Has Microsoft 'Solved' Spam? 337
MsWillow writes to tell us the Seattle PI is running a story looking back at Bill Gates promise to have the spam problem "solved" in two years. Well, it looks like time is up, and the verdict is -- an emphatic "maybe". From the article: "Microsoft says it sees things differently. To "solve" the problem for consumers in the short run doesn't require eliminating spam entirely, said Ryan Hamlin, the general manager who oversees the company's anti-spam programs. Rather, he said, the idea is to contain it to the point that its impact on in-boxes is minor. In that way, Hamlin said, Gates' prediction has come true for people using the right tactics and advanced filtering technology."
Same way they solved Virii (Score:5, Insightful)
In short... (Score:5, Insightful)
Horse before the cart (Score:5, Insightful)
These technologies wont work until they are nearly 100% effective. If even a few messages slip through to some users, some people will buy things from spam ads. Which is all the economic incentive a spammer needs. So all they do is hide the problem, not really solve it.
Bandwidth is still being wasted.
Michael
That's an easy one... (Score:3, Insightful)
But, to their credit, that is an extremely hard problem to solve. In many other areas of software engineering, where you "solve" a problem once, the solution is much easier because it is just a technical limitation to be overcome. Spam is different, however, because you're fighting against other people all who have strong financial incentives to defeat your system.
I'd still say "don't promise what you can't deliver", though. As some critics have pointed out [blogspot.com], failure to do that just may be a systemic problem at Microsoft right now. Hopefully there will be some internal accountability for this one.
Lies, Damn Lies, and Marketing (Score:5, Insightful)
Spam still chokes mail gateways and causes everyone who uses email a hassle. You still can't advertize your email address. Upwards of 90% of the mail that reaches my mail server is spam, usually. Mail filters have been there for more than two years, though they've gotten better as spam has gotten better.
Spam volume has leveled off, but that's mostly because the system is already saturated.
If Microsoft really wanted to do something about spam, they'd fix the bugs and unthinkable design decisions that has allowed their software to be taken over and used to send it.
What? You have to keep checking Junk Mail then!?` (Score:2, Insightful)
So if this happens at any frequency
Well as a computer engineer (Score:5, Insightful)
I am to unpopular to get a lot of spam but the few I get on my gmail account all seem to be beginning with "Re:" clearly seeking to trick me into believing it is a reply.
Of course you could check the headers but these could easily be faked. In seen spams in the past that got through where I had real trouble figuring out where the fuck they came from. Some I even seemed to have sent myself.
The only real way to check it would be for hotmail to keep a track record of everyone you send mail to, add them to your adress book and then let those emails bypass your spam filters.
Silly Hotmail for not doing that. OH wait, they do! When you send an email via hotmail you are asked wether you want to add that person to your contact list. Most people don't bother.
My tip to you? Make it very clear that if they contact you via hotmail it may be filtered. Also check why you are being spam filtered. Is it based on your hostname or is the content of your email to spammy?
I know your pain, I dealt with it myself although in my case I am not depended on hotmail users so simply don't care that much. It is a lot of extra work but that is the cost of spam. No spam, no spam filters. It is something people often forget, it is not just the bandwidth cost and the time wasted sorting through spam but also the fact the real emails get lost in the mess. But don't worry, Bill Gates promised he would solve it. Has he ever lied before?
Re:Can Microsoft Solve Anything? (Score:2, Insightful)
Yes, they can put you to work and far more than Linux can, this is certain!
So, you sit around slashdot typing forums replies on your Linux box here all day (while I go make money coding applications in Visual Studio 2005 (mostly VB.NET thin-client apps, but also Windows apps as well) talking to SQL Server 2005 on Windows Server 2003 SP #1 if that suits you).
That works for me, how about you?
Face it - In corporate america, Windows usage far outstrips that of Linux and gives people jobs in far greater numbers than Linux does, and because of that surface area you have a greater chance of being employed if you have good skills on Windows, its applications, and coding for it.
From the home or work desktop/laptop, thru departmental servers, up to Back Office apps like Exchange or SQLServer (and even DB/2 and Oracle)?
They run on Windows operating systems in far larger numbers than Linux and its severe lack of applications (and support of peripheral hardware by comparison to Windows & device drivers for said hardwares) for as many purposes as Windows has.
