This article first appeared in the South China Morning Post, 2004
Recently, friends of mine had a problem, they left their home unlocked and a gang got in. Once inside, they set up a company Post Room and forced my friends' children to work in it, sending out advertising. The gang stole the paper and stamps, too. Worse, other gangs joined them, forcing the children to work harder. My friends noticed their children were acting slow and tired. They thought all the requests for more paper and stamps were unusual, but put it down to a school project. They only realised something was seriously wrong when the children collapsed from complete exhaustion.
OK, the story is not true in the real world, but change "children" to "computer" and "Post Room" to "email server" and it did happen to my friends. When their PC was examined, seven different malicious programs (viruses, Trojans, backdoors) were found, and it was so slow, it was impossible to use. What is more, the same thing is happening on countless computers worldwide and much of today's flood of junk email is sent via these enslaved computers. Obviously, we need to act against such abuse, but what action should be taken?
First, we must understand the problem - we have put up with junk physical mail for years, why has junk email suddenly become such a problem? The key is economics: email can be sent at a tiny fraction of the cost of a letter. Paper, stamps, and printing all have a cost, but a broadband connection costing a few hundred dollars a month can carry millions of messages a day. Therefore, cost is not a limiting factor for spam, so the chance that even one message will have the desired effect is sufficient motivation for the spammers. The recipients are forced to bear the cost of time spent reading and deleting spam.
Technology has created this problem, why can't technology solve the problem? The answer is obvious; the problem is really cheap communications. The desired outcome of using this technology was to make communications cheap, and now that it is cheap, people are complaining. Which communication is desirable, and which is a waste of time is a human decision, not a technological decision.
Technology is a part of the solution: we can secure our computers so that spammers cannot hijack them (how to do this effectively is a much longer series of articles and the subject of much technical debate), we can block messages dependent on their source and we can automate the separation of spam and non-spam. However, the human aspects are more important. First, we need a human definition, what is spam? Without that, we cannot build the technology.
Spam is a brand-name for a canned meat product, but the name featured in a sketch by the British comedy team, "Monty Python's Flying Circus". In the sketch, a customer at a cafeteria is dismayed to find that everything on the menu contains Spam, and they don't like Spam! It does not matter what you want; you get some spam too. This idea of an unwanted addition applies to the junk in our inboxes, so the name stuck.
We can define spam as "everything in my mailbox that I don't want", but we need something that is more generally applicable. Other definitions include Unsolicited Commercial Email (UCE), Unsolicited Bulk Email (UBE) and Unsolicited Bulk Commercial Email (UBCE). Another approach is to define what messages are acceptable:
- Messages should be solicited: either the recipient (or a qualified representative) asked for the message, or the address was advertised as a contact point for the purpose it is being used.
- Messages should be appropriate to the recipient; for example, messages should be in a language that the recipient understands. If the sender does not know what languages the recipient understands, why are they sending them a message? Another example is pornographic messages received by children.
- The true source of the message must be easily identifiable. For email, the From: should work, and must relate to the actual message sender.
- If a message is sent via a mailing list, the recipient must have subscribed to the list. Using a purchased bulk mailing list is not acceptable.
- The recipient has not unsubscribed from the mailing list and has not asked the sender to stop sending messages.
- Messages should not propose any kind of illegal or unethical activities. This will cover invitations to defraud the Nigerian Government, as well as any kind of porn-related message sent to a minor - if the sender does not know the age of the recipient, they should not send age-restricted content (this does partially repeat point (ii), but the issue is important, and does fall within both categories).