Why spammers will win

This article frighteningly (and convincingly) suggests that — in the virtual arms race between spammers and anti-spammers — the spammers will ultimately win.

The basic premise of the author’s argument is that anti-spamming tools rely upon the ability to tell ‘spamlike’ text and markers from that seen in regular correspondence (non-spam).

In the early days, it was easy for both man and machine to spot spams. Look for lots of capital letters and exclamation marks, phrases like “lose weight today!” and “make money fast,” and so on.

Unfortunately, as anti-spam tools became more sophisticated, spammers upped the ante by cleverly concealing their messages’ spamminess.

Ultimately, we may see a proliferation of spams that humans — and certainly machines — will be unable to initially recognize as spams. Like this hypothetical e-mail from “Matthew Hansen” with subject line, “Problem with your site, Adam”

Hey Adam,

I really enjoyed checking out your smilezone.com Web site the other day, but I noticed a potential security breach! Here’s a useful URL with some more info:

The link could be to anything… porn, an active-x virus, Amyway info, etc. The point is that the spammer would have captured my attention for more than a few seconds.

And such a ‘personal’ spam is not inconceivable. By browsing through various online databases, almost anyone can grab a few million e-mail addresses and names of Webmasters. The nasty thing is… what conscientious Webmaster would ignore a note like that and risk having his or her site vulnerable?

Or consider this hypothetical business related stealth spam, as quoted from the referenced article above:

Subject: Re: Re: the proposal

That’s a nice point, but I think you should consider the information at http://www.somewebsite.com/info.html before going with that approach. I found that information to be really pertinent.

Since it’s corporate suicide to accidentally throw away any business-related e-mails, and since — especially in large corporations — it’s impossible to know with certainty the names of all colleagues and partners… this particular spam would be especially insidious. There’s certainly no keywords that’d trigger suspicion at all!

And the point to all this: If humans can’t spot these above e-mails as spams, how could any machine? And what does this mean for the future of our inboxes?

I’ll give you a hint. It’s not pretty.






What do you think?