In this week’s First Monday, there is Yet Another Spam Solution. Many people feel the urge to create a solution to spam, yet few seem to sit back and consider the human, social and economic context to spam. This proposal will end up on the scrap-heap, along with all the other technology fixes centered on blacklists, authenticated DNS and mail servers, and signatures.
Spam is a problem because of the absence of brand equity, and spam can be treated by the introduction of branding to email delivery. Telcos and ISPs are the natural suppliers of such branding.
At heart, spam is a form of marketing. People with no brand equity (and hence no reputation to lose) send you marketing messages. They hope to have you purchase their product, one which you may not ever search for or discover through other means. (If people were reliably finding and buying the product through other means, there would be no need to send spam.) Many, if not most, of the products on offer are fraudulent to some degree, so no brand equity will ever be built from the product sale. Because of this, they self-exclude themselves from most product discovery mechanisms (Google, Epinions, reviews, forums, etc.) because there will be few recommendations and the raison d’etre of those discovery processes is to find goods and services with brand equity.
In the real world, there is a large demand for a bigger penis, elimination of personal debt and images of naked women. But most anti-spam approaches seem to treat spam like acid rain: an unwanted pollution spread randomly over the landscape with no relevance or benefit to the recipient. The problem isn’t that the messages are irrelevant to their broad audiences, but rather than there is not yet a means of filtering against brand value that socially scales. Messages aren’t spam because of the words they contain, but because of the lack of trust and reputation they embody.
Spam cannot be eliminated at source without the cost of preventing unsolicited and anonymous communication. Therefore, it needs to be intercepted on reception. Users clearly need to delegate the decision: the delete key is not acceptable as the filter. Each user may have different preferences as to which brands they accept. Inference engines may be used to impute additional brand acceptance without user prompting.
Therefore each email message, to be filtered by a delegated authority such as an ISP, needs to have an associated and verifiable brand identity. This could be done through a digital signature, but that of the brand owner, not the sender. Individuals, in degenerate cases, can decide to become their own brand, at the risk of having nobody to talk to without a 3rd channel through which to express their brand (e.g. a weblog with a link inviting people to add the brand to their acceptable recipients list). I am willing to receive unsolicited emails from people who are willing to put up some collateral to a third party brand owner, where that collateral is at risk to the brand owner should the brand become tainted by a spam event.
For example, Microsoft may offer paying subscribers to Hotmail access to a Microsoft Hotmail branded email. The user’s emails will all be signed by Microsoft. Should a user send spam, and the complaint is upheld by Microsoft, then Microsoft will terminate their Hotmail brand access (which is independent of the Hotmail email address). A cost of even a few dollars for brand access is enough to make traditional mass spamming though opening multiple email accounts uneconomic. Microsoft will be incentivized to avoid unnecessary disconnections because new subscribers will not wish to join such a service.
Since people don’t want to spend their time managing brand acceptance, the market is likely to boil down to a modest number of brand issuers with powerful reputations they need to protect. Users can easily switch to another brand issuer, should one ‘turn bad’. This is much like the root certificates that come embedded in any modern browser.
False positives and negatives are tautologically eliminated, because the system does exactly what the user requested: deliver mail only from people I trust. We have just expressed the trust relationship indirectly (via a brand) rather than directly (an email address).
The transition to such a system is immediate and painless: ISPs with identified, paying customers, just need to sign outgoing email with their own brand. If someone’s PC is compromised and used as a spam relay, then they will suffer a consequence. Yes, it means you have to take full responsibility for your own digital identity. Buy leaky software, pay the price of having to buy new Internet email brand access.
Branding companies could work in many ways. Some “industrial strength” brands might only accept new members via referral. Others may just offer a weak guarantee that a minimum charge has been made for the brand and a cap has been set of the amount of times the signature will be applied. The market will decide what shape and form is needed to satisfy the myriad preferences of individual consumers.
Users may choose to apply filters to unbranded email they receive, with those items of exceptional quality passing through. That would be the option of the user and their ISP.
Regulatory fixes, as correctly noted in the First Monday article, demand a definition of spam. This is troublesome either in terms of drawing the definition too loose (allowing in unwanted messages), or too tight, infringing free speech. Furthermore, the one-size-fits-all approach doesn’t fit with the distributed end-to-end nature of the Internet. The decision whether to accept or reject a message must be made at the end points of the network, not the center of the Washington beltway.
Over at The Register that have an article on Verizon’s CDMA 1xEV-DO rollout. The Reg, given its history of sharp talons, should have done a better job on this one. EV-DO still has the same ultra-narrowband uplink as regular CDMA 1xRTT. The latency is truly awful making a whole swathe of real-time apps unusable. The quoted downlink speed is peak burst, near the cell tower. Lord help you if the system is under load and you’re near the edge of the cell (like most of the area covered by a cell tower is).
Ultimately, no customers were consulted in producing the 3G specs, and they are the opposite of what an end-to-end network would seek to provide: reliable, predictable, low latency, symmetric bandwidth.
I was taking a quick browse of the terms and conditions at the bottom of the Vodafone UK home page. Apart from some truly outrageous and unenforceable conditions that try to prevent you from quoting from or linking to their site, they have the following gems:
15. Profligate use
15.1. Profligate use of the Vodafone Network is prohibited. Vodafone considers that any applications which transmit live video, live audio or make similar traffic demands across the Vodafone Network by whatever means, unless provided by Vodafone, constitutes making profligate use of the Vodafone Network. Use of IP Multicast, other than by means provided and co-ordinated by Vodafone is also prohibited.
15.2. Notwithstanding Clause 15.1 above, you may transmit and receive live audio provided that the software used in respect of such transmission or receipt is H.323 compliant and utilises a CODEC with a bit rate no greater than that used by the default G.723 CODEC (6.3kbps).
So if you’ve bought yourself a kosher 3G or GPRS device, and fancy doing some SIP telephony with a good codec, you’re out of luck. Even if you’re paying per packet. So Vodafone’s need to feel in control of their network destroys the potential value it has for their own customers.
A quick comparison with Orange shows that Orange are much less tight-assed, and merely repeat a lot of rights they have anyway under copyright law.
Welcome to Telepocalypse! We aim to provide an insider’s view of the fallout in the telecom industry from the “end-to-end” model of the Internet. What will happen to the incumbent telcos? What new business models will arise? Who are the winners and losers? Read on…