Chairman Bill's ‘magic spam cure’ – a revenue opportunity?

  • alert
  • submit to reddit

The Power of One eBook: Top reasons to choose HP BladeSystem

Analysis Spam is a modern tragedy of the commons: as few as two hundred spammers pollute inboxes of hundreds of millions of Internet users, and will fairly soon account for half of all email volume. Fixing spam is simple if we permit ourselves to make slight changes to the Internet protocols. These protocols are supposed to be our servants, not our masters, but the technical community refuses to support a consensus to allow the tweaks that could cure not only spam, but worms too.* A simple modification to the SMTP protocol is now supported even by the author of the protocol herself.

"I would suggest they just write a new protocol from the beginning," says Suzanne Sluizer, who points out that the Internet now is very a different place to the trusted community it was in 1981, when SMTP was devised. Unfortunately, fixing the spam problem by other means is wrought with difficulties. As the saying goes, you really wouldn't want to get there from here.

Now Bill Gates in what he characterized as "a magic solution" has vowed to defeat junk email within two years, and has proposed three old ideas to defeat it. That Microsoft feels some public responsibility about what goes on on its computers is refreshing, and should be welcomed. Microsoft has more potential to do good here than any other organization, private or public.

But it's interesting that Chairman Bill's favored solution isn't the one proposed by researchers - the Penny Black model - although it is the one of the three that offers a revenue opportunity.

Gates' three ideas are a challenge response system - which sends an email back to the sender requesting human authentication; a model that requires the spammer's machine to perform a computation that would slow down bulk email dispatches (Penny Black), and charging the sender of email a micropayment. You can guess which one Bill himself favors:

"In the long run, the monetary [method] will be dominant," he predicted.

Steve Linford of the Spamhaus Project, which monitors spam and maintains a watchlist of ISPs who host spammers, made short work of the first two before suggesting a cynical motivation for Bill's preference. You could cynically suggest that if spam disappeared overnight then Steve himself would be looking for a new job. But then it takes one to know one, and it isn't Steve who's asking for your money.

(A caveat: as a consequence of every technical spam countermeasure we've looked at, something will break: building smarter infrastructure will require changes to servers and routers; changing the SMTP protocol will require the clients to be changed. Nothing gets fixed without some eggs being broken.)

The arguments against challenge-response are well known, as it's probably the most debated potential model. Challenge-response effectively sends a spam back to an unknown sender asking them to prove that they're not a spammer.

This poses problems, Linford points out, for ecommerce systems, which require an automated response; and it breaks legitimate subscription lists.

Penny Black doesn't appeal to Linford because spammers "would simply do as they normally do and rotate IPs and domains, offloading the computation to thousands of hijacked computers". It does give the software industry the opportunity to upgrade its software, he adds. And the hardware industry too, of course, which could use it to promote an upgrade cycle.

In fact Intel has already advocated offloading virus scanning onto its multithreaded processors users. Some credence was given to this recently when Intel Chairman Andy Grove appeared to give a key speech in Washington DC entirely using spam keywords (see Intel's Grove blames unitease on TWHRUPBS. (But on further investigation, it turned out to be a very buggy transcript - the fixed version you can find linked to from here Modern microprocessors have lots of capacity for this; but once again it's a cure that will hurt legitimate bulk email senders.

Finally, onto Gates' preferred solution: pay-to-send. On the face of it, hundreds of millions of people already to pay to send messages, via the most popular messaging infrastructure system in the world, SMS. Which is also the most expensive per byte, and you don't hear too many complaints about that. Why not pay for email, too?

Spamhaus' Linford points out that since spammers already use hijacked domains, it would simply hijack pre-pay bundles, too. True, but it would have to work a lot harder to do so, and the 10,000 email bundle that he suggests a typical user would buy wouldn't account for very many spams.

However Reg friend Karsten Self, who has been doing some interesting research on junk email which we'll share with you tomorrow, agrees that Microsoft sees a revenue opportunity. "Micropayments don't scale - and Bill Gates knows this. He doesn't sell to individuals. He sells to box vendors such as Dell, IBM, and HP and to large corporate accounts. Everything else is more trouble than it's worth."

Clearly there's no indication of Microsoft softening the market to accept an antispam tax - either to ISPs or OEMs. But that's nothing to be complacent about, because the market doesn't need softening up; we suggest that it's willing to pay to see a problem go away, and right now spam is a pretty major problem. Despite a dazzling quarter, Microsoft can't be assured of future growth on such a scale and the Chairman would be remiss not to consider creative revenue opportunities. ®

[*] For example, by turning on that firewall that already comes with Windows XP, the 'SCObig'would have had to work a lot harder to find an open port.

Related Stories

We'll kill spam in two years - Gates
Microsoft aims to 'shift the tide' in war on spam
Microsoft declares war on spam
Microsoft takes 15 spammers to court
Why spammers lurve the 'Microsoft support' worm
Web giants to declare war on spam
The conspiracy against our in-boxes
Trust me, I'm a spam message!
US anti-spam laws 'will legalise spam'
UK Govt fouls up anti-spam plans, say experts
MP unleashes brilliant anti-spam plan
We hate Spam (email your friends)

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story


Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.