2003: The year of anti-spam?

2003 is shaping up to be the year of anti-spam initiatives. When thinking about these issues, I keep coming back to Larry Lessig's four regulatory constraints: architecture, law, social norms, and the market:

Some constraints will support others; some may undermine others. A complete view, however, should consider them together.

We of the geek tribe tend to focus on architectural constraints. Filtering is the first line of defense, but there are others. I've advocated digital IDs as one technique. Another was recently brought to my attention by David Magda, who alerted me to the hashcash idea -- a clever scheme that proposes to make email senders invest CPU cycles to produce "proof-of-work" tokens attached to email.

On the legal front, the drumbeat for anti-spam legislation is becoming incessant, and we may see real action on that front in 2003. The issues surrounding such legislation are not very clear to me, so I look forward to more education on the subject in the coming year.

You might think that the spammer's cloak of anonymity would make social norms an unworkable constraint. But as Alan Spam King Ralsky recently discovered, that cloak can be summarily yanked away. The slashdotters who sent truckloads of junk snailmail to Ralsky's home were, I'd say, acting in the realm of social norms.

Market forces, at the moment, are all in the favor of spammers. Interaction with the other constraints could change that, though. The hashcash idea, in particular, targets the economics of spam. It won't cost you or me much to spend a few seconds generating per-message proof-of-work tokens, but the time or CPU horsepower required to create billions of tokens could put the big-time spammers out of business.

In general, it seems useful to think about anti-spam strategies in terms of multiple constraints. Whitelisting, in and of itself, concerns me for reasons I've mentioned. It's an architectural constraint that also establishes a social norm -- but, I think, a pernicious one, namely the idea that no spontaneous association is acceptable. However, in combination with other strategies, it seems more interesting. Another excellent article that David Magda pointed me to, by François-René Rideau, suggest that whitelisting and hashcash can work nicely together:

As a matter of standard, polite procedure, someone initiating conversation would have to pay some relatively high postage value, with the recipient returning postage and both participants including each other in a whitelist.

Architecture, social norms, and market forces are working together in that example. Likewise in the case of strong digital identity. I've long argued that use of digital IDs should be a social norm: serious correspondents should be willing to identify themselves in verifiable ways, and should expect others to do the same. Architectural and social constraints are woven together in that scenario.

On the whole, I'm impressed with the quality of discussion I'm seeing. I hope it continues. Arriving at a workable balance of constraints is going to be a subtle process, and it's going to require all of us to think out of our usual boxes.

Former URL: http://weblog.infoworld.com/udell/2003/01/08.html#a568