Anti-spam Theater

by on January 17, 2008 · 8 comments

When I stumbled across John Gilmore’s argument against the heavy-handed tactics of the anti-spam cabal a while back, I was surprised to find it pretty compelling. My years as a sysadmin had drilled into my head that Open Relays Are Bad, but this is an awfully good point:

What’s the difference between an “open router” and an “open relay”? An open router takes any packet that you send it, and forwards it toward its destination. An open relay takes any email that you send it, and forwards it toward its destination. They’re the same thing, just operating at different levels of the protocol stack. Should we outlaw open routers? Look at all these evil guys on the Internet backbone, all over companies and campuses, and even in private homes! They’re routing packets without authenticating who sent each one! They’ll accept packets from ANYWHERE ON THE INTERNET, and just send them onward, even if they contain spam or viruses! There oughta be a law!!! If we just shut down all those guys with their big Cisco spam tools, then we wouldn’t get any spam any more. Let’s all black-hole every packet that comes from any ISP that doesn’t authenticate every packet. We have perfectly good standards for authenticating packets (IPSEC — I even funded the free Linux implementation, called FreeS/WAN.) so lack of standards is no excuse. Come on guys, if we apply your rationale about open relays just two levels down in the protocol stack, we ought to shut down the entire Internet. What makes the application-level email service on port 25 so special? (Both sarcasm and logical argument are probably lost on this audience, but I’ll give it a try.)


The terms that these extortionists desire to impose is constantly changing, becoming more and more stringent. First an ISP had to terminate accounts for actual spammers who were sending unsolicited bulk email via the ISP. This was even half-reasonable, and many people agreed. Then as they got more acceptance, their demands escalated. You had to cut off people who never sent spam, but whose services in some way “aided” spammers — like my open relay. You had to cut off Web service for any URL that was merely *mentioned* in a spam sent anywhere in the world. You had to turn off DNS service that served any web site mentioned in any URL in any spam sent anywhere in the world. You had to cut off any customer who is alleged to have sent spam anywhere, whether or not the allged spam ever went through your (ISP’s) system.

It occurs to me that there’s an interesting thread running through Gilmore’s work. Another of Gilmore’s big issues is the TSA’s “security theater.” One could just as easily call the efforts to eradicate unsolicited email “anti-spam theater.” In both cases, the strategy involves putting up random and arbitrary roadblocks that inconvenience a lot of legitimate users but do little to slow down the real bad guys. When you point out that there are still a million ways that a spammer can send spam, people look at you with the exactly the same expression as they get when you point out that there are still a million ways to smuggle liquid explosives through the airport security checkpoint. The point, you see, isn’t to come up with a coherent scheme for stopping the problem. The point is to “do something,” regardless of whether that something will actually have the desired effect, and regardless of the collateral damage it inflicts on non-bad-guys.

But of course, people hate spammers almost as much as they hate terrorists. And just as peoples’ hatred of terrorists has led them to abandon rationality when it comes to airport security, so their hatred of spammers has led them to abandon rationality with respect to spam filtering. The issue isn’t whether a given policy will actually prevent spam. The issue is whether you’re for or against the spammers. If you’re against the spammers, then you’ve got to support every putatively anti-spam measure.

Incidentally, another cause Gilmore supports is ending the drug war, which has a strikingly similar dynamic to the first two.

Anyway, a question: does anyone know if Gilmore’s argument has been written up somewhere more suitable for citation? His position seems reasonable enough that it seems like someone must have written an op-ed or paper or something on it, but I haven’t come across anything.

Previous post:

Next post: