or avoided.
Just right now, though, I'm not holding my breath.Harris is a Dunedin-based developer.