There are many things concerning the internet that are decidedly not amusing. The internet can be a source of viruses and other forms of malware, which affect computers worldwide. It can provide refuge for the sick and perverted, who use the depths and anonymity of the internet to distribute material that goes beyond any imagination. It can also be a hotbed for other dangerous activities like crime and terrorism. However, I think I speak for many when I say that spam is the one thing that bothers us all on a continuous basis.It was 3 May, 1978. Gary Thuerk, sales rep at the Digital Equipment, corp. (DEC), was hard at work promoting the company’s latest computers, which were installed in open houses in Los Angeles and San Mateo, on the Pacific coast of the United States. Thuerk wanted to promote the computers among the scientists on the ARPAnet, the predecessor of today’s internet, as the new machines in the DECSYSTEM-20 line (the machines in question) and the TOPS-20 operating system had support for ARPAnet built-in. Thuerk, however, did not feel like sending 600 individual email messages to all the people on the ARPAnet, so he had a brainwave: why not send the same message to all of them? At once?
Carl Gartley, engineer at DEC during those times, was burdened with writing the actual message – as well as manually typing in the 600 email addresses. Since the system could only handle 320 recipients, the remainder of the addresses flowed through into the actual message. The message was resent to those addresses. Written in all caps (…) the first spam message read as follows:
DIGITAL WILL BE GIVING A PRODUCT PRESENTATION OF THE NEWEST MEMBERS OF THE DECSYSTEM-20 FAMILY; THE DECSYSTEM-2020, 2020T, 2060, AND 2060T. THE DECSYSTEM-20 FAMILY OF COMPUTERS HAS EVOLVED FROM THE TENEX OPERATING SYSTEM AND THE DECSYSTEM-10 [PDP-10] COMPUTER ARCHITECTURE. BOTH THE DECSYSTEM-2060T AND 2020T OFFER FULL ARPANET SUPPORT UNDER THE TOPS-20 OPERATING SYSTEM. THE DECSYSTEM-2060 IS AN UPWARD EXTENSION OF THE CURRENT DECSYSTEM 2040 AND 2050 FAMILY. THE DECSYSTEM-2020 IS A NEW LOW END MEMBER OF THE DECSYSTEM-20 FAMILY AND FULLY SOFTWARE COMPATIBLE WITH ALL OF THE OTHER DECSYSTEM-20 MODELS.The rest of the message consisted of invitations to come and see the new machines at the open houses, or to contact the nearest DEC office if you were unable to attend.
The response to the message was rather fierce. ARPAnet was supposed to be used for US government related matters only, and this did not really fit in. The most interesting complaint I have read so far, however, came from ‘Jake’, as it really highlights the novelty and exclusiveness of ARPAnet. Jake said that only a few companies have access to ARPAnet – and US companies only, at that – and that as such, allowing them to advertise via ARPAnet would give them an unfair advantage over their competitors. In addition, Jake said that the same was true for job applications sent via ARPAnet.
And thusly, boys and girls, email spam was born. It never died out, the terms of use of the ARPAnet or the internet never stopped it, and it so huge now 100 billion spam messages are sent each day.
You have to thank a DEC sales rep and his brainwave 30 years ago for that one.
http://www.youtube.com/watch?v=anwy2MPT5RE
or maybe just an English breakfast menu.
Congratulations, Spam! Now please die.
Man does time fly. you think that in thirty years we could have come up with a way of neutralizing it.
I guess, with our current level of tech, it impossible without resorting to serious censorship. I know I’d rather run anti spam software than encourage email censorship so i guess it’s a necessary evil at the mo.
Agreed to that one, censorship or paid email is far worse than anti-spam software!
If only there would be a perfect spam filter…
(I’m using bogofilter on my mailserver, it catches most spam, but sometimes something slips through.)
No, I think paid e-mail could be a good thing. Definitely not an e-mail tax where every e-mail costs $0.01, but maybe one where people have to pay for e-mail addresses, or better yet, where hosts have to pay to run e-mail servers.
The spam problem isn’t about the lack of a solution, it’s about a lack of ability to move the entire world away from SMTP. SMTP is essentially anonymous; anyone can be anybody they want. The key is accountability. To fix spam, we need to be able to put an organization to an e-mail address without any question. However, that requires some sort of central registry, and part of the reason that SMTP is so popular in the first place is that it’s open and decentralized.
