Spam, spam, spam and solutions

02/12/2002

Not that long ago it was unusual to receive a lot of spam. Spammers have come a long way since Canter and Siegel[1], unfortunately, using ever more inventive ways of harvesting email addresses and using more and more hardware to send email.

Take the case of Alan Ralsky[2]. Some numbers: he claims to have the hardware to send one billion emails a day. He’s got a list of 250 million email addresses and a response rate of 0.25%. Those numbers are all quite plausible, by the way. You do the maths, its easy to see the attraction. While people actually receive and respond to spam, it’s a lucrative business.

When you only receive a few spams a day, they don’t seem too bad – but that can quickly become an avalanche if your address can be found on the web. I receive around 20 spams per day, and that isn’t a huge amount comparatively. Some people I know receive hundreds per day.

Spam is clearly a problem. What I find more concerning is that some of the measures used to combat spam are worse than the problem itself.

Blacklists for example. A blacklist is simply a list of mailservers that are alleged to be involved, in some way, with spamming. A lot of organisations use these lists to determine who to accept email from. If you are on the blacklist, your email is either rejected or silently deleted.

Obviously the quality of the blacklist in this situation is critical – if you refuse email from your customers, or suppliers, they aren’t going to be very happy.

Unfortunately, the quality of blacklists is often very poor. Some of them include huge swathes of the internet – for example, some blacklist all ADSL IP addresses, preventing companies on ADSL lines from sending email directly. If they send email via their ISP’s mailserver it will probably get through – but ISP mailservers are often slow and unreliable. Some government agencies are reported to be using blacklists as well now, raising the possibility of disenfranchisement for some.(segue)