A two-prong cure for the spam plague

It is gratifying to see that publicly expressed opinion, including that of several correspondents in Computerworld, has created greater awareness of the negative impact of spam.

It is gratifying to see that publicly expressed opinion, including that of several correspondents in Computerworld, has created greater awareness of the negative impact of spam.

The Government has given us at least a considered view and a suggestion of possible action, the privacy commissioner has written a stiff letter to Minister Paul Swain and InternetNZ has taken up the cause.

Even mainstream media raised their heads from repeated contemplation of internet porn to consider the activity of Shane Atkinson and his fellow spammers.

A while ago I compared the spam problem with the illegal porn problem (both hard to define; both come mostly from overseas) but I didn’t "follow through". Thinking about counter-measures, it occurs to me that we could experiment with a similar approach to spam as we have to porn: discourage the originators by prosecuting the consumers.

I don’t, of course, mean arresting every unfortunate who receives spam, merely the proverbial 15 misguided users in 1000 who respond to it. Like porn chasing, it lets us approach the problem from a manageable domestic perspective but may in the long-term affect the international trade.

Spammers, after all, don’t just make material generally available, as porn peddlers do. They direct it to specific recipients. If a few well publicised prosecutions deter New Zealanders from responding to spam, the spammers could eventually twig to the lack of response from this part of the world, realise they’re wasting their time and excise all .nz addresses from their mailing lists.

How do we identify those who reply to spam? Our major ISPs have set up filters to identify the spam arriving here so what’s to stop them reading the headings on the mail going out from their own subscribers?

Yes, my privacy corns are as sensitive as any others’ (in fact more than most). But I’m willing to pay the price of having my outgoing headings and To: addresses scanned mechanically, in the hope of mitigating the plague.

Alternatively, we could again take a leaf out of the porn chasers’ book and find out who’s replying to spam by encouraging them to do it. Internal Affairs officials routinely make spurious offers of a trade in illegal material to see whether an offender will send them any; they can then serve a search warrant and find other illegal material on the offender’s system.

So: the DIA should send out a small proportion of spam of its own, and "shop" anyone replying.

I see the penalty for spam-perpetuation being minor. A small fine, perhaps, or exclusion from your ISP for a day or two; mitigated if you agree to take a course on “defensive internet driving”.

A second “social engineering” approach to the problem came to mind while reading Howard Rheingold’s Smart Mobs (see page 16). One of the ways an online community perpetuates good behaviour, Rheingold says, is through knowing confidently who everyone is, so those who indulge in undesirable activity can be warned, disciplined, or simply excluded.

This is another scary one for the privacy-sensitives, but let’s face it, secure identity of a PKI type would tackle a lot of problems: e-government transactions and internet safety for children, among others.

An identifier doesn't have to be compulsory: if you want to be anonymous in a particular communication, don’t use your signature – but be prepared for people not to trust you.

It would solve at a stroke the supposed problem of telling “legitimate” marketers from spammers. If you think what you’re doing is respectable, put your name to it. If you peddle junk or don’t honour unsubscribe requests, we'll know where you live.

Of course, some pesky foreigners might not play ball. But social engineering and a “voluntary code” should fix that. If you do business in New Zealand, you’re supposed to adhere to our laws. By the same token if you want to send an email to a New Zealander, you get a free “kiwidentifier” ™, linked to a real address. Once again, it’s voluntary, but becomes the custom, part of New Zealand culture. If you don’t do it, expect to get about as much response as if you’d sent an unsigned letter.

Give it a few years and we should safely be able to regard anything unsigned as spam. That will simplify filtering no end.

Let’s do it and make New Zealand the world’s first spam-free zone.

Bell is a Wellington-based reporter for Computerworld. Send letters for publication in Computerworld to Computerworld Letters.

Join the newsletter!

Error: Please check your email address.

Tags spamSecurity ID

More about Smart

Show Comments
[]