I have a degree in public policy. After I graduated, I preferred a programming job to grad school in my field, but I did take some political science lessons with me into my actual career.
One of my favorite books from public policy was “The Moon and the Ghetto” by Richard R. Nelson. Basically, it asks the rhetorical question, “If we can put a man on the moon why cant we solve social problems in the ghetto?” The answer, counterintuitive to some, is that putting a man on the moon is a relatively easy problem to solve, compared with poverty and crime. (If this seems obvious to you now, it may not have in the 60s and 70s.)
Some people are asking the same question about spam. After years of effort and zillions of dollars invested by major players, why is spam still dominating the e-mail landscape? Over the last few years spam has settled in at around 85 to 90 percent of all e-mail, and theres every reason to believe it will stay there. I think the answer has a lot to do with the answer Nelson gave as to why solving the problems of the inner city, no matter how much money you throw at them, is harder than putting a man on the moon.
The world of e-mail, like the real world of politics, is by now long-established with entrenched interests. Anything done to “improve” the system, like any public policy initiative, creates winners and losers. And very often the winners and losers arent who policy makers had in mind.
Policy initiatives are not necessarily embraced by the people they are intended to protect. Think of how we react to the statement, “Hi, were from the government and were here to help.” Why should “Were from the IETF and were here to make e-mail better for you” be any different? How do we know they wont make it even worse?
What got me started on this was a discussion on a group run by the IETFs ASRG (Anti-Spam Research Group). As one participant put it, “[s]pam is fundamentally a social problem. Technological measures are an arms race—a good stopgap, perhaps, but still a stopgap. It will require social change, and thats slow to happen, especially when its major opponent is laziness.”
I dont entirely agree with the “laziness” crack, but clearly the answer to spam is not technology, and not even mostly technology. It would be relatively easy to design a new Internet mail system that would be free, or relatively free of spam, but such a system would require measures that are unacceptable to enough decision makers that a sufficient consensus will not be attained, at least not from this generation of Internet leaders.
The SMTP Authentication Failure
We know from the efforts of the last couple of years to implement SMTP authentication that even modest technical improvements to SMTP that act to restrict peoples use of the system will meet extreme resistance. See John Levines discussion of the politics of authentication on CircleID for more. Johns right about why the problem hasnt been solved: “Its a complicated problem.”
About this time last year I was waxing incredulous over the resistance to the authentication movement. Why were people making trouble for such an obviously (to me) great idea? The answer is, just as with social policies, everybodys got his own idea of the right way to do it; nobody wants his own interests damaged. Some of these interests are reasonable ones, involving privacy, for example. On the other hand, some have observed that many ISPs make money off of spam, however indirectly; its not clear they have a real interest in stopping it, but clearly ISPs are legitimate stakeholders.
And its not like theres some group in charge of the Internet who can declare that theres a new standard and everyone has to follow it. The Internet isnt really under any authority, with the limited exceptions of such groups as ICANN and IANA, neither of which can tell anyone what e-mail standard to use. To reach the moon, Kennedy only needed to declare the goal to be important, then to spend the money and gather the (mostly German) expertise.
But the Internet is just a series of private and public networks connected through private agreements and using a set of agreed-upon protocols. And worse than that, its international. Lets say you got Congress and all 50 states to agree to a new e-mail standard (dont think too deeply about this, its just for the sake of argument). Youd still have the rest of the world to contend with.
So is Internet e-mail so broken that it needs to be torn up and thrown away? Its a solution nobody would responsibly propose. I agree with Dave Crocker, one of the people who designed the Internet mail system in place today, that as a matter of retrofitting the existing system, we just dont know what will work. And “work” is not just a technical requirement; its what will be acceptable to enough parties to be accepted systemwide.
But just as things like crime and poverty never really go away, I think spam will never go away.
Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.
More from Larry Seltzer