Controlling Spam: Ready, Fire, Aim
By Dave Crocker
June 20, 2003
I am starting to suspect that our impatience to take some action against spam will turn out to be the most serious barrier to taking useful action against it. Rather than trying to gain control of spam by attacking it at its social and technical core, we seem to want to let the spammers define our response and, thereby, let them change the entire nature of e-mail.Since some spammers send mail with a fraudulent “From:” field, there are anti-spam warriors who say we must prevent anyone from sending anonymous mail, no matter how much that is a critical part of the repertoire of human interaction. If spammers show up uninvited, then let’s eliminate all mail that does not have prior permission, no matter how much such mail is a critical part of commerce and serendipity. If spammers use HTML content, then we must ban all HTML in e-mail, no matter how much the content is enhanced over the Draconian (and ethnocentric) brutality of 7-bit ASCII. If spammers send mail about Viagra or pornography, then we must ban all mail that mentions these things, no matter the impact on free speech.
In the process of making email safe from spammers, we are in danger of making email content-free.
Perhaps we should slow down a bit, and try to understand the problem, before we act so hastily.
No one requires that postal mail be signed or have a return address. No one requires that telephone calls identify the caller by name-and there is nothing that guarantees that a disclosed telephone number tells you anything about the identity of a caller.
If we make sure that an e-mail sending host is properly identified, what do we actually know about the sender of the content? Not much. Yet host identification is at the core of a number of popular proposals.
If we make sure that the author of each e-mail is properly identified, what do we actually know about the propriety of that content? Not much. Yet this, too, is a commonly suggested solution.
In order to attack social misbehavior, we need to be clear about the things that make the behavior unacceptable. Just because that behavior is accompanied by some obvious traits does not make those traits relevant to controlling the problem. We could make every e-mail host identify itself, and we would still have masses of spam. We could require that message content be signed, and we would still have masses of spam.
These rash steps will not stop spam, but they will reduce or eliminate e-mail’s usefulness.
If you live in a house in a small, friendly town, you probably do not lock your doors. As the town grows and becomes more diverse, your model of home security changes quite a bit. Eventually you need state-of-the-art locks on the doors and grates on the windows, with an alarm system that is set off if anyone thinks too loudly.
This is not a pleasant reality, but it is one we understand. However, we should note that no one says that the only way to live safely is to tear the house down and replace it with a stone fort. We adapt the house to suit the real security needs of the changed environment. And we try very, very hard to make as few changes as possible. We take this minimalist approach because we understand just how onerous grates on windows, alarm systems, and the like, are on the quality of our daily life.
Let’s try to be equally judicious when attacking the problem of spam.
Remember that firing without aiming is a good way to shoot yourself in the foot… if you are lucky.