The REAL Solution To Spam (and all the world's problems)

This morning, I received the same stuff in my Inbox that I have every morning...jokes from friends and relatives, relevant information security e-newsletters that I subscribe to, info from companies I deal with....and of course, some spam.

The tech world is always talking about ways to stop spam forever. Many antispam folks are as passionate and outspoken about it as pro-life activists or Mac users are about their respective causes. Vendors have come up with numerous "band-aids" to try to stop spam, or at least slow down the flow; they provide software that watches your inbox, software that watches mail as it goes in and comes out, software that checks name records to verify mail, software to help you track down the originator of a piece of spam, software to block traffic from mail servers that are known to send spam.

The Big Vendors and the Internet Engineering Task Force (IETF, the folks who have created all the standards upon which the Internet is built) are working on enhanced protocols that will check every piece of mail and verify that it is coming from who it says it is coming from, as spoofed mail addresses is one of the main ways spam gets around. Many of these schemes are very good and could work very well at helping to decrease the amount of spam we receive, but there will still be spam that gets through. Scam spam is a prime example of this. You know the one: "Hello, I'm so-and-so from such-and-such firm in (insert African country here). I'm representing so-and-so who was an engineer for such-and-such oil company..." These messages try to lure you in to sending money somewhere in the hope of a much larger return. This is an early form of phishing, and unfortunately, all the new schemes won't stop these messages.

Now, pay close attention to what I'm about to say. Remember the rule: "The virtual world imitates the real world." Once again, humans are relying on technology to solve their problems, rather than attacking the heart of the problem itself. Ask yourself: why do we really still get spam? It isn't because we have yet to come up with some special technology that will end spam forever. You're still dealing with a person on one end sending the spam, and a person on the other end receiving it; the technology is the least of your concerns. The real reason we still get piles and piles of spam is, there are people out there who still open them and still buy stuff from them. It's that simple. Spam of every kind, be it legitimate spam from vendors and organizations that you subscribe to; or the kind you get asking you to buy sexual enhancement drugs, herbs, and porn; or the scam spam that ultimately leads to the draining of your bank account, is like a self-fulfilling prophecy. Spammers send that garbage out, knowing there are users out there dumb enough to respond. This, in turn, encourages them to send more spam.

So what's the answer? How can we really stop spam? The first step in stopping spam forever is to acknowledge that spam is NOT a technological problem, and CANNOT be solved by technological means. You're still dealing with people on each end. Whatever tech stuff you put in place, the senders will find a way around it. (See my "Why I Love Working In Information Security" post for more on that subject.) You can't stop them. Neither technology nor laws nor the collective efforts of the legitimate Internet community have had much effect so far.

So let's focus on the other end, the receiver. Here's the second step in stopping spam forever. If we can help people understand that they themselves are the cause of spam, because they actually make it work and thus enable its continued existence, we're well on our way. Like so many problems in information security, education of the user base is one of the best ways to attack this issue. That being said, here's what you do the next time you get a piece of spam. DELETE IT IMMEDIATELY. Don't open it (if you can avoid it). DEFINITELY DO NOT CLICK THROUGH AND BUY ANYTHING FROM IT, NO MATTER HOW MUCH YOU WANT TO. To paraphrase Smokey the Bear, "Only YOU can prevent the rampant spread of spam."

Thanks for reading along today.