APK
P.S.=> I feel sorry in a way for students who put their hearts into Linux, until they come out into a corporate world where Windows is in far greater use, and thus, provides them with far more potential for employment. Learning Linux can help them (because it does get used, but in far lesser %'s than Windows does and for less of a range of purposes) & especially for systems like Solaris, HP-UX, etc./et all (older UNIX's)... but then, they aren't making themselves my competitors either, so I can live with that - it's ALL about the choices you make.
I had to make the same ones as a student 15 years ago, when it was a Novell vs. NT 3.5x world, & I chose Win32 development & Windows NT/2000 network engineering-administration - glad I did, jobs abound, even thru the
Anyhow: Microsoft products, since they are so largely used in corporate environs, make a far more attractive target as well - they get attacked because of that, because if you think hacker/cracker types are in it just for 'shits-n-giggle' & just to cause mischief?
Think again: They're out to steal & get power/money, & information IS power & eventually money gained via illegal ends (use your imagination here).
Hacker/Cracker types? Heck - I don't dislike them, like many do - they are doing MS a favor (and the end users of their OS + wares) exposing things they may have missed in testing & once those exposed security holes &/or bugs get patched, MS & its product lines just get stronger... & so do I! apk
Re:When you fail, (Score:3, Insightful)
Or conversely, when you fail, change the requirements and make it look like a success, which is exactly what BG has done. Brilliant!
Re:Well as a computer engineer (Score:3, Insightful)
OR you would do something REALLY INNOVATIVE and automatically add recipients to a whitelist that is SEPARATE from the contacts list.
Wow, I should patent that. It's clearly non-obvious since neither MS nor Joe Higher-opinion-of-himself-than-he-deserves on Slashdot thought of it!
Re:My Hotmail Inbox (Score:4, Insightful)
That's not "solving" spam, that's masking it. My company uses RBLs at the external mail gateways to try and control the flow of spam into our network. 80% (200,000 of 250,000 daily messages) is directly blocked via this method... that bandwidth is still being used, but we halt the flood of the e-mail to our internal mail servers before it can be a burden to our users.
Of the mail that does get through, another 20% is still spam that didn't get blocked by an RBL so it has to pass through another anti-spam gateway (spamassassin) that does analysis and tagging of the message before passing it on to the internal mail server. Of the mail that gets through, roughly 5-10% is probably mismarked as not being spam when it is. That ends up being a shitload of mail that still gets through into a user's inbox that they have to review and delete. Spread that across thousands of users and you have a very real problem.
What we really need are vigilantes to go out and kill the spammers. We have their names and their addresses on the ROKSO list. Kill those 200 spammers and it'll prove a powerful lesson to the remaining ones that haven't popped up on the radar yet. People need to learn that if they spam they will die. Without that threat I'm afraid spam will only become an ever-increasing problem until there will come a point where e-mail is a completely useless medium to use for communications without redesigning the protocol.
So, anyone got an ex-con brother who doesn't care whether he lands back in prison or not? ;-)
Spam is not 'solved' by filtering (Score:4, Insightful)
The Microsofts (and Ciscos, etc...) of this world probably think that once e-mail spam stops reaching peoples inboxes, the incentive for spammers to spam will vanish, and with it, the problem of spam. WRONG.
Marketing and salesforces all over the world have somehow gotten it into their heads that they have some God-given right to pester and harass consumers anytime, anyplace to beat them over the head with whatever they have around that should make you empty your pockets. And e-mail has been a relatively cheap way for them to harass us. But if that won't last, they will find newer, even more intrusive ways to get into our wallets^H^H^H^H^H^H^H hearts. Texting my mobile phone, calling me with product advertisements, harassing me while I'm shopping for groceries, Inserting picture-in-picture commercials during television, etc, etc, etc... I could go on for hours about how evil everything involving marketing and sales is, but hey, we all know that don't we?
My point is: Spam is not solved by either filtering messages, or making unsollicited commercial e-mail impossible. If Microsoft really wants to enhance the quality of my life, make sure I can for instance enjoy a half hour of television without being constantly interrupted by commercials, and keep those salesdroids away from my favorite supermarket, and away from my phone. Thank you.
Um... so what's a reply then? (Score:2, Insightful)
As you said, you're not a computer engineer, lots of other people are and they haven't come up with a solution yet because it isn't as simple as you seem to think it is.
Is this even something that microsoft *can* do? (Score:3, Insightful)
Several others have mentioned that spam will be "solved" once the sending of it has been stopped. I am not sure that Microsoft could ever solve spam in this sense (or any company, for that matter). I don't deny that MS could make great inroads on the problem based purely on their numbers, but when other operating systems, other filters, other mail programs, etc. exist, Microsoft couldn't possibly be responsible for these.
This is not to say they are not responsible for their corner of the world, but the best they can do is fix their SMTP holes, include spam filtering software in all of their software/webware products, and if they are feeling useful, develop a clear and documented solution that could used on other systems/programs.
However asking MS to "solve the problem" is a bit much, even if they did overextend the claim originally.
Irony (Score:5, Insightful)
Re:Horse before the cart (Score:3, Insightful)
This doesn't seem to help - every so often, someone in government passes a new anti-spam law claiming it will stop spam. But it doesn't. The reason: the laws are not enforced. We don't need new laws - the spammers are already break the law (or did you think that setting up botnets without the computer owner's permission was legal?)
Ignoring email spam for a moment, I think a great example here in the UK is SMS spam - it's been illegal to send unsolicited SMS messages in the EU for some time, but they still happen. Worse - premium rate operators send unsolicited _reverse billed_ SMS messages and the telcos will refuse to do anything about it. The premium rate services regulator, ICSTIS, appears to be completely snowed under with complaints but still nothing seems to be done about it.
I'll say again: passing new laws to make something illegal that's already illegal don't help if noone's going to bother enforcing them. I can remember the days when cracking computers was considered a serious crime and incurred serious jail time. These days noone seems to care.
Comment removed (Score:5, Insightful)
I can do that TODAY! (Score:3, Insightful)
Create folder called "my new mail".
Setup a rule to move all incoming mail to the "my new mail" folder.
There! Instantly I have solved the problem and "eliminated" spam from you "inboxes".
Meanwhile, I'll still focus on rejecting mail at the server level. That way, if it is legitimate, the sender's server should provide him/her with a rejection message so they will NOT believe that I have received the message.
Re:Well as a computer engineer (Score:3, Insightful)
Ok, so now we will see spammers that go through archives of mailing lists to harvest valid Message-IDs to pester the senders with...
Re:Well as a computer engineer (Score:3, Insightful)
How would you know that an email is a reply?
Well, grabbing a reply e-mail at random from my inbox, I find these nifty headers: "References" and "In-Reply-To" [faqs.org] (see section 3.6.4 of the linked RFC).
Whenever you send an e-mail, your mail client (whatever it may be) should generate a Message-ID, and any replies to that message should include this ID in "In-Reply-To" and "References" headers.
So, identifying a reply is very simple: If the "In-Reply-To" or "References" headers contain the ID of a message that was sent from this account, then the message is a reply. There are two obvious ways to know if a given message ID in a received e-mail was actually sent out by this account: A database of message IDs or, better yet, using a keyed encoding to generate message IDs. If the message ID were generated, for example, by concatenating the sender's username and a timestamp, then encrypting the result with, say AES (because AES is *very* fast), then base64-encoding the result of that, then hotmail servers could easily verify the validity and origin of the message ID when it came back.
I'm sure with a little thought, some even better approaches could be developed. This isn't a hard problem.
The only real way to check it would be for hotmail to keep a track record of everyone you send mail to, add them to your adress book and then let those emails bypass your spam filters.
In other words, an automatic whitelist. Sure, that's also a very good idea, and also very easy to implement.
Microsoft's no-fail anti-virus "elimination"... (Score:2, Insightful)
As has been pointed out elsewhere on this thread, Microsoft are taking the credit for people receiving less spam through the use of tools developed by third parties.
So on the same basis, Microsoft can indeed be given the credit for eliminating viruses. Millions of people are now able to operate their PCs on a highly-secure, virus-free basis. The fact they've had to install third party software [linux.org] to do so is neither here nor there...
What *they* have done (Score:3, Insightful)
Re:Same way they solved Virii (Score:3, Insightful)
The correct form is definitely: viruses.
While I wish that were the case, English is defined by usage. If eejits (surely to soon be in the Oxford dictionary) start using a word, it becomes official. Perception defines reality.