Edited 2008-05-05 04:17 UTC
it would be quite easy when you can change the email protocol. For example instant messaging is mostly spam free. When it was required to authenticate people before they are allowed to send you email, this could easily eliminate spam.
Really? I don’t use IM that much, but when I do (Yahoo), I get a ton of offline spam messages every time I log on.
I’m curious about something.. how many of you would favor implementing the death penalty for spammers? Seriously.
Seems very appealing, but dont let them off the hook that easily, I say sentence them to a bar, with nothing but undesirable people who want to sell everything, that have to ask ‘just to make sure’ as often as possible. Then you can let them choose between staying there, and the death penalty after a good year
Forgot,, the bar ran out of alchohol…
Edited 2008-05-04 19:56 UTC
you’re not going to solve this problem by the government. the system simply has to be set up on the client side to approve or reject emails from specific people.
Spammer torture = ratings = happy people, and who better to carry out this act than someone with ALOT of experience,, the govt?
It is a good point though, we do have the technology to limit spams effectiveness, but getting anyone to make the jump is a huge hurdle, that many countries will not see for decades to come.
Could this be made into some form of televised entertainment? Revenue from legitimate advertisers would then defray the cost of catching and transporting the spammers. From there, I’m not sure. I could see something like “Let’s Make a Deal” where the spammer selects his own method of execution by choosing between what is behind curtain number 3 (where Carol is standing) or what is behind door number 4. Sometimes it might be a scaffold, other times an electric chair. And perhaps, occasionally, a year’s supply of Rice-a-Roni… one of the 1095 boxes containing rat poison, but they don’t know which one.
Assuming this show got the go ahead, who would be good to host it?
Edited 2008-05-04 23:18 UTC
Better yet:
The government should offer a dead-or-alive reward for known spammers.
Let some people do a good deed and, in the process, put their kids through college on the reward money. The general public would get justice faster without costing millions more in silly court battles, legal fees, appeals, media grandstanding, etc.
Better all around, IMO.
(I’m only half-joking. :p)
Well, more than 90% of today’s mail amount is spam. It’s worth thinking about why this is.
This could be a problem because many users “just” running a PC at home are spammers – or at least provide the required functionalities for spamming so an external attacker can easily occupy their PC and use it for spreading spam (collect mail addresses, scan subnets for mail servers, get private mail address book, send messages etc.). Seriously, users are running “spam servers” and don’t know. Should they get punished? Yes, of course.
Ah yes, and the software manufacturers that make it “too easy” to set-up a PC that can be compromized that fast should be punished, too. I’m not putting the name of such a manufacturer here. 🙂
Spam is never a “thing on its own”, it’s used for marketing (or at least for stupid advertising). So the firms that want to sell their products via spam advertisements should get punished, too. This is because such firms pay criminals to do the spamming, so they’re involved, too.
Regarding dead or alive – alive, please.
As you may know, death penalty (in general) doesn’t scare criminals very much. They tend to think something like: “Oh yeah, I do the big deal, and if they get me, I go asleep without any pain, that’s no problem.” No, make it more scary: Known spammers will have to go to prison for more than 10 years (otherwise they don’t care), but not in Europe, not in the USA – no, they are exported into a foreign country where human rights are a no-go. The “helping hands” I mentioned above would have to be treated the same way, maybe with a prison in their own country or for not so many years.
This will teach them.
No word games, please. Good points, otherwise.
Dead is much cheaper, and if you’re going to spend money, better to spend less of it on people who will resolve the problem much more quickly and easily.
Well, I’m not interested in “teach[ing] them.”
The death penalty doesn’t scare criminals much *nowadays* for several reasons, all of them related to the stupidity of well-intentioned voters:
1) We go out of our way to make it quick and painless.
2) Even then, we don’t really bother to use it much.
3) At which point we give them free room&board, with a/c and cable.
And, naturally, this requires lots of money.
If you’re looking for fear, there’s no need to export them into another country or put them into a jail system where you seem to be accepting inhumane treatment as the norm. Put a 50,000 USD bounty on a large spammer, and think about what will run through that person’s mind when going out to a restaurant or walking into a convenience store.
