Modernizing Authentication — What It Takes to Transform Secure Access
High on my disappointment list for 2005 is the fact that, after yetanother year of fighting spam, the world seems no closer to solving theproblem of unwanted, bulk email.
We didn't hear too much this year about spam. Aside from a few successfullawsuits against a handful of spammers, and a handful more being sent tojail under various federal and state anti-spam laws, there has beenprecious little groundbreaking news in the world of spam.
Could the lack of news mean spam is disappearing as a concern for ITmanagers and service providers?https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i Unfortunately, no.
Every available metric from the past year suggests spam volumes havecontinued their upward trend toward record highs. For the average user,the volume of daily emails containing ads for get-rich-quick schemes andget-erect-fast pills hasn't changed noticeably over the last year.
It's not as if there hasn't been progress in spam fighting in recentyears. Many existing technologies have seen incremental improvement. Butmany of those improvements have been tantamount to increasing the size ofthe buckets used to bail out a sinking boat.
Today's super-sized buckets may be helping to keep pace with the flood ofspam, but the systemic origins of the problem are no closer to beingsolved.
If there has been any major difference for spam this year, it's been thatin 2005 the anger toward spam has been replaced by a kind of grudgingacceptance that it's just one of those annoyances that isn't going tochange anytime soon.
For me, that resignation is itself a huge source of frustration, becauseI know something that not many people know: There are some very promisingsolutions to the spam problem that are being completely ignored becausethe world is too busy accepting the status quo.
When I talk of solutions to spam, I don't use the word 'solutions'lightly. I truly mean there are ideas afoot that, if implemented by evena handful of key businesses and service providers, would put us on atrack to render the problem substantially solved.
Sadly, today's conventional wisdom is that spam is a chronic andvirtually insoluble problem. I know how deeply engrained this belief isbecause I've spent much of the last decade saying exactly that.
But I'm here to tell you the conventional wisdom is dead wrong becausethe world of spam has changed. It's an urban myth, a kernel of truthwrapped in the circumstances of yesterday's spam problem, sold to themasses as gospel because the whole truth is too complicated.
As a co-founder of the anti-spam group, the Coalition Against UnsolicitedCommercial Email, I spent the last half of the 1990s trying to explain tolawmakers, thought-leaders, and technologists that spam was far from asimple problem and that those who promised simple solutions were peddlingsnake oil.
But in my defense, rewind to when the spam problem first reared its uglyhead in the mid-1990s. To many, spam hardly seemed like a big deal. Manynewcomers to the Internet and email couldn't fathom that such a seeminglysimple problem could be that difficult to deal with.
But for those of us who delved deeply into the problem, it didn't takelong to realize that spam was not merely an isolated or simple problem,but rather a symptom of some fundamental inadequacies at the heart ofemail.
We recognized that the spam problem was not completely insoluble, but weunderstood that real solutions required changes that were so unbelievablycomplicated that only those with a deep understanding of email's innerworkings could even begin to unravel the problems.
I'm embarrassed to say that we did such a good job in driving home themessage that spam is more complex than people realize, some began tothink it impossible to handle.
Indeed, the near impossibility of the solution has become so deeplyengrained in conventional wisdom that, as the scope of the problem hasgrown, solutions that are now becoming practical are still beingdismissed as unworkable.
Unfortunately, the gospel of spam's complexity is now making it difficultfor many to accept that real solutions might be possible.
After several years of watching the anti-spam technology market evolve,the vibe in 2005 was one of acquiescence. Like death and taxes, the bestand brightest have just resigned themselves to the idea that spam is anunavoidable fact of life. Nobody has a cure, of course, becauseconventional wisdom tells us that the best we can hope for is to managespam as a chronic disease.
That acceptance has made for a profitable market in anti-spamtechnologies. Major technology firms have continued to scoop up any ideathat promises to make the life of IT managers even a tiny bit better.
No Simple Fixes, but Fixes
The continuing irony is that as the market has continued to invest in theintractability of the spam problem, some very promising spam curesproposed over the last couple of years have gotten no traction at all.
The solution to spam is no mystery. It boils down to addingauthentication and accountability to email. The technologies andtechniques for doing so have been built, tested, deployed, and verifiedto work quite well.
As predicted, the solutions are not simple fixes. They requiresubstantial changes to how email works today. But as the scale of theproblem continues to grow, the scale of what is an acceptable solutionalso has grown.
In recognizing that today's conventional wisdom about spam is hobblingefforts to reach a solution, I accept my own portion of the blame. Overthe last several years, I have helped draft too many business plans builton the premise that as long as there is no cure, you can build asuccessful business addressing the symptoms.
It's a lot like a poster I have in my office from Despair.com. In asatirical twist on those cheesy motivational posters that adorn manycorporate lunch rooms, the poster in my office reads, ''If you're not apart of the solution, there's good money to be made in prolonging theproblem.''
Unfortunately, too many of the key decision makers who are in a positionto drive the roll-out of today's most promising spam solutions are tooheavily invested in the status quo. Conventional wisdom tells them thatthere is no cure, and these people didn't get to positions of power bybucking conventional wisdom.
As we begin 2006 eating our daily ration of spam, the challenge for ourindustry's leaders is to reject today's miasma and accept the new wisdom:Spam really can be ended if we only have the collective will to do it.