5 Top Spam Myths that Still Haven’t ChangedWritten by Paul Cunningham on July 29, 2010
I’ve been dealing with spam for a long time now, and even though we see changes every year in the major threats and new techniques that spammers come up with, one of the things that never seems to change are the myths about spam that people still cling to.
Here are a few of my favourites.
Spam Isn’t a Problem Anymore
Every now and then a journalist will write a column declaring that spam is no longer a problem for the internet. Their argument is usually based on their own individual experience, and usually includes a description of a complex series of forwarding addresses through multiple services and add-ons before a message actually arrives in their inbox.
Then they add a caveat like “And for the handful that do slip through…”
Unfortunately for businesses a complex solution that can’t scale is no option at all, especially one that still lets the spam through despite all that effort.
I Don’t Give Out My Email Address
This myth usually lasts as long as it takes for the first spam email to arrive at that email address, which is quickly followed by shock and outrage (and wild accusations that their ISP “sold” the address to a spammer).
The only type of email address that will never receive spam is the one that doesn’t exist at all. No matter how diligently you work to keep your email address private there are multitudes of ways in which it can still end up getting spammed, such as malware on your computer, someone else disclosing it inadvertently, or various attacks where spammers discover the address through dictionary guesses, brute force, or directory harvesting.
The 100% Effective Anti-Spam Technique
If I had a dollar for every time I heard “Nobody would get any spam if we all just…” I’d be retired on the beach by now. The anti-spam silver bullet doesn’t exist. Grey listing, fake MX records, and challenge-response systems are often touted as the ultimate solution to spam, but each has flaws either in practicality, scalability, or long term effectiveness (if we all start using the same “perfect” trick, spammers will just find another way).
Anti-Spam Shouldn’t Cost Money
I can only assume this springs up from some kind of resentment over paying for solutions to a problem you didn’t cause, but then again isn’t that the case with most problems?
At any rate, some of my peers in IT opt for a home brew anti-spam solution that bolts together various free components into one overall solution. Unfortunately for the masses this approach isn’t always possible, because any anti-spam solution is a trade-off between performance, effectiveness, administrative effort, and cost. Particularly in medium to large environments if you take away the costs and you are most certainly either sacrificing performance or effectiveness, or increasing the amount of administrative effort involved.
There is a reason the anti-spam industry is as commercially successful as it is – people will pay for a solution that reduces spam in a cost effective way.
We’ll Never Stop Spam Completely
Despite my rebuttal of the myths above I do honestly believe that one day we’ll stop spam completely. I understand that this will take a massive shift in the way that businesses think about email as a marketing channel, a genuine focus by online services to stop abuse, and an unprecedented level of cooperation between global legislative and law enforcement bodies, but I think that one day the cost and risk of being a spammer will be so great that it will die off as a threat to our businesses and way of life.