Spam for brains
Posted by aogTuesday, 22 July 2003 at 19:17 TrackBack Ping URL
The print version of the Wall Street Journal had an article on anti-spam efforts. Overall it was reasonable as it discussed that the current anti-spam bills are supported by major league spammers and opposed by consumer and “public-interest” groups. However, there was a funny in a sad way part:
The most popular piece of [anti-]spam legislation […] would ban deceptive subject lines and require valid return addresses.
Assuming that became law, what would that do in the real world? Nothing, as the bottom feeding spammers would simply ignore it and the “legitimate” spammers already do that.

Certainly if mail relays checked for valid return addresses, quite a lot of spam would be stopped. But legislation like this does nothing at all to promote that. It’s competely pointless. What’s lacking is the will to devote the effort on the part of the major ISPs. While there are advantages to be the first mover (by providing customers with less spam) that company may well end up with a firestorm of protests when its address checker fails to let valid mail through. It’s not clear in a technical sense how a mail relay would validate an email address. New protocols would be required and millions of mail relays upgraded. That’s a big job and again, the legislation doesn’t even address that problem.

Just to give you an idea of where some of the problem lies, I work for a major technology firm which is very concerned about the amount of spam received by employees and has various spam filters on its mail gateways. Yet this company cannot manage the simple task of noticing that e-mail with a return address that is a corporate address (e.g. “aog@techfirm.com”) coming from outside is spam. Corporate e-mail is always sent from mail servers inside the corporate network. That’s a simple fix that would block some of the most insidious spam (rumour is that some spammer forged the return address of a senior executive - imagine getting an e-mail apparently from the CEO which when opened turns out to be about a reproductive organ enlarger). I get spam once or twice a week that appears to be from myself. I check the mail headers and it’s clear that it came from outside of the corporate net yet was not marked as spam. No legislation is going to fix that kind of problem.