Chairman Bill's ‘magic spam cure’ – a revenue opportunity?
Analysis Spam is a modern tragedy of the commons: as few as two hundred spammers pollute inboxes of hundreds of millions of Internet users, and will fairly soon account for half of all email volume. Fixing spam is simple if we permit ourselves to make slight changes to the Internet protocols. These protocols are supposed to be our servants, not our masters, but the technical community refuses to support a consensus to allow the tweaks that could cure not only spam, but worms too.* A simple modification to the SMTP protocol is now supported even by the author of the protocol herself.
"I would suggest they just write a new protocol from the beginning," says Suzanne Sluizer, who points out that the Internet now is very a different place to the trusted community it was in 1981, when SMTP was devised. Unfortunately, fixing the spam problem by other means is wrought with difficulties. As the saying goes, you really wouldn't want to get there from here.
Now Bill Gates in what he characterized as "a magic solution" has vowed to defeat junk email within two years, and has proposed three old ideas to defeat it. That Microsoft feels some public responsibility about what goes on on its computers is refreshing, and should be welcomed. Microsoft has more potential to do good here than any other organization, private or public.
But it's interesting that Chairman Bill's favored solution isn't the one proposed by researchers - the Penny Black model - although it is the one of the three that offers a revenue opportunity.
Gates' three ideas are a challenge response system - which sends an email back to the sender requesting human authentication; a model that requires the spammer's machine to perform a computation that would slow down bulk email dispatches (Penny Black), and charging the sender of email a micropayment. You can guess which one Bill himself favors:
"In the long run, the monetary [method] will be dominant," he predicted.
Steve Linford of the Spamhaus Project, which monitors spam and maintains a watchlist of ISPs who host spammers, made short work of the first two before suggesting a cynical motivation for Bill's preference. You could cynically suggest that if spam disappeared overnight then Steve himself would be looking for a new job. But then it takes one to know one, and it isn't Steve who's asking for your money.
(A caveat: as a consequence of every technical spam countermeasure we've looked at, something will break: building smarter infrastructure will require changes to servers and routers; changing the SMTP protocol will require the clients to be changed. Nothing gets fixed without some eggs being broken.)
The arguments against challenge-response are well known, as it's probably the most debated potential model. Challenge-response effectively sends a spam back to an unknown sender asking them to prove that they're not a spammer.
This poses problems, Linford points out, for ecommerce systems, which require an automated response; and it breaks legitimate subscription lists.
Penny Black doesn't appeal to Linford because spammers "would simply do as they normally do and rotate IPs and domains, offloading the computation to thousands of hijacked computers". It does give the software industry the opportunity to upgrade its software, he adds. And the hardware industry too, of course, which could use it to promote an upgrade cycle.
In fact Intel has already advocated offloading virus scanning onto its multithreaded processors users. Some credence was given to this recently when Intel Chairman Andy Grove appeared to give a key speech in Washington DC entirely using spam keywords (see Intel's Grove blames unitease on TWHRUPBS. (But on further investigation, it turned out to be a very buggy transcript - the fixed version you can find linked to from here Modern microprocessors have lots of capacity for this; but once again it's a cure that will hurt legitimate bulk email senders.
Finally, onto Gates' preferred solution: pay-to-send. On the face of it, hundreds of millions of people already to pay to send messages, via the most popular messaging infrastructure system in the world, SMS. Which is also the most expensive per byte, and you don't hear too many complaints about that. Why not pay for email, too?
Spamhaus' Linford points out that since spammers already use hijacked domains, it would simply hijack pre-pay bundles, too. True, but it would have to work a lot harder to do so, and the 10,000 email bundle that he suggests a typical user would buy wouldn't account for very many spams.
However Reg friend Karsten Self, who has been doing some interesting research on junk email which we'll share with you tomorrow, agrees that Microsoft sees a revenue opportunity. "Micropayments don't scale - and Bill Gates knows this. He doesn't sell to individuals. He sells to box vendors such as Dell, IBM, and HP and to large corporate accounts. Everything else is more trouble than it's worth."
Clearly there's no indication of Microsoft softening the market to accept an antispam tax - either to ISPs or OEMs. But that's nothing to be complacent about, because the market doesn't need softening up; we suggest that it's willing to pay to see a problem go away, and right now spam is a pretty major problem. Despite a dazzling quarter, Microsoft can't be assured of future growth on such a scale and the Chairman would be remiss not to consider creative revenue opportunities. ®
[*] For example, by turning on that firewall that already comes with Windows XP, the 'SCObig'would have had to work a lot harder to find an open port.
We'll kill spam in two years - Gates
Microsoft aims to 'shift the tide' in war on spam
Microsoft declares war on spam
Microsoft takes 15 spammers to court
Why spammers lurve the 'Microsoft support' worm
Web giants to declare war on spam
The conspiracy against our in-boxes
Trust me, I'm a spam message!
US anti-spam laws 'will legalise spam'
UK Govt fouls up anti-spam plans, say experts
MP unleashes brilliant anti-spam plan
We hate Spam (email your friends)
Sponsored: Becoming a Pragmatic Security Leader