Management
Technology
- Applications
- Business Intelligence
- Development
- Hardware
- Mobile & Wireless
- Networking
- Internet
- Operating Systems
- Security Products
- Servers & Datacentre
- Storage
Toolbox
Training
Books
White Papers
Webcast
Resource Centre
Is This the Solution to Spam?
February 02, 2009
Posted by: Glyn Moody
I think I may have come up with a possible solution for spam. But first, some background.
I have read somewhere (can't find the reference, unfortunately) that when intercontinental ballistic missiles (ICBMs) were first introduced in the US, a test was conducted early on to assess how the defences would work in practice.
On the warning systems there appeared to be an attack originating from Russia (although in fact there was none). According to their orders, those operating the ICBMs were supposed to launch their missiles immediately in response to just such an eventuality. But it turned out that very few did: the problem was, they had never faced this situation, and most were paralysed by doubts and fear, which made them hesitate to take such an extreme step.
The solution was ingenious. Instead of battling – probably in vain – against human nature, and hoping that things went better next time, the military powers decided to cause multiple apparent attacks to occur every day. Gradually, the doubts and fears about pressing the launch button wore off thanks to the repeated nature of the exercise, and the response to these fictive attacks approached 100%.
The beauty of this approach is that should a real attack be launched, the response will be just as good, since those responding will have no way of knowing that it is not just another practice alert to keep them on their toes.
So how about applying this to spam? Here's how it would work.
A number of government security organisations around the world – think national spam centres – would routinely send out what looked like spam to all email users.
In appearance, these would be identical to the real thing: they would offer all the improbable improvements to parts of your anatomy, or access to multi-million pound bank accounts for very little effort. All the usual – and highly-effective - tricks of social engineering would be deployed in order to persuade users to respond.
Most people would simply ignore these fake spams, as they do other junk that they find in their inboxes. But a few – as always - would respond. That's good: for these are precisely the people who make spam viable, providing enough incentive for spammers to send out billions of mails to the rest of us.
These are also the people who click on infected Word documents, or visit dodgy Web sites and infect the rest of the ecosystem. So it is precisely these people that need to be educated.
The fake spam would allow that to happen. For instead of receiving information about wondrous pills, or large sums of money, those who succumb to the siren-like call of the spam would, instead, receive a gentle warning – by email or from special Web sites the fake spam respondents would be directed to - from the national spam centres explaining that had this been a real spam email, they would have suffered various negative consequences, and that maybe it would be best to ignore such offers in the future.
Some of those receiving these messages might take note, and resolve never to fall for spam again (or at least be more sceptical). Others will not. But those who do not will then fall for *more* fake spam in the future, and receive yet more warning messages. This will carry on until one day the penny drops, and even they become at least more resistant to spam (since no one is *completely* immune to the clever ploys employed).
Jump to page : [ 1 ] [ 2 ]
Follow highlights from ComputerworldUK on Twitter
Sign up for our Daily Newsletter
The UK IT News widget Get it for your site!
<<newer entry | back to blogs index | older entry>>
Advert
Email this article to a friend or colleague:
PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.
- This article is now being printed.
What are your views on this subject? Use the form below to post a comment on this article up to 1000 characters.
Click below to add 'Is This the Solution to Spam?' to your blog.
If you do not have a ComputerworldUK Account and would like to use this feature, please Register.
If you are a registered, logged-in user, this will post the title and first paragraph of this story to your blog to share with your readers.
Advert
Newsletters
Sign up to our Weekly Round-Up for the past week’s not-to-be-missed news analysis and insight delivered straight to your inbox.
WHITE PAPERS
-
Legal risks: Employee use of the internet and email
Exploring the challenges facing IT Mangers today and vital steps to ensure safe internet an email use by employees. -
Phishing for victims
This White Paper examines the phenomenon of phishing. It explains the potentially catastrophic threat it presents to all kinds of organisation. Exploding some widespread myths, it lights up the murky waters where phishing first emerged and where it continues to evolve. But it also highlights what your business can do to blunt the threat.
About the author
Glyn Moody Glyn Moody's look at all levels of the enterprise open source stack. The blog will look at the organisations that are embracing open source, old and new alike (start-ups welcome), and the communities of users and developers that have formed around them (or not, as the case may be).
Comments received
Ben Cook said on Monday, 02 February 2009
Of course this approach does not work very well if it is made public, because then every geek would click on spam email just to see if they are real or fake.
Nevertheless it could work even better this way, dos-ing spam website.
Bob Parker said on Monday, 02 February 2009
Why not just use the same worm that creates the botnet to trash Windows on the offending machines. That way will educate the real idiots out there.
Glyn Moody said on Monday, 02 February 2009
@Bob: however emotionally satisfying that approach might be, I foresee one or two administrative problems in getting approved.