If you think 50,000 USD is a lot of money for one criminal, I encourage you to do some fact-checking about how much money it takes to put a criminal behind bars and keep him/her there for 10 years.
Personally, I don’t care about making them feel anything. Just set it up so that they keep dying. No need to waste others’ time or money in the legal system. We’ve had dead-or-alive working just fine in our legal system with notorious criminals. Bring in one positively-identifiable corpse, and collect your money. Little more is necessary.
Of course, there’d probably be some human rights group out there demanding full-scale investigations into every death, drumming up charges that the spammers may have been tortured, etc.
That would be why I said I was half-joking. 😉
So it sounds like the consensus so far is that death would be too good for spammers, thus slow torture would be much more appropriate.
That’s my take too – I’ve got the four major services online all the time – and yeah, yahoo is BAD for IM spam… The worst of the services in fact, though AIM and MSN both get their share which is why I have a block/ignore list in Trillian that’s climbing up to over a thousand addresses now.
Hell, the only messenger service I don’t get spam through is ICQ – but how many people actually use that anymore?
I don’t know about other Gmail users, but I rarely get a spam in my inbox anymore. Virtually all of them end up in the spam folder and get deleted in 30 days. About the only “spam” that ends up in there is things I’ve signed up in the past for but have been too lazy to unsubscribe to.
Really their solution is impressive in the it works so great. When a user receives a spam, they can select it and click “Report Spam”. It then adds information pertaining to that particular email to a database. Then if any further emails come in that are similar to the one recorded in the database, they are immediately moved to the spam folder.
Obviously it works or I would be getting slews of spam in my inbox. As it is I might get one per month. And its also very accurate – only rarely does a good email get into the spam folder. And usually thats when I’m signing up for an account with a new site. I promptly report it as valid and it never happens again.
A few years ago, the ISP hosting SomethingAwful managed to get itself blacklisted by SPEWS (Spam Prevention Early Warning System). Rather than taking the sensible step (finding an ISP that *wasn’t* a well-known spamhaus), one of the SA editors decided to post several rants about how horrible SPEWS is, etc.
Predictably, a large number of SomethingAwful users started flooding into NANAE (the news.admin.net-abuse.email newsgroup) – basically with the intention of harassing the SPEWS admins into removing the blacklist.
The result was a bit like watching a schoolyard bully try to beat up a sumo wrestler. Or as one NANAE poster put it:
“Somehow, whinging about being hosted on a spammy network and trashing a newsgroup populated by e-mail admins does not strike me as the best way to regain widespread deliverability of your mail.”
“Spam will be a thing of the past in two years’ time.”
– Bill Gates, BBC News (24 January 2004)
Another gem:
“Understand that this is the last physical format there will ever be.”
– Bill Gates on Blu-ray. interview The Daily Princetonian (14 Oct 2005)
Edited 2008-05-05 00:43 UTC
I once heard an excellent suggestion of putting a particular kind of spam filter in every ISP. These filters were not the usual black and white type that you normally get though.
As a message comes through, it uses heuristics to determine its spam probability rating. Messages that score highly are slowed down, and repeat messages are slowed even further.
All the messages eventually get through, but the slowdown is lethal for spammers who rely on sending millions of emails per minute to get to the 1% of people who actually respond.
Even if you get a false positive, this system works because most people don’t care if their mail takes an extra couple of minutes.
There’s one thing I think Bill Gates (among others) got quite right: the root of spam is the zero-cost of sending an e-mail, (and I would add) combined with the zero-cost, easy and anonymous creation of new e-mail accounts when the previous account gets blocked.
Of the many possible ways to attack the problem at its roots, I propose the following:
1) create an e-mail account certification entity. It would just certify that the e-mail account is backed with some money. To have your e-mail account certified, you have to pay a small amount of money, let’s say 12$, of which, say, 2 dollars are the entity’s gains and the rest is a pledge. The payment method can be fully anonymous electronic cash (such as ukash).
2) When and if enough people have their e-mail accounts certified, users can set their spam filters to only admit e-mail from certified accounts.
3) Spammers will find that sending spam is no longer so cheap, in one of the following ways:
a) The certification entity has a policy of blocking spammer e-mail accounts. The spammer gets his account blocked and has to pay for a new account certification, either to re-activate his account or to certify a new one.
