Thursday, July 08, 2004


I hate spam.

Big surprise huh? I’m responsible for the IT functions of my workplace and being a bit of a small shop that means I do most of the work too. For the last year my spam filtering was deleting about 27% of all our incoming mail as spam. For a number of reasons I wasn’t able to just use a public blacklist but I had to create a custom filter list to delete spam.

This was getting out of control, I was spending more than an hour each morning going through my mailbox and adding the offending messages that slipped through my filters to the new filter list. The amount of spam I was receiving was increasing daily and so were the number of complaints from others. I heard that the average worker complains to their IT department about spam at least once a year. I was getting way more than tat.

Finally, it became to much for me to tolerate and I added a heuristic filter to my spam engine. Can I just say wow! What kept me so long? Currently we are deleting more than 50% of all our incoming mail as spam. My personal inbox has dropped from averaging around 200 messages each morning to around 40. A much higher percentage of my time is spent being useful and I spend less time cursing the spammers

But they should be cursed I don’t believe that they have a right to consume my time and computational resources to the degree that they are. I don’t see any really good technical solutions to this problem yet in spite of the options being discussed by the big boys (Yahoo, Microsoft, etc). Jerry Pournell has recommended public floggings for spammers. I assume as tongue in cheek but I think he makes a point that the risk to spammers is negligible.

I think there needs to be some increased risk to spammers. They don’t pay for the delivery or storage costs. Their only real cost is the creation of the copy (which must not cost most of them much judging by the spelling and grammar) and the initial bandwidth to send the messages (which I understand is small since they often use compromised hosts to do the mailings for them).

So maybe we should use public floggings as a disincentive to send spam. Or would traditional methods of legal enforcement work like fines, jail times and impounded equipment? It’s clear that something needs to be changed. What are your ideas?

LATER: A UN Proposal in the news.

No comments:

Site Meter