In this week’s First Monday, there is Yet Another Spam Solution. Many people feel the urge to create a solution to spam, yet few seem to sit back and consider the human, social and economic context to spam. This proposal will end up on the scrap-heap, along with all the other technology fixes centered on blacklists, authenticated DNS and mail servers, and signatures.
Spam is a problem because of the absence of brand equity, and spam can be treated by the introduction of branding to email delivery. Telcos and ISPs are the natural suppliers of such branding.
At heart, spam is a form of marketing. People with no brand equity (and hence no reputation to lose) send you marketing messages. They hope to have you purchase their product, one which you may not ever search for or discover through other means. (If people were reliably finding and buying the product through other means, there would be no need to send spam.) Many, if not most, of the products on offer are fraudulent to some degree, so no brand equity will ever be built from the product sale. Because of this, they self-exclude themselves from most product discovery mechanisms (Google, Epinions, reviews, forums, etc.) because there will be few recommendations and the raison d’etre of those discovery processes is to find goods and services with brand equity.
In the real world, there is a large demand for a bigger penis, elimination of personal debt and images of naked women. But most anti-spam approaches seem to treat spam like acid rain: an unwanted pollution spread randomly over the landscape with no relevance or benefit to the recipient. The problem isn’t that the messages are irrelevant to their broad audiences, but rather than there is not yet a means of filtering against brand value that socially scales. Messages aren’t spam because of the words they contain, but because of the lack of trust and reputation they embody.
Spam cannot be eliminated at source without the cost of preventing unsolicited and anonymous communication. Therefore, it needs to be intercepted on reception. Users clearly need to delegate the decision: the delete key is not acceptable as the filter. Each user may have different preferences as to which brands they accept. Inference engines may be used to impute additional brand acceptance without user prompting.
Therefore each email message, to be filtered by a delegated authority such as an ISP, needs to have an associated and verifiable brand identity. This could be done through a digital signature, but that of the brand owner, not the sender. Individuals, in degenerate cases, can decide to become their own brand, at the risk of having nobody to talk to without a 3rd channel through which to express their brand (e.g. a weblog with a link inviting people to add the brand to their acceptable recipients list). I am willing to receive unsolicited emails from people who are willing to put up some collateral to a third party brand owner, where that collateral is at risk to the brand owner should the brand become tainted by a spam event.
For example, Microsoft may offer paying subscribers to Hotmail access to a Microsoft Hotmail branded email. The user’s emails will all be signed by Microsoft. Should a user send spam, and the complaint is upheld by Microsoft, then Microsoft will terminate their Hotmail brand access (which is independent of the Hotmail email address). A cost of even a few dollars for brand access is enough to make traditional mass spamming though opening multiple email accounts uneconomic. Microsoft will be incentivized to avoid unnecessary disconnections because new subscribers will not wish to join such a service.
Since people don’t want to spend their time managing brand acceptance, the market is likely to boil down to a modest number of brand issuers with powerful reputations they need to protect. Users can easily switch to another brand issuer, should one ‘turn bad’. This is much like the root certificates that come embedded in any modern browser.
False positives and negatives are tautologically eliminated, because the system does exactly what the user requested: deliver mail only from people I trust. We have just expressed the trust relationship indirectly (via a brand) rather than directly (an email address).
The transition to such a system is immediate and painless: ISPs with identified, paying customers, just need to sign outgoing email with their own brand. If someone’s PC is compromised and used as a spam relay, then they will suffer a consequence. Yes, it means you have to take full responsibility for your own digital identity. Buy leaky software, pay the price of having to buy new Internet email brand access.
Branding companies could work in many ways. Some “industrial strength” brands might only accept new members via referral. Others may just offer a weak guarantee that a minimum charge has been made for the brand and a cap has been set of the amount of times the signature will be applied. The market will decide what shape and form is needed to satisfy the myriad preferences of individual consumers.
Users may choose to apply filters to unbranded email they receive, with those items of exceptional quality passing through. That would be the option of the user and their ISP.
Regulatory fixes, as correctly noted in the First Monday article, demand a definition of spam. This is troublesome either in terms of drawing the definition too loose (allowing in unwanted messages), or too tight, infringing free speech. Furthermore, the one-size-fits-all approach doesn’t fit with the distributed end-to-end nature of the Internet. The decision whether to accept or reject a message must be made at the end points of the network, not the center of the Washington beltway.
Posted by Martin Geddes at 10:45 PMTrackBack URL for this entry:
http://www.telepocalypse.net/cgi-sys/cgiwrap/mgeddes/MT/mt-tb.cgi/5.
Read this interesting piece of news , thought you might like to read it.
How to beat spammers at their own game
http://www.newscientist.com/article.ns?id=dn7717&feedId=online-news_rss20
Posted by: at August 18, 2005 07:17 PM