|
It is surprisingly difficult to get accurate figures for the amount of spam that is sent globally, yet everyone agrees that the global volume of spam has come down a lot since its peak in late 2008. At the same time, despite some recent small decreases, the catch rates of spam filters remain generally high.
Spam still accounts for a significant majority of all the emails that are sent. A world in which email can be used without spam filters is a distant utopia. Yet, the decline of spam volumes and the continuing success (recent glitches aside) of filters have two important consequences.
The first is that we don’t have to fix email. There is a commonly held belief that the existence of spam demonstrates that email (which was initially designed for a much smaller Internet) is somehow ‘broken’ and that its needs to be replaced by something that is more robust against spam.
Setting aside the Sisyphean task of replacing a tool that is used by billions, proposals for a new form of email tend either to put the bar for sending messages so high as to prevent many legitimate senders from sending them, or break significant properties of email (usually the ability to send messages to someone one hasn’t had prior contact with).
Still, if spam volumes had continued to grow, we would have had little choice but to introduce a sub-optimal replacement. The decline in spam volumes means we don’t have to settle for such a compromise.
Secondly, current levels of spam mean there is little threat of a constant flow of spam causing mail servers to fall over.
At the same time, one would be hard-pressed to find a user whose email is not filtered somewhere—whether by their employer, their provider, or their mail client.
Thus, looking at the spam that is sent isn’t particularly interesting as it provides us with little insight into the actual problem. What matters is that small minority of emails that do make it to the user—whether because their spam filter missed it, or because they found it in quarantine and assumed it had been blocked by mistake.
Equally important is the question of which legitimate emails are blocked, and why—and what can be done to prevent this from happening again in the future.
It is tempting to look at all the spam received by a spam trap, or by a mail server, and draw conclusions from that. They certainly help paint a picture, but in the end they say as much about what users see as the number of shots on target in a football match says about the final result.
Despite the doom predicted by some a decade ago, email is still with us—and we have won a number of important battles against spam. But if we want to win the war, we need to shift our focus.
Sponsored byWhoisXML API
Sponsored byRadix
Sponsored byCSC
Sponsored byVerisign
Sponsored byIPv4.Global
Sponsored byVerisign
Sponsored byDNIB.com
I agree that focus has to gradually change, but the article doesn’t seem to make the point clear. It contains a couple of questionable or partial statements:
We have to fix email. And we are doing it, albeit at a significantly slower pace than, say, http enhancements. Email authentication and abuse reporting, for example, are currently experiencing some achievements.
I’m not clear on third conditional there. Spam and phishing are continuing to grow, at least in a cumulative sense. A number of by-country sub-optimal replacements exist. Their own local nature prevents them to be global solutions, but the risk of switching to such kind of infrastructure is non-zero. The edges of those government-endorsed walled gardens can be joined in a way similar to how ITU standardized telephony several years ago.
I share the optimism, and look forward to a second installment to explain what the new focus is. A number of battles are not yet fully won, though.