The New York Times reports on geek frustration with users who open email attachments indiscriminately.
Many of the million or so people who have so far infected their computers with MyDoom say it is not their fault. The virus often comes in a message that appears to be from someone they know, with an innocuous subject line like "test" or "error." It is human nature, they say, to open the mail and attachments.But computer sophisticates say it reflects a willful ignorance of basic computer skills that goes well beyond virus etiquette. At a time when more than two-thirds of American adults use the Internet, they say, such carelessness is no longer excusable, particularly when it messes things up for everyone else.
There is a saying that you cannot engineer something to be idiot-proof, because they can always build a better idiot.
In a pessimistic assessment, Simson Garfinkel writes,
much of the spam that Hotmail receives comes from China and Japan—in fact, those countries are now the second and third largest senders of spam. The United States is still Number 1, of course, but our Asian cohorts are moving up fast. What’s particularly troubling is that while spam from the United States runs roughly 50/50 with legitimate e-mail, spam from Asia outweighs legitimate e-mail by nearly 10-to-1.
I have said before that if all email were plain text, you would not have a spam problem. The bandwidth costs would be lower, filters would be highly effective, and email could not spread viruses and worms.
If domain spoofing could be eliminated, then a system of domain whitelists and blacklists would work really well (you could shut off those Asian spammers pretty effectively, I bet). A domain can be expected to police its own users. But Yahoo can't shut down the email of someone who sends spam from yahoo.com if the sender is a spoofer.
You can classify most technical solutions to spam as addressing one or both of those issues. And you can classify most legal solutions as addressing neither, which is why the legal solutions are worthless.
Garfinkel concludes,
E-mail and Internet-based communications are powerful tools—and just a few people have figured out ways to turn them against the vast majority of Internet users, at a cost to businesses that is now estimated at over a billion dollars. What will happen when the new powerful tools of biotechnology and nanotechnology become widespread? If we can’t tackle the spam problem, then the future may be quite bleak.
I think that the trend in modern technology is to give smaller and smaller groups the potential to cause more and more harm. In the long run, it is hard to see how you avoid adopting surveillance on a widespread basis. That in turn raises the issue of how to prevent a 1984 scenario, which in turn implies that everyone should read David Brin's The Transparent Society to see how to reconcile freedom with surveillance.
Earthlink blocks HTML postings on its Usenet servers. I wish ISPs should offer to do the same for mail. It would be painful dealing with the webmail and Outlook client users, but frankly, I've never seen an email where HTML was actually required. It'll never happen though.
Optional domain authentication looks promising too. I've been Joe jobbed before, and it's worse than being spammed.
Posted by dragoon on February 6, 2004 05:48 AM | Permalink to Comment
While certainly most email that I get with HTML in it is either someone I don't want to talk to or someone at work (perhaps both ;-), I would say that only a small fraction of the spam I receive contains even pseudo-HTML.
An important point to take away is that filtering at the client is just too damn late. Any filtering to help more than personal annoyance must occur at the server where you can see the FROM of the SMTP envelope (as opposed to the From: header in the message body), the originating IP address, etc. The message can be dropped without ever being stored, the message rate per source can be throttled.
Posted by Matthew Ernest on February 5, 2004 11:42 PM | Permalink to Comment