BU Today

Uncategorized

How to kill spam dead in its tracks

Marshall Van Alstyne has the answer. Is anyone listening?

It’s become a truism that to have e-mail is to have spam. And so we must all devote several minutes each day to deleting unwanted porn ads, warnings about overdrawn bank accounts that don’t really exist, and get-rich-quick schemes from our e-mail inboxes.

Spam frustration led to the federal CAN-SPAM Act of 2003, a bill requiring all bulk e-mail to provide an opt-out mechanism, a legitimate sender address, and a label for adult content. But that legislation hasn’t stopped the electronic onslaught. Last year, a study sponsored by the Federal Trade Commission noted that spam still makes up more than two thirds of all e-mail traffic.

This week Yahoo and AOL announced plans to begin charging a fee (between a quarter-cent and one cent per message) to those who send bulk e-mail for direct access to inboxes on their servers. Those who do not pay could still send mass messages, but their e-mails would face the Internet providers’ spam filters. Nonprofits and advocacy groups that rely on bulk mailings, as well as free-speech advocates, have voiced opposition to the “certified e-mail” systems, which could be in place as early as this month.

BU Today talked to Marshall Van Alstyne, an associate professor of managment information systems at the School of Management, about the implications of certified e-mail and about his own plan to combat spam — making spammers pay e-mail recipients a few cents for every unwanted message. A paper on Van Alstyne’s anti-spam system will appear in the next issue of the B.E. Journal of Economic Analysis and Policy.

    Marshall Van Alstyne

BU Today: Will Yahoo’s and AOL’s plans to charge bulk e-mailers a premium for direct access to inboxes reduce spam?

Van Alstyne: That depends on how you define spam. I’m relatively sure that it will reduce those e-mails meant to deceive or to cheat. But if you define spam as unsolicited commercial e-mail, I think it will actually increase the amount of such advertising. [Those who can afford it] can get their e-mails branded as legitimate because they’re at least willing to pay a penny, and of course spammers who are selling herbal Viagra and fake Rolexes don’t have a legitimate value proposition, so they’re not willing to pay even that penny.

Both liberal and conservative political groups say such a system will hamper their ability to communicate with their members and raise money. Will it?

I don’t think that it will. If I as a user were to fear that legitimate communications were not reaching me, then I would have a strong reason to switch providers. So there’s actually a feedback mechanism already in place.

Other opponents argue that this will set up a tiered Internet, where those who can pay will get the more reliable and faster services, while everything geared to the rest of us will be deliberately degraded to make the premium services more attractive. Is that a legitimate fear?

There is some danger that when you introduce dual classes of services there may be what in economics is called an adverse-selection problem, that you often introduce variation more for price differentiation than for consumer benefit.

At the same time, I recognize that if the providers are going to have new kinds of services, such as ultrafast games where you can’t tolerate a delay in your processing because you’re likely to get shot in the game. Those folks need speed and are willing to pay for it, so why would you deny them that access? That one is a tricky balance.

What is your spam solution?

One of the biggest problems is actually getting to a common definition of spam. But in economic terms, it’s actually relatively easy to define: spam is effectively information pollution.

The known solutions to pollution are regulation, filtration, and economics. Regulation is laws, like the CAN-SPAM Act, which says you need to have labeling. These of course have terrible jurisdictional problems. When you filter pollution, you attach a scrubber to the effluent or to the smokestack and you put it in one place. And that’s the efficient way to do it. Asking each of us to use a filter is the equivalent to asking each of us to wear a gas mask or to filter our own drinking water.

Right now, you’re in an arms race against an adversary whose goal is to thwart the filter’s recognition process using different spellings, metaphor, embedding in pictures, etc. Spammers respond to changes in filtering technology in as little as two hours. An e-mail got through my filters with the heading “Get a rod like a fire hose.” And it’s a pure metaphor, there was nothing that talks about body parts or anything, and the filter just passed it right through.

What is the economic solution?

The answer is to give people property rights over their own time and attention. That is, if somebody is going to waste your time, then they should incur some cost proportional to the damage that they do. So, if a total stranger is going to contact you for the first time, all you ask is that they make a tiny promise that they’re not going to waste your time. If they break that promise, then they are going to owe you a tiny amount of money, say two cents. 

So messages from total strangers would simply be bounced unless they made that promise. On receipt of the message, you as the recipient then get to decide was it a waste of your time or not. What’s interesting is that no spammer can afford to make that promise. Legitimate advertisers, on the other hand, would love to buy a moment of your time for two cents. And because they have a value proposition, they can actually afford to have that bond go to you.

What about the practicalities of putting such a system in place?

There might be a simple button in your online Web browser or in your e-mail client that says, I consider this e-mail spam, I’m claiming the warranty, and that then is transferred into your account, almost exactly as it is in the automated check clearinghouse for banking. Your ISP [Internet service provider] would simply hold in escrow the amount, and if you don’t claim it, the liability simply expires and the person gets to reuse it.

So anybody sending e-mails would have to have money available to pay people who say, don’t e-mail me; you’re wasting my time; I want two cents?

Yes. If you are sending broadcast messages, a certain fraction of your population is likely to consider that spam, and so you will need to compensate the fraction of the population that considers your message a waste of time.

And would there be anything in this system saying that this bond would have to be attached only to messages sent to more than 10 people or 100 people?

You could almost surely do that, and you could also make exceptions for people you have contacted before. 

Wouldn’t there be opposition to this, saying you’re impinging on our free speech by making us pay to speak to this person but not pay to speak to that person?

I completely admit that this places more constraint on speech and totally unfettered access. However, you want to think of what the alternatives are. The alternatives are, no intervention, in which case you are trying to get attention for your message above the din, and you may well find that impossible. Given that 60 to 80 percent of e-mail traffic is currently spam, if you’re trying to get attention for your free speech message, you’re trying to scream fire in a theater where everybody is going to wear earplugs because they can’t listen.

What stage are things in the development of this idea, in terms of bringing it to a computer near you?

Well, the technology exists. It’s now a matter of distributed and open adoption, and I’m actually a big advocate of a nonproprietary system, because I think it’s best that no one party control it. I think the network effects would be overwhelming once major ISPs adopted it.

Suppose you were outside of the network protected by this system, and you sent your first message into the network of people protected by it. And you get back a traditional challenge response message, but it has the following properties: it says, take this challenge response test, download this software, and the following things will happen. One, your message will go through exactly as it should. Two, we will solve your spam problems. Three, we will create at an ISP of your choosing a bank account into which advertisers can drop two cents and nickels. I suspect the adoption dynamics of it once it happens ought to push it into the marketplace quite rapidly. But it needs a critical mass for that to happen.