Information Overload: Spam

Following on from an earlier post (about how the problem of Information Overload of the 21st Century is becoming as much about the quality of information as it is about the quantity); there is another type of information that has stopped the problem of Information Overload being overcome.

Any email address that's visible on the web is virtually guaranteed to start receiving Spam emails. Blogs gets indexed by search engines; automatic processes can check through indexed sites and fill in online forms, for example to add comments on blog sites with links to drive traffic to sites (usually sex related), so any public blog will receive comments and pingbacks from unrelated sites (usually sex-related), either trying to gather links to improve their Pagerank, trying to attract visitors to their site, or simply to send more generic emails to any email addresses they find. (Which sometimes makes me wonder if more machines than people read my blog...)

When I get back from a weekend away from the city, computers and the internet, I tend to come back to about 30 or so comments on my blog; all spam, mostly selling prescription drugs, but one or two directing to pornography. That might not seem like much, but considering that I've put very little effort into promoting my blog, it makes me much more sympathetic when I see blogs which have shut down comments due to floods of spam. I'll also have a few dozen emails that are pure junk, which I have to sort through before I can start checking my "real" emails. It seems that the more efficient I get at using the web, the more time I have to spend sorting through spam.

This year (on the 12th April) was the 13th anniversary of the first unsolicited commercial "spam" email. Although unsolicited bulk email had been sent before (the first documented spam on Usenet was sent by Rob Noha on May 24, 1988, asking for money for his college fund), on April 12, 1994, Laurence Canter and Martha Siegel (a married couple who were both lawyers in Arizona), took spamming to a new level of abuse when they posted an unsolicited commercial offer to help immigrants enter an upcoming "Green Card lottery" to over 6,000 Usenet newsgroups. To many people, this particular event, coming not long after the internet was opened up for commercial use, marked the end of the Net's early period, when the original Netiquette could still be enforced, and its (unrepentant) authors are seen as having fired the starting gun for the legions of spammers that now occupy the Internet. Prior to that, spamming had been a fairly sporadic and even desultory phenomenon, mostly limited to off-topic postings in newsgroups. This year, it's expected that the volume of spam will overtake the volume of "real" email.

Over the last couple of weeks, the main email address I use for personal mail has started receiving more spam than "real" email. In the space of a single day, I have apparently won "Five Hundred Thousand Great British Pounds and a brand new Mercedes-Benz Car" from Mercedes-Benz, one hundred thousand dollars from a Microsoft-AOL Anniversary Draw (from a Microsoft executive with a Yahoo email address, oddly enough) to get people to use Internet Explorer. (Apparently, the draw was held in London, but I have to collect my winnings from West Africa.) Meanwhile, the "head of Secretary and Delegation to the World Bank in West Africa" wants me to help him claim 22.2 million (he doesn't say what, exactly) in exchange for 20% of the fund— unfortunately "the code of conduct bureau forbid me to acquire such amount of money." Perhaps I could collect my lottery winnings while I'm over there. Oh, and a born again christian with £10.4 million in the bank, 4 months to live and a burning desire to pass it on to a good christian to avoid a "Situation where this money will be used in an ungodly Manner". Meanwhile, dozens of "friends", "admirers", "worshippers" and "classmates" apparently want to send me e-cards at my work address, and more recently a flood of emaillers want to ask me questions about videos they seem to think I've filmed.

Although the temptation to send a reply and try to enter a dialogue with them is more motivated by potential for entertainment than any misplaced greed, simply identifying them and removing them from my inbox is already taking more of my time than I want to spend on them, and now that my personal address is on at least one mailling list, it's a safe bet that it will be on several more before long. (Incidentally, if you ever have to send or forward on emails to large numbers of people, please do the rest of the world a favour and a) put the addresses in the BCC field, so that everybody who receives it can't see everybody elses, and b) delete all the email addresses that are already on the email before forwarding it on. If you really want to have a conversation with large numbers of people at once, use something like MySpace or Facebook, or even start your own blog. Or better still, go to the park and get some fresh air while you're doing it.)

Spam has also made it's way into other areas of the internet- spam comments on blogs, with nothing but links to unrelated commercial (and often pornographic) websites, spam blogs, even spam websites— entire sites made up of nothing but content ripped from other websites to attract search engine traffic, links to improve search engine positioning, and paid-for advertising.

