NYTimes: Tangled Up in Spam

ezekieldas writes "Congratulations to the SpamAssassin developers and community! There's a mention of SA in the NYTMag as "one of the best tools for network administrators..." in an extensive article entitled Tangled Up in Spam. The article is quite substantial and the author, James Gleick, is more technically educated than what we've come to expect from the big press. Central to the story is the complexity in dealing with spam effectively in both technical and legal terms and the confusion it brings upon the neophyte. The conclusion drawn may be oversimplified but nonetheless pragmatic: 1) forged headers should be illegal 2) a specific header entry should identify the email as unsolicited."

Kudos to SA.

[clueless123]

I been using Spam assassin for a while now, it is sad to say, but email would be almost unusable with out it.

Re:Kudos to SA.

[jesser]

The (obvious) reason for this is that I never use these addresses "in public" (web forms, online buying, etc.), for that I have my spam-collector, the Hotmail account, which do recieve a lot of these messages.

One of the major costs of spam is that people are afraid to make their addresses available, making it much harder to contact people. I think it's sad that many geeks have become so used to spam that they think anyone who posts their e-mail address on a web page is stupid. Some geeks even go as far as to blame friends for spam they get when a friend isn't as careful with the geek's address.

Re:Kudos to SA.

[qengho]

send link to a friend

A couple of months ago I got fed up with the ridiculous amount of spam I was getting at my primary address. I sent a note to the people I give a crap about, telling them that my primary address would henceforth be a new account I had created in my own domain.

I explicitly begged them not to give the new address to "those stupid send this cool page to a friend" sites. Set up filters in my email client to segregate the old address, and so far, so good, although my Mom gave the new address to an e-greeting card site. Fortunately, the site in question doesn't harvest addresses, and I (respectfully but frantically) pointed out to her that e-cards fall into the "stupid" category, and told her how to make up a disposable address for greeting cards, using my domain name.

Having to go to these lengths to to keep my inbox clear of spam makes me homicidal.

Re:Kudos to SA.

[cicho]

The parent is not "insightful" - it's shallow. If you're going to be so protective of your email address, you might as well ditch it altogether.

I work as a freelancer. My website hosts my CV, as do several online databases, where companies go to look for people of my profession. The CV of course includes not one, but several of my email addresses, because, in the long run, this translates directly into payable work.

I write software for fun (not profit). I even do email support, so my email address is again right there in plain html, and displayed by every software archive site I've ever uploaded my stuff to.

But this is the point of having an email address in the first place, isn't it? I could be as protective of it as the parent suggests, except by doing so I would lose much more than I am losing now (in terms of time and net-related costs). But to me, it's not only a matter of give and take: I refuse, on principle, to obfuscate my email address; I refuse to give in to spammers. When people start to hide their email contact information en masse, then spammers have won and email has become usleess.

Re:Illegal?

[meringuoid]

Why does everyone in the USA assume that everyone else in the world will somehow obey US law when it is made "illegal"?

Because the vast majority of spam is sent by Americans, advertising products sold by other Americans and hoping to sell them to still more Americans. The fact that the spam is sent via open relays in Korea or bulletproof accounts in China, and received in Europe or Australia, is neither here nor there. Ralsky, for instance, lives in America, regardless of where the spam is routed; indeed, _his_ location is very well known nowadays ;-)

Re:NO NO NO - for a different reason

[JonTurner]

>>1) forged headers should be illegal 2) a specific header entry should identify the email as unsolicited

Don't we ever learn from the past? We've all seen the unintended consequences of poorly-crafted legislation (e.g. DMCA), so why run to the shelter of more restrictions which, in the end, will only cause us more problems? Like the criminals trying to scam your mom with the Nigerian-hold-my-money-for-a-day scam are going to suddenly begin obeying the law... yeah, right. Which begs another question: what law, in what jurisdiction? Even if the US were to pass this law and ruthlessly enforce it (domestically), all scammers would simple flood us from offshore servers.

The solution is not legislation, it is the creative use of technology. Build software that "learns" what is spam and what isn't, then evolves to keep up with the changing tactics of the spammers. Something like PopFile

Re:Always with the legislation...

[KjetilK]

Spam is a technical problem,

No, it is not. It is a social and economic problem.

1. Spammers do not have the social intelligence to see that what they are doing is destructive.
2. Spammers, at least some of them, are making money.

That's why you can't come up with a technical solution, because it isn't a technical problem.

Making it impossible to forge headers is not going to solve any of the problems above. It will only make it easier to report spam to ISPs, but it will not pressure them more to whack the spammers.

You can take technical measures to shift the cost onto the spammer, but if you do that, you must consider the side-effects.

Frankly, I think laws are the solution. But given clueless legislators, we have to write the law.