I was having a discussion at lunch not too long ago about the spam problem. We all hate spam, and there's a ridiculous amount of Internet traffic carrying it, ultimately leaving less bandwidth for all the cool stuff we want to do online. The current approaches to fighting spam generally fall into one of a handful of categories:
- Detect spam when it comes in and filter it away.
- Use some sort of verification system to identify the true origin of the spam (such as Yahoo!'s Domain Keys).
- Punish the spammer...if they're ever found.
At this point in the life of the Internet, it seems like all three methods do nothing but remove a few temporary annoyances from our lives. There's far too many spammers to catch, try, and punish. That would take way too much money and time, both of which have more practical uses. We try to mitigate spam but yet it still represents the majority of emails being sent (Microsoft reported it's 97% of the mail it handles). It seems like these previously mentioned three approaches have done nothing to stem the tide of spam that is flooding the Internet's massive tubs. Therefore, I present an alternative approach.
The right way to solve a problem, of course, is to first determine the source. As I mentioned in my last post about debugging mistakes, identifying the source of a problem is one of the most important parts of the problem solving process. People have incorrectly been assuming that the source of the spam problem are the spammers, which is why things like Domain Keys and punishments for identified spammers exist. If this were the true source of the problem then we'd likely have much less spam now than we did ten years ago. But that's not the case.
When a solution that you believes treats the source of a problem is ineffective, that typically means that you haven't actually found the source and so are treating the wrong symptom. In the case of spam, the source of the problem isn't spammers at all - it's the regular users who click links in spam emails. Think about it, if no one ever clicked through a spam email link, there would be no incentive to send spam. It's the same as with those ridiculous fliers you get shoved in your door or mailbox: they exist because the cost to produce them is minimal and therefore a small response is enough to offset those costs. Email has practically zero cost to send, which is why there's so much more of it than paper junk mail that has printing and mailing costs.
The real source of the problem are people who respond to spam. These are the people who make it worthwhile to send spam. I remember reading one time (can't find the article right now) that if even 1% of spam receivers respond, then it's worthwhile for the spammer to send the email. But, you may think, no one clicks through on spam emails, we all know better! I wish that were true. A recent study showed that over half of those polled have clicked on a link in a spam email. That's a lot higher than the 1% I had previously read was necessary to generate enough revenue to make spam profitable to the spammer. Clearly, the source of the problem are these users.
Even though people do click through spam links in emails, I'm not convinced that they do so with intent to purchase. Perhaps it's more curiosity than anything else. I tend to believe that people who make dumb mistakes are just uninformed about the consequences of their actions, and therefore a campaign to teach these users the ills of their ways is the only real solution. Here's what I propose.
Instead of finding the users who actually open and use spam, we start a web site that has information about why clicking through links in emails from people you don't know is bad, and more specifically, hurts everyone on the Internet. I'm sure we can find some stock photos of crying children who are sad that their Internet connection is slow. The homepage should be stark with a big question, "Why did you click on that link?" Underneath it should be a more precise description. The wording can be nice or mean, I really don't care. The point is to get across that this is a frowned-upon action that should not be repeated.
Well that's great, you might say, how do we then get these people to the web site? Simple: we send spam. It's actually ridiculously inexpensive to buy a mailing list and start sending email messages with a link to this site. Disguise it as a discount for Viagra or something similar (since those work so well) and get them to click through. We already know that over half of them are likely to do so.
Of course, for a short period of time, we'd actually be contributing to the amount of spam flowing through the Internet, but I'm willing to take that temporary hit to educate as many people as possible. The point we need to get across is that everyone hates spam and the only way to stop it is to stop clicking those links. Make it pointless for spammers to even try. Now who's with me?