PermaLinkScientific American Article: Stopping Spam... Unfortunately, It's Written By Microsoft
12:47:56 PM

I am a regular reader of Scientific American. I don't expect it to be an authoritative source of detailed and in-depth information. That's not the purpose of the magazine. I do expect a degree of accuracy and objectivity in it, however, which I did not find in this article in the April 2005 edition about spam, which was written by three Microsoft researchers. The article is a fairly good survey of the anti-spam landscape, with nothing new for anyone who is literate in the field, and it is written in terms that a layman can easily understand -- which is what should be exected for Scientific American. The trouble is two-fold. First, there are some unfortunate mis-statements or omissions in the article, and secondly there are just too many mentions of Microsoft contributions to anti-spam concurrent with omissions of non-Microsoft alternatives. To anyone not literate in the field, the article conveys the distinct impression that Microsoft is the leader of the anti-spam technology field, and that's simply not the case.


For example: the article mentions Microsoft's Sender ID, but not SPF. Sender ID, of course, is Microsoft's anti-spoofing technology. It was introduced after SPF was, and the attempt to merge the two has been seriously sidetracked by Microsoft patent claims.


The next example is in the discussion of filtering, in which the artcile mentions two Microsoft algorithms (Sequential Minimal Optimization, and Sequential Conditional Generalized Iterative Scaling) that improve upon naive Bayesian, but makes no mention non-Microsoft algorithms such the Teireisas pattern recognition algorithm used in IBM's Chung-Kwei and SpamGuru There are, of course, many others, such as CRM114 and while the authors of the article couldn't list them all, I think that listing two from their own company without listing any others is inappropriate.


Another problem that I have with the article is manifested in two sentences in the discussion of proving that email senders are real people.


Solving these problems promptly would require spammers to buy many computers, making their costs prohibitive.

...

For legitimate senders, this system is free, but for spammers, the cost per message might be one cent, 100 times our estimate of the current price--more than spammers can afford.


The first of these statements is referring to the proposals for using computational puzzles to increase the cost sending spam. The latter is referring to a micropayment system. Neither of these can meet the objective that the authors of the article set out at the beginning of that section of the article, "we are exploring proof systems--those whose goal is to require more from a spammer than he or she can afford". The reason is simple. Spammers won't buy the computers needed to solve the computational puzzles, and they won't pay the money. They will hijack the computers for solving the computational puzzles just as they currently hijack them to send the spam in the first place, and they will steal the money to pay the micropayments by stealing the identity of the users' whose computers they have hijacked. It isn't really all that surprising that the authors neglect to mentions this, though, because of course it is the weakness in Microsoft's operating systems and applications software that is enabling spammers to hijack these machines in the first place. (It is the fact that there is no hope of getting all these insecure Microsoft-based machines upgraded to newer and more secure software that totally belies Bill Gates' ridiculous assertion last year that spam would be eliminated in two years. Let's see... that gives him another six months...)


The last problem in the article that I want to point out is either a blatant and knowing misstatement of fact, or an indication that the authors are very much out of touch with what is going on in the industry.


We recently helped to establish the first formal conference on the topic--the Conference on Email and Anti-Spam, which attracted researchers from all over the world.


As this time-line page clearly shows, there was a conference at MIT in January 2003, and also in 2004 (which I reported on here) and 2005. The first two MIT conferences occurred before the first Conference on Email and Spam, which was in the summer of 2004, and which is the one that the authors of the Scientific American article were referring to. While Microsoft and the researchers who wrote this article o deserve a certain amount of praise for their positive contributions to the anti-spam effort, they don't deserve and shouldn't get as much credit as is implied in the article. I plan to write a letter to the editor of Scientific American to that effect.

This page has been accessed 157 times. .
Comments :v
No comments.
Enter Comments^


Email addresses provided are not made available on this site.





You can use UUB Code in your posts.

[b]bold[/b]  [i]italic[/i]  [u]underline[/u]  [s]strikethrough[/s]

URL's will be automatically converted to Links


:-x :cry: :laugh: :-( :cool: :huh: :-) :angry: :-D ;-) :-p :grin: :rolleyes: :-\ :emb: :lips: :-o
bold italic underline Strikethrough





Remember me    

Monthly Archive
Responses Elsewhere



About The Schwartz

rss.jpg


All opinions expressed here are my own, and do not represent positions of my employer.