Alternatively:
b) Every time Alice sends an email to Bob, 1$ goes from Alice’s pledge to Bob’s pledge. If Bob marks Alice’s mail as spam, he keeps the dollar. So, if Alice is a spammer, she will run out of pledge money and she will lose certification until she reloads her account.
Method (b) is a bit more complicated but it has the advantage of being less centralized. People don’t have to agree on a definition of spam for the method to work.
What if someone’s computer gets hacked and used as a spam server? Well, this person won’t be legally punished, they will just realise that they have lost their certification, and this will cost them 15$. Then they can buy a better antivirus or change to a more secure operating system.
but Bill Gates gives out lots of free email through microsoft hotmail
I was talking about Gates’ plan for fighting spam:
http://www.cbsnews.com/stories/2004/01/24/tech/main595595.shtml
I had not looked at it closely. Now I see that even my proposal of “sender pays to receiver” was first devised by Gates and others. So I think B.G. was spot on this time, despite some criticism.
http://www.cnn.com/2004/TECH/internet/03/05/spam.charge.ap/
http://www.zdnet.com.au/insight/software/soa/Why-Bill-Gates-anti-sp…
Most of the objections raised have to do with big mailing lists. But the essential aspect, I think, is not so much the pay-per-message model, it’s the money-backed pseudonymous identity. So, a mailing list or a forum could let any member send mail to all the rest for free or for the cost of one message, but once a spammer is banned from a mailing list, creating a new account will cost them money. Social networks with karma-based moderation would also work better when spammers can’t create lots of false identities for free for astroturfing.
So what about citizens of poor countries, who can’t afford a money-backed identity (another criticism)? I guess there are many ways to adress that problem. The first I can think of is that every person gets one e-mail account for free or for a nominal fee, associated with their legal identity. Free e-mail accounts may have a very small daily limit in number of messages, and they may be moderated in mailing lists (at least at first). If the account gets hacked, it gets banned for some time and the owner has to regain the trust of mailing list moderators, after taking measures to remove the malware. Is there a place for spam filters? Yes, they would help moderators manage bigger mailing lists where free accounts are allowed.
I’d gladly pay 125 $ if it could guarantee peace of mind.
Don’t expect me to join in the birthday festivities!
I must be doing something right i don’t receive spam
yeah, I get maybe 1 or 2 spams a month. And my filter catches even them…
I cannot see why clearer and stricter international and national anti-spam laws couldn’t stop most spam. Preventing individual spammers is only one step, also those few networks and countries where most spam originates from should try to do more to prevent the problem.
According to studies by Sophos, Spamhaus and others, a major part of spam originates from these countries: USA (about 1/4 of all the spam), China, Russia, Brazil, Japan, South-Korea and Canada. The three worst networks hosting the most spammers are Verizon, AT&T, and VSNL International.
Is the holy cow of free marketing so sacred to politicians in a few spammer-friendly countries that they rather let people around the world lose countless working hours trying to get rid of the useless spam in their emails?
Perhaps there could be some technical means to prevent spam too (not seeing any easy solutions, however) but we should rather stop spam before it even exists, take the temptations away from spamming, make it more dangerous than profitable. Nowadays, however, it is too easy for some irresponsible criminal-minded people to become spammer millionaires.
And, of course, every idiot who buys any products that spammers try to market is equally guilty for the existence of spam as spammers themselves are. If everyone would just do the wise thing: stop buying from spammers, there would be many times less spam.
When i think of DEC i like to think of all the great things they did, or were tangentially a part of:
OpenVMS
* The Alpha family of Processors
* PDP7 where UNIX was born
* PDP11 which is the machine that UNIX was eventually ported to by use of primordial C.
– VMS lives on and is also the spiritual ancestor of the Windows NT family
– UNIX is as influential as ever if not as pervasive as it once was.
– C is still the systems programming language of choice and is a part of a most CS programs in universities.
– Tons of Alpha IP was licensed to AMD and is largely responsible for it’s power. The DDR bus for example was borrowed wholesale.
These have solidified DEC’s place in my pantheon of computer heroes. As Thom’s article points out it was one of their Marketing drones that invented spam. Too bad it wasn’t a more loathsome company that did it.
It’s also interesting to note that RMS was essentially the same man then that he is today. He pipes up and states his opinion before he even read the message. Gotta love that guy.