Posted on 19 May 2008 by James Blake

The media has been filled with stories covering the thirtieth anniversary of the first spam message this week, in fact I’ve just got back from filming an interview with tech publisher VNUnet on the subject.

Three decades have past since Gary Thuerk sent his now infamous unsolicited email to around 400 Arpanet users, inviting them to come to see Digital Equipment Corporation’s new System-20 computer.  At the time Thuerk was chastised by the US Defence Communication Agency for breaching the Arpanet’s Acceptable Use Policy.

Today Digital Equipment Corporation has ceased to exist - being absorbed first into Compaq and then, ultimately, into Hewlett-Packard; the Arpanet has morphed into what we now call the Internet for which no central body remains to enforce acceptable use

Spam has been with us for 30 years now, but email administrators face a whole host of new issues to deal with – long term retention and discovery for compliance and litigation protection; management of ever-increasing email boxes; satisfying mobile users craving for email everywhere and anywhere; while maintaining access to email services 24 hours-a-day 365 days-a-year

Spam, however, remains a persistent problem purely because of the economics – it costs so little to send a spam that even if a minute number of respondents purchases a product it returns a profit (although a survey by anti-virus firm Sophos claim 11% of Internet users have made a purchase through unsolicited email).  Spammers have moved on from just hawking goods, a recent FBI Computer Crime Survey estimated that 75% of all Internet scams are perpetrated through unsolicited email, netting more than $239 million.

Despite what many security vendors will tell you, the volume of spam as a proportion of email has already plateaued at around 85 – 95% - this equates to around 100 billion spam emails a day.  This is at a time where backbone providers are complaining about the ability of their networks to scale – this represents a significant cost to both them and the Internet community as a whole.

While the proportion of spam has remained fairly static, the techniques used by spammers have continued to progress.  It is only by engaging in a constant arms race with the spammers that vendors have managed to maintain the status quo.

One of the issues with anti-spam techniques is that they are largely performed at the ingress point – where the message is about to enter a corporate network, by which time the cost of carriage has already been borne.  In addition, some anti-spam solutions also introduce false-positives, or require users to change their working practices (dealing with quarantine digest, for instance), all placing an additional burden on organisations.

Solutions such as Domain Keys and Sender Policy Framework have been suggested to improve the situation from the centre, but they represent competing standards and besides, any centralised solution will take many years to fully ratify and implement.

So in the interim, anti-spam vendors will continue innovate and prevent the spam curve from upturning again while attempting to deal with the way users interact and use their email in the 21st century - fun fun fun.

Category: Spam