What Bill Gates Really Could Do About Spam, Part 1

I've been working on this article off and on for over a month now. I was originally going to publish it all at once, but it's taking too long to finish. I've decided that it's time to break it up into parts, and get the first part out the door. It's looking like it will be three parts total, maybe four, and my target is to finish the remaining sections within a week. They're at various stages of outlining/drafting/and collecting all the supporting links.

The working title of this article has changed several times as I've been drafting this. It was originally going to be "Why Bill Gates Is All Wrong About Spam", but then I decided that that was a little too harsh. I changed it to "Why Bill Gates Is On The Wrong Track On Spam", but it occurred to me that that title would imply that I think there is one "right track". I don't think that at all, and if I ever had believed it, the various sessions at the MIT Spam Conference certainly would have convinced me that I was wrong. I hope that we can all easily agree that the fight against spam has to take place on multiple fronts. At least one of the fronts in the war on spam is sender authentication, and while Bill Gates and Microsoft (true to form!) were not the first to be on that track, they are contributing to it now, so neither "All Wrong" nor "Wrong Track" is the right characterization.

Let's back up a bit. Back in January, just a couple of days before Dieter Stalder and I were going to give the BP-111 presentation at Lotusphere, I was checking the New York Times business news RSS feed, and I found this headline:

Knowing that Bill Gates had gone on record with his thoughts about spam previously, and that I didn't have much faith in what he had said (and Lawrence Lessig didn't either), I immediately clicked through to the Times article to see what he had to say this time.

The very next thing I did was update my slides, and a couple of days later I opened the presentation by announcing "My name is Richard Schwartz, this is presentation BP-111, Controlling Spam Mail In Your Organization, and I've got great news!" I switched to a slide with the New York Times headline, and continued, "According to Bill Gates, the war on spam will be over within two years!" I took a bit of a dramatic pause, and then continued, "Yeah, right."

So, what did Bill Gates actually say back in January? He spoke of three specific approaches to the spam problem. News coverage was extensive, and I'll give you a bunch of links below, but first here's my summary:

• Challenge/Response

  The recipient's mail server returns messages to unknown senders, embeds a link to a "graphic puzzle". The sender solves the puzzle and submits the solution. The message is released and delivered, and the sender is added to the recipient's white-list so s/he won't have to solve any more puzzles.

• Computational Tax

  The recipient's mail server and all intermedieate relay servers use a new SMTP command to transfer a unique mathematical problem to each of the hosts connects. The problem is of sufficient complexity that a fast computer will take a few seconds to solve it. The complexity of the problem could be adjusted upward if the recieving server has reason to believe that the sending computer is a spammer. The message will not be received until the sending computer solves the problem and sends the answer back to the receiving server. The idea is to cut down the volume of mail that any one computer can send out in a given period of time.

• Postage

  A trusted authority establishes micro-payment accounts for email senders and recipients. A recipient could draw a small payment for his invested time from each spammer who sends him mail. The cost of spam would immediately become prohibitive. Legitimate advertisers, however, would be willing to pay for well-targeted advertisements, so the interests of both sellers and consumers are protected.

Links to coverage: CNet, eWeek, The Register, BBC, CBS, and in addition to the New York Times article already mentioned there was a follow-up that concentrated on the postage idea about a week later. The CNET article revealsed that Microsoft was also working on a "magic soluition", presumably their Caller ID plan, in addition to the three mechanisms mentioned above.

Now, let's make it clear that none of these ideas originated with Microsoft and none of them were new back in January when Gates made his speech. There's no surprise in that, of course, is there? There were, IMHO, two major purposes to Bill Gates making a major speech about spam highlighting these technologies. First, I grant that Mr. Gates wanted to add Microsoft's muscle to promote these particular ideas in a very positive sense. Secondly, however, I believe that Mr. Gates was engaging in a bit of magician's misdirection, distracting the audience from the fact that weaknesses in Microsoft technology -- while not by any means solely responsible for the severity of the spam problem-- are very much a part of what is making the spam problem so intractable. But we'll get back to that later.

So, what's Bill Gates saying about spam now, six months later? I'll get to that in Part Two, in a day or two. That will be followed by an analysis of the various things that Bill Gates and Microsoft are talking about or doing. The conclusion will be where the title of the article comes into play: my own suggestion for where Microsoft's anti-spam efforts can best be applied. Microsoft has more resources that could be applied to the problem than anyone else in the fight, including government and international agencies. It's going to be very important that they put those resources in the right place. Please stay tuned.