Computers & Technology

Solutions to the Spam problem

Recently a client inquired about solution to the spam (unsolicited commercial email) problem. There are a number of options available, however no solution is completely satisfactory. You may be able to combine some of these options to build a solution what works best for you, however it is important to understand that the problem of spam is inherent to email and that there is no panacea.

Desktop mail program filtering

One option is to use filters on your favorite mail program. Thunderbird, Outlook and Mail can be customized to filter spam. They have general filters, custom “ISP” filters, and third-party commercial filters available. The advantages of this option are: 1. You completely control the mail filters; create as many as you’d like with the criteria you want. If you want to use a blacklist approach (block certain addresses) or a whitelist approach (only display email from certain correspondents); 2. You can display all messages at once, and can delete all junk messages at once; 3. You can keep as much potential junk email as long as you want (for reviewing, etc). The disadvantages are 1. It’s only available on that one individual computer, it’s not available when you are elsewhere; 2. You have to “train” the junk filter, tell it what is and what is not junk email.

Commercial Whitelist Spam Filtering Services

SpamArrest is a commercial spam-filtering service that uses whitelist and is popular. See http://corp.spamarrest.com/howitworks/ to learn how it works. Basically, your correspondents are asked to respond to SpamArrest and SpamArrest will ask you if you know this correspondent and want to allow email from them. If you accept, they’re put on a whitelist and their mail will subsequently be allowed automatically; if you deny, their email will not show up in your inbox.

Use Gmail

Another option is to forward your email to Gmail. The advantages of this are 1. Large mailbox capacity (7 GB), 2. Spam filter, 3. Can respond, if you wish, with your NYU address in the From, and 4. Because Gmail lives on the web, all these options are available to you from anywhere you have an Internet connection and a web browser. You can forward your NYU email to your Gmail and you would not miss email from your legitimate correspondents. Also, your correspondents would have your new email address as soon as you respond to their message.

Get a new email address

Another option is to get a new email address every time junk mail overwhelms your existing email. When you respond to your correspondents you can let them know of you new address. You can also update the email subscriptions to the mailing lists that you do want to keep. The ones you don’t want to keep will not have your new address, so you will not see them. The disadvantage of this is that you have to get a new address, and perhaps learn to use a new email system. This can work very well with the Gmail option, because if your existing Gmail address is getting too much junk mail you can simply sign up for a new Gmail address and you would not have to learn how to use Gmail again. What some people do is they change their address to include the year; if I did this, in 2008 my email address would be something like eduardo2008 at whatever dot com, but if the year is 2009 I would change my email to eduardo2009 at whatever dot com.

Disposable Email

There are some services out there that provide people the opportunity to have an email address for a short period of time.  Say for example you need to receive a message from somebody for a one-time information exchange.  You can login and check your email for a short duration (say, one hour).  After that time has elapsed, the email address is disposed of, never to receive email or allow login again.

Email Certificates

There exists a way to obtain a digital certificate that guarantees that your identity has been verified by a certifying entity (either a certificate authority or a peer in web-of-trust).  When sending digitally signed/encrypted email, your correspondents can verify that the message really was sent by you, and vice versa.  If people used email in such a way that they do not accept any email that does not have a digital signature certifying its source, then this would certainly decrease the unsolicited commercial email.  However this is more than a technical solution: your correspondents have to be using digital certificates too, and they have to have your certificate in their computer in order to accept email from you and to send you signed/encrypted email.  The use and management of digital certificates is not currently at the technical point where it is easy nor at the political level that people are willing to use them for their advantages while overcoming the technical hurdles (which are not insignificant).

Scribd.com is a website that allows you to upload documents and embed them as you would a YouTube video.  No plugin installation necessary.  You don’t have to have Microsoft Word or Adobe Reader to view a document of that type. Simply have Adobe's Flash installed and you're good to go.  It’s a technology they call iPaper.  Check it out:

Nifty, huh?

NYTimes' Bits blog has a posting about "Separating Real From Fake on the Internet" [ link ].

Look at all the comments posted to that blog entry.  Now look at the names of the posters (look at mine too).  This is one of the great and awful things about the Internet: encourages participation with (varying degrees of) anonymity.

Different sites focus on different things.  The New York Times on The Web wants to take itself as seriously as it takes its print business, and it wants its readers/consumers to do the same.  So there are certain things they will publish on it, and certain processes they follow to ensure that goal is achieved.  Certainly the print business and the Internet/web business differs, so they have to change things (think of balancing the speed of news on the web with the accuracy needed for anything with the brand "NYTimes", advertising/business models, feedback, transparency etc)

Facebook has no "print business" equivalent or anything other than its web business; there is nothing anchoring it to the real world except relationships between emails that belong to people in the real world. Facebook would be worthless without these relationships.  The "web of trust" mentioned by #2 Tobias is inherent in the design of Facebook: one person's email address "validates" another person's email address by "accepting a friend request".  The more friends from your real life whose email address is accepted as a "friend" in Facebook, the more valuable the social network.  The flaw in this is that, this being on the Internet and therefore providing a certain degree of anonymity, there are going to be many ways in which these social networks are exploited for all sorts of bad things; once something is accepted as legitimate or trusted in Facebook, it keeps gaining trust even if it is not deserved.  Remember, Facebook exists only online; there is no office on campus somewhere that verifies that something is true or legitimate.  If many people who individually and voluntarily provide truthful information and who trust each other, decide that something is legitimate and trustworthy, it will become so even if undeservedly.

Providing some truthful information gets you trusted, but then is that a guarantee that all the information you provide is trustworthy?  In real life, trust comes much more slowly than online; a shortening of this "time-to-trust" can be achieved by using "trust authorities" such as banks and DMVs and courts.  In the online world, there exist "certificate authorities", but these are not available in the Facebook-type of social networks.  Other "web of trusts" do exist, but are used by too few people (thawte, PGP, etc) and in any case these do not provide one of the great advantages of other social networks: voluntary sharing of personal (truthful, legitimate, trust-inviting) information coupled with the freedom of some anonymity (by passively not providing truthful information or actively providing untruthful information).

My thoughts.