Aside from the inconvenience caused to us as individuals (having to sift through the spam we receive, as well as problems caused by legitimate emails being falsely blocked by anti-spam filters), spam is now a significant wider problem on the internet.

Firstly, there is the impact that the volume of spam being sent has on the internet itself- because of the free and open nature of the internet, the real cost of sending large volumes of email is borne by the network itself- a tragedy of the commons. The low barrier to entry and low cost of sending spam emails (especially compared to other similar forms of communication) has led to an ever increasing volume of unsolicited emails, and both increasingly sophisticated methods of filtering spam emails, and increasingly cunning ways of circumventing spam filters. An estimated 55 billion e-mail spam were sent each day in June 2006, and a study by the Messaging Anti Abuse Working Group estimated that 80% of internet traffic in 2005 was what they classed as 'abusive' email (that is, abusing the medium of email.) However, it is thought that these numbers are only the tip of the iceberg— it's decentralised nature makes it difficult to accurately monitor internet traffic, so they are measured by monitoring messages received in mailboxes; as spammers lists often contain a large percentage of invalid email addresses, the actual impact on network traffic is thought to be even higher than the statistic suggests.

Secondly, there is the problem of where spam is being sent from. As it has been possible for some time to identify the sender of spam emails and block their addresses, spammers prefer to send their mail from other people's computers. In June 2006, an estimated 80% of e-mail spam were sent by "zombie" PCs- an increase of 30% from the prior year. These "zombie" computers are usually part of a "botnet"- a network of computers which have, usually unknown to the owners, been compromised and can be controlled by someone else- to send spam emails, or to perform other malicious functions, such as a Distributed Denial of Service (DDoS) attack. Because the location of the machine that is sending spam emails may not be the same as the location of the person actually responsible, and the website that the emails try to direct people to may be in a different place again, it's difficult to track down those responsible for the problem.

Because it's so cheap to send and only requires a minimal percentage of actual responses to become profitable, there is lots of money to be made through spam, so there are lots of people and organisations who will work hard to stop this situation from changing. Last year a company called Blue Security, an anti-spam company which provided software to reply to spam mails with automated complaints, was driven out of business by globally coordinated DDoS attacks from the spammers whose businesses were being blocked, which overloaded Blue Security's servers, rendering it's services useless.

The big question is how to deal with, or escape from the problem. One method is to use a number of different email addresses- for example, keep one address that's purely for private correspondance and only circulate to your trusted friends and family, and keep one or more further addresses for use when it might be exposed (such as for registration to websites, or for use in online message boards or blogs.) That way, the more likely a mailbox is to contain spam, the less likely it is that you'll need to check it. Another method is to simply avoid giving out your email address anywhere it might be publically visible online. Definitely avoid replying to spam emails— this simply serves to confirm that your email address is valid, and could prompt even more messages.

Ultimately, my problem is that I don't like using spam filters because I quickly end up trusting them too much and ignoring the email that gets blocked, and I really don't like the idea that a genuine email from someone not in my address book (or maybe using a new email address) could go unread, and someone might think I'm ignoring them/have forgotten about them/just don't care about them. I'm also slightly concerned that one day a phishing email purporting to be from a service like Amazon or Paypal that I use that will actually come to the same address that I use for that particular service, so when an email address starts to attract significant volumes of spam, I've just moved on to a different address. (Of course, this means that it's quite possible that "genuine" emails are being sent to one of my abandoned addresses, but that's a problem I've just not been able to figure out a way around.)

As there are plenty of email services from the likes of Google, Microsoft and Yahoo that are free and easy to register, it's not hard to do and probably saves me more time than I would otherwise spend checking through spam folders. The fact that I own a couple of domain names and some server space which effectively gives me an infinite number of possible email addresses is pretty useful too, as it makes it easier for me to set up systems to forward emails to different addresses, but that's probably not an option for most people.

Perhaps the future of the internet is going to be something like the increasingly popular social networking websites; a centralised service with an 'authority' to oversee it, and restrictions to prevent antisocial activities, where the line between "friends" and "strangers"— and their level of access to and interaction with you and your information— is clearly defined and controlled.