An overview of cryptographic protocols to prevent spam

Perry E. Metzger perry at piermont.com
Mon Sep 26 10:28:11 EDT 2005


One more comment note on spam...

"Perry E. Metzger" <perry at piermont.com> writes:
> I'm afraid that I use blacklists. My servers get about 30,000 spams
> and virii directed at me (that is me, Perry Metzger, personally) every
> night that are blocked by blacklists. I would be unable to write you
> this email if I didn't use blacklists, because I'd have no working
> email at all. (To be fair, the onslaught has diminished recently --
> I'm now down to perhaps 20k a night. There is no functional
> difference.)

My mother in law recently got rid of the email address she had been
using for many years. Why? She was getting so much spam that the
address was effectively useless. To find the one real message she had
to wade through a metric ton of porn, medical fraud, bank fraud and
ads for fake rolexes. Her anti-spam facilities in her mail reader were
pretty good but kept putting real messages into the spam folder, so
after a while it became obvious that they weren't helping since she
had to parse all the spam by hand anyway. In short, she was forced to
surrender. She abandoned the account.

She's not the only person I know who's done things like this. Spam is
not a "harmless annoyance" any more than insect bites are once you
start getting enough. It threatens the ability to actually use email
for communication.

In a normal society, by now people would have email directories online
where you could look up the email addresses of friends and loved
ones. Why don't we have those? Spammers. People actually go through a
whole lot of trouble NOT to have their email online. They do things
like turning their email addresses into images on their web sites so
automated harvesters can't read them. They post from "throwaway
accounts" assuring that no one who wants to reply will ever be able to
do so. They bend over backwards trying to avoid the spammers.

ISPs have to spend vast amounts of money one extra bandwidth to carry
this garbage -- it costs real money. Companies have large staffs of
people who work full time to ameliorate (not eliminate) their spam
problems. It costs them real money. People like my mother in law
abandon email addresses (and make it impossible for old friends to
find them) because they're scared that if too many people know their
email address it will become flooded with garbage. By the way, the
criminals now do stuff like using spyware to steal people's addresses
so it is literally the case that you have to worry that too many
people know your address.

This is not a normal situation any longer. Spam has distorted people's
behavior beyond all recognition. You can pretend that hasn't happened
and that really all that is needed is heavier use of the "d" key or
perhaps slightly better Bayesian filters, but in fact that's not the
situation any more. We're beyond that. You can argue that we're
wrecking the internet to save it, but what is, realistically, the
alternative? If you say "just ignore the spam" then I'll have to
politely ignore *you* -- I cannot try to find the 50 real messages
inside of the 30,000 garbage ones addressed to me without the evil
blacklists, and you wouldn't be able to either.

We either make the internet somewhat less of what it was so that we
can continue using it at all, or we keep it "pure" and cease to use it
altogether. Given the choice, I'll compromise on purity.

Perry

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list