Bob Parker said on Monday, 02 February 2009
@Glynn: Emotion aside it would help Microsoft's marketing efforts in exactly the right direction. Not suggesting that you be the man to do it but surely there is a reformed bad guy out there to step up to the plate.
Glyn Moody said on Monday, 02 February 2009
@Bob: or for the Machiavellian approach: somebody pro-MS did it, claiming to be pro-OSS, thus landing the latter in trouble...?
Dagonet said on Monday, 02 February 2009
Just that I understand you correctly: You suggest establishing a government agency that keeps slapping citizens in their faces until they bloody learn self defense?
Glyn Moody said on Tuesday, 03 February 2009
@dagonet: well, think of it more as the government tickling people with a feather until they learn to defend themselves.
Leslie P. Polzer said on Tuesday, 03 February 2009
You're not proposing a solution for spam (which is millions of advertising mails cluttering people's inboxes every day) but for phishing.
Richi Jennings said on Tuesday, 03 February 2009
@Leslie: no, it's not just addressing phishing. If nobody bought fake pills'n'stuff from spammers, spammers wouldn't make any money. So, in theory, spammers wouldn't spam.
Richi Jennings said on Tuesday, 03 February 2009
But, here's the rub: educating stupid people is usually an exercise in futility.
This sort of thing has been trialed before and the users who fall for it don't seem to learn when re-tested some time later (sorry, don't have references to hand).
Roughly 50% of the population are of below-average intelligence. There; I said it.
crystalsinger said on Tuesday, 03 February 2009
Actually, I suggest a two-tiered system.
1) The National SPAM Agency (NSA?) would elicit long./lat. coordinates from those who respond to SPAM/Phishing emails, then
2) Those aforementioned ICBMs would finally be launched (accompanied by cries of "Fly, my pretties!" no doubt) to institute the 21st Century version of natural selection upon the clueless respondents.
:-)
I jest, of course - but not much.
ArcAngelM said on Tuesday, 03 February 2009
Is this supposed to be a joke?
Bill B said on Tuesday, 03 February 2009
Less and less people click on spam as they "learn" it is bogus. However, spam rates continue to rise at a meteoric rate. So I don't see how your solution would help.
Greg said on Tuesday, 03 February 2009
This is the worst idea I've ever read on the Internet
Glyn Moody said on Tuesday, 03 February 2009
@ArcAngelM: not as such. I'm interested in hearing why people think it won't work (not that it will ever be tried).
vinay said on Tuesday, 03 February 2009
1. there is no way of knowing who is in US or abroad. So essentially you need to target all the internet users. This would be complete waste of tax dollars considering the scale involved.
2. Since every year there are millions of new people, this "education" would never end. So this exercise will never really end.
3. Just like everything else, I see that one day somebody will see the "potential" to make money and make this effort self sustainable and turn this into real spam.
There are so many issues with this solution.
Glyn Moody said on Tuesday, 03 February 2009
@vinay: I meant this as an international effort, since it's in the interests of every country to curb infected machines within its borders. So it wouldn't just by US dollars.
Max said on Tuesday, 03 February 2009
This is an absurd idea. The ICBM story dealt with a select group of professionals. Trying to translate that to the unwashed (and generally painfully stupid) masses out there is short-sighted at best.
Spam targets stupidity and greed. Unless you solve *those*, spam will continue to thrive, as do all the other ways of conning people. Spam is just another avenue, but the root of it is far from new.
Glyn Moody said on Tuesday, 03 February 2009
@Max: solving stupidity and greed seems slightly ambitious to me. Sending a few billion fake spams and cutting down on the clickthrough rate is doable.
Tim said on Tuesday, 03 February 2009
Interesting thought process, Glyn.
I didn't see it specifically mentioned, but the system could potentially be designed smart enough to never again send a specific 'fake spam type' to addresses that didn't respond after x attempts. This would cut down on the overall 'fake spam' volume going out. Additionally, email addresses that had a history of never responding to 'fake spam', especially over muliple 'fake spam types', could be considered a 'non-responder' in the problem and removed permanently, never to be bothered again by the training effort.
Any reason an effort like this has to be conducted by a government entity? Since the purpose of the 'fake spam' email is not to actually sell something (ie, it is 'non-commercial', or could be), can it be made to comply with CAN-SPAM? If so, then perhaps this type of system could be implemented by any entity or group of purposed individuals?
Glyn Moody said on Tuesday, 03 February 2009
@Tim: yes, you're right, there are all kinds of refinements that can be made for efficiency.
The reason I chose government (I'm no big fan) is simply that if it came from a company, say, then it might just seem even more clever spam. Of course, you have the problem of believing whether the messages *really* come from government.
Mind you, one option would be to let the ISP send it - at least they know you and you can be pretty sure who they are.