News
Blogs
Shark Bait
Knowledge Centers
Opinion
Webcasts
Video
Podcasts
IT Careers
White Papers
Computerworld Reports
Zones
Case Study Library
RSS Feeds
Events
Industry
This Week in Print
Print Subscriptions


Ads by TechWords

See your link here


Curt Monash's picture
Curt Monash

More posts | Read bio

June 23, 2005 - 7:08 P.M.

Antispam -- focus on the message, not the messenger!

5 comments

Richi Jennings disagreed with  my criticsms of Microsoft and SenderID.   After some back and forth, he eventually followed up with a substantive post on his own blog making his case.

My basic argument is twofold.   First of all, I believe that blacklists will inevitably include people who shouldn't actually be on them.  This was my primary theme, and so far as I can tell Richi's primary rebuttal is "Don't worry; it isn't really a blacklist; it's rather more of a dark-gray list, and anyhow it won't be implemented for a few more months. "  At least, that's what I think he was arguing.  

Well I'm sorry, but that's pretty weak.  A good antispam system has 50,000+ rules.  To say that there's one rule which is merely a contributing factor like the other 50,000 isn't worthy of an AP story or a press release or an entire Ferris Research implementation report.   Either the lack of SenderID validation is enough to get you pretty effectively blacklisted, or the whole subject is a huge waste of everybody's time.

Second, I believe that antispam filters focusing entirely on the "call to action" can and do get most of the job done with negligible false positives.  Spammers' motives for sending spam are almost always to get money or information out of you..  Thus, they need to provide a place for you to send the money, enter the information, etc. -- or they need to get you to go to website that will download some malicious code.  Whatever the details of their scheme, there's a "call to action" -- most commonly a URL, sometimes an address or phone number.  Antispam systems focusing on the call-to-action have very high levels of accuracy and reliability..

There are of course a couple of kinds of spam without clear filterable calls to action.  One is stock-hyping; purported stock research reports to drive up the price of some security for pump-and-dump schemes.   But those are pretty easy to filter out strictly by their content.   Another kind is purely political spam -- say, an antisemetic rant that does NOT have a URL to click on for further information.   Well, I'm sorry -- but if the only kind of spam that isn't filtered out by an antispam system is the expression of vile political opinions, I think that antispam system is doing a darned good job.

I must confess that my opinions are based mainly on research that's slightly over a year old, and that I am somewhat puzzled by people's insistence in real life on implementing other kinds of antispam rules that produce way too many false positives.  But for now, I'm standing by these opinions, because I haven't seen anything that resembles convincing evidence to the contrary.

EDIT:   Richi (in the post I linked to above) has responded to some of the points above.   I find his whitelist/blacklist/blocklist argument singularly unconvincing, and so by the way do a lot of other people.  Every description I've seen of the plan, including his, suggests that a message whose sender isn't behaving nicely wil be rejected as spam, period -- and hence Microsoft is indeed the sole arbiter of who gets to send email to Hotmail users, or to anybody else who uses the same implementation of the technology.  

I also find his processing-power argument unconvincing -- searching for a call-to-action is simply not that expensive.

His third argument, I guess, carries a little more weight -- if call-to-action blocking were all that great, why wouldn't the antispam vendors be more in love with it?  But I have at least one theory in response:  Brightmail was by far the biggest advocate of this approach, so Brightmail's competitors have for differentiation pushed different approaches.  Only -- Brightmail was acquired by Symantec in the interim, and has made hardly a marketing peep since, leaving a huge void in the antispam dialogue that still remains to be filled.

What People Are Saying

Add new comment

It would be very tough to

Submitted by Curt Monash on July 15, 2005 - 3:36 P.M.

It would be very tough to pin the blame on Pfizer for what resellers of their products are doing with them.

if you can't hold the gun companies liable for what happens at gun shows, you surely will never be able to stick Pfizer with responsibility for what illegal resellers in foreign countries do.

Besides, a lot of those drugs are fake anyway, without any Pfizer* involvement at any point in the process.

*Using Pfizer as just an example here, of course.

Report this comment

We got this all wrong.

Submitted by Marco Rosales on June 27, 2005 - 7:59 A.M.

We got this all wrong. Focusing on the messenger is like going after on the US Post Office for all of the junk mail we get. Our legal efforts should be focused on the manfacturers/vendors of the products being pushed through spam. Let them clean up THEIR mess. The messenger isn't working for free. They are in one way or another being paid by the manufacturers.

If we got compensated for every Viagra spam email we received, Pfizer would have cleaned that mess real quickly.

The Recording Industry went after illegal anonymous downloaders very aggressively and I am sure ever manufacturer will do the same if you hit them where it hurts the most.

Marco -

Report this comment

My comments keep

Submitted by IT Blogwatch on June 26, 2005 - 9:24 A.M.

My comments keep disappearing, so let's try this.

Report this comment

That's not a flame. You'd

Submitted by IT Blogwatch on June 24, 2005 - 4:40 A.M.

That's not a flame. You'd know if you'd been flamed ;-)

More thoughts here. Summary: we're in violent agreement about some things, but I argue that call-to-action filters didn't work out to be a silver bullet, and Hotmail's move shouldn't cause any additional false positives.

richi.
PS, long time since anyone called me a "boy." Having just turned 40, I'm kinda grateful...

Report this comment

If it's an ad hominem

Submitted by Curt Monash on June 24, 2005 - 5:31 A.M.

If it's an ad hominem attack, it's a flame as far as I'm concerned.  But given the freedom we usually get from on high, I have without complaint edited my post as directed.

But I do have one thought to add -- your argument seems to rely on an implicit faith in Microsoft's infallible wisdom and technical perfection.  If I saw them (and the other companies you think will implement the same approach) in the same light you appear to, I might indeed share your views on the desirability of this technology.

For more information about Curt Monash, see his bio.

Report this comment

Related Posts

Facebook and Zynga class-action over Farmville, Mafia Wars, etc.
Spam laws around the world
Google's Go; a new, open-source programming language
Is the Windows 7 adoption surge driven by piracy?

Today's Top Stories

Microsoft confirms IE6, IE7 zero-day bug
iPhone worm steals online bank codes, builds botnet
Report: Apple's 'Black Friday' deals cut Mac prices 8%
PC market crash averted, says Gartner
Intel: Don't look for one device to do it all
Top 5 Chrome OS myths debunked
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.