Can Microsoft End Spam?, 2003-06-30
Unwanted e-mail saps security budgets and wastes everyone's time. It's nice to see Bill Gates take some responsibility for stopping it.
“
With Microsoft, AOL, Earthlink and others behind an anti-spam lobby, we might just get some effective legislation in place that has some teeth in it.
”
I like it. It's about time we got some real muscle behind the fight against spam.
Spam is not just an end-user problem. Though it may not be immediately obvious, the peripheral effects of spam not only drive up overall corporate costs, but in some cases, I have seen it affect internal system security.
Fighting spam even drains money that should be going to more serious security efforts. While security spending may be on the rise, the overall "pay for security" mindset in corporate environments is still in its infancy. In many cases, we have to sell the cost of security to upper management, who do not have the skill set to adequately assess the need.
But spam is a different story. Spam affects end users directly, including upper management. It does not take many "Male Enlargement Pill" offers to the CEO for the problem to become evident.
In these cases, I have seen top-down directives result in significant monies being allocated for anti-spam appliances and software, administrative resources, and process participation of the end-user. And I have seen these monies spent in lieu of extending resources to products and services that have a more direct impact on security.
The associated costs of dealing with spam should not come out of our security budgets-- yet in many cases, it does. But at least management gets spared the latest pitch for the Banned CD.
The "Right" To Spam
Hopefully, with new light shed on the spam problem by Microsoft's quest, anti-spam efforts will carve out a new corporate cost center that does not take away from the hard-earned security resources we have been scraping together. The biggest hurdles in our anti-spam campaigns have been in the technical and legal arenas -- two areas in which Microsoft excels.
Gates outlined a process in which a "spam database" could be consulted for incoming mail item comparison and classification. While not a new concept ("IronMail" for instance uses this model) I think it has some advantages over the standard signature and key-word based identification models. While nothing I have seen is 100% effective, I can visualize a system combining multiple techniques to provide effective overall spam elimination.
But, once we get there, the spam-bags out there will figure out a way to bypass even those technologies. That is where the law comes in. With Microsoft, AOL, Earthlink and others behind an anti-spam lobby, we might just get some effective legislation in place that has some teeth in it. Hmmm. I think we have just found a committee that Senator Hatch would actually fit in well on.
After the publication of a past column of mine discussing pop-up spam and the Messenger service, I received an e-mail from one particular gentleman who proceeded to tell me how it was his "right" to send out unsolicited e-mail as a valid business endeavor, that e-mail was free for all to use, and how if I didn't like it, I could always use my "delete" key.
It is the mindset of jerks like this that we must battle on a legal front. Spam costs us money, and these people have no right to make me spend it without my consent. I'd share this particular troll's e-mail address with you, but it seems that his mail server has mysteriously burst into flame.
Microsoft has been the driving force in the shape of today's Internet. It is nice to see some them take some responsibility and initiative to impact the global spam epidemic that the Internet spawned.
