Political spam, censorship, laws and John Gilmore

[Gordon Mohr]

I agree completely with Gilmore on this issue.

Russell writes:
> This is simply further escalation, not victory. Do you
> want to receive email from geeks making intelligent
> comments about Internet protocols? I have some bad news.
> Five months after an email filtering tool smart enough
> to learn and pass on this kind of email, you will
> receive 50 such emails, from 50 different geeks, with
> 50 different comments about Internet protocols just
> smart enough to fool your filter, and oh, by the way,
> would you like a really cheap mortgage with that? Just
> click here. 

In such a case, if the spoofed content is really good, 
maybe you don't mind the extra promotional message. I
don't mind the "Join Hotmail" appeals at the bottom
of your FoRKposts. Smart filtering forces those who want
to contact you to earn your attention, in some way or
anther, with relevance or demonstrated effort or
economic incentives.

> Automatic content filtering is subject to
> defeat by automatic content spoofing. I see no reason
> to think there will be a decisive winner in that
> evolutionary battle, without a hook to some other
> mechanism.

Victory need not be absolute; what's important right now
is that driving the cost of spam up, and effectiveness
down. At the margin, that means less spam.

Just as the legacy mail architecture makes it trivially
easy to mass-send messages that get read, widepread adoption 
of reader-side filters would suddenly make it very hard. 

To restore the spammer's ease would require some 
costly an time-consuming engineering -- and against 
a diversity of filters, restoring the original level
of ease would be very difficult. The very adoption of
these mechanisms would make some tactics -- like 
sending spam from spoofed return addresses which won't
notice bounces -- harder to use. 

Once we start relying on endpoint intelligence to
combat spam, I think the balance of power shifts into
the direction of the anti-spammers. Their workarounds
cost them more then our countermeasures. Thus, less
spam overall.

It may never be completely eradicated -- but that's
an unrealistic goal. We control everything from crime to 
contagious diseases not with all-or-nothing solutions, but 
by containing/ameliorating/domesticating the problematic 
agents.

> Even white lists won't work, as long as they rely on
> the From: field to identify the sender. That, also, is
> content, and the spammers will start maintaining databases
> of highly connected individuals, with lists of who is
> likely to whitelist them. As soon as whitelists start
> making a dent in spam, you'll be receiving offers for
> FRESH YOUNG PUSSY and Preapproved CREDIT with Rohit
> Kare's name and email address in the From: field.

This is much harder to do than the current spray-and-pray
approach -- none of the spam I get indicates *any* understanding
of my correspondent networks. So forcing spammers to have 
to take such sophisticated steps would be a gigantic victory.
Many would give up, their marginal effort now better 
directed at other activities.

If a significant number innovate to respond, then again
there are easy receive-side countermeasures that are
costly for them to circumvent. For example, the fact that
it is easy to spoof mail's origin is a general problem 
that overall, the net community has been able to defer
resolving. 

Someday, the combination of such "smart spam" and other
abuses will push us past a point where it's finally 
worthwhile for most people to use stronger identity
guarantees. When necessary, we'll do that -- and then 
another 95% of next-generation spam will die at the gates.

Once we take the step of adding flexible end-point filter 
intelligence, from that point on the arms-race is biased
in our favor. 

- Gordon