The Fnordistan Department of Software Engineering

What is it about spam that makes even a laid back, tolerant person’s blood boil? What is it about spam that makes someone who’s against the death penalty even for child molesters and serial killers start ranting about burning spammers at the stake? Sometimes our hatred for spam borders on the irrational…. but hate it I do.

And I think there is good reason to loathe spammers and fight them actively. I’ve seen people argue that spam is just commercialism brought to the Internet, and if you don’t like it, delete it. (Spammers sometimes even put disqualifiers at the bottom of their spam explaining with tortured, disingenuous logic why “This is not spam” or else screeching that they have a “First Amendment right” to spam you.) I think the “free speech” and “commercial enterprise” arguments are obviously flawed.

It is interesting to watch the ever-evolving technological arms race between spammers and those who hate spam.

Blog spam is an interesting case in point. When blogs became popular, no one would have thought at first that spammers would have any reason to start posting links to porn sites and online “pharmacies” in blog comments. But then Google became the number one search engine, and as we all know, one of the criteria Google uses to rank sites in a search is the number of other sites that link to it. So, if you have a link to your site posted in forty bajillion blog entries, then as Google starts indexing all those blog entries, your site will rise higher in search rankings. Thus, suddenly bloggers were having their blogs inundated with irrelevant links to porn, gambling, and Viagra sites.

It didn’t take much for blogging software to add functionality to delete comments the administrator didn’t like (most had such features already, since it was anticipated that someone might post things in your blog you didn’t want to allow). The initial response from the spammers was to try to “disguise” their spam as something relevant — “Hey man, I love your site! Keep posting!” followed by the link. But this isn’t hard to spot, especially since the sheer redundancy of such posts creates patterns that anyone can spot instantly after being hit with them a few times.

But deleting every spam post you get is a tedious process when your blog is spammed en mass (I’ve had scores of blog spam posts put in my blog at once; some people have reported being bombarded with hundreds at a time.)

So the writers of blogging software started adding filters and blacklists. You could filter by known URLs or phrases and have posts containing those phrases or URLs automatically get labeled as spam and removed. And bloggers could share blacklists so that as soon as a new site sprang up trying to blogspam its way up the Google rankings, everyone would add it to their blacklist. Some blog software (like WordPress) has added Bayesian filters so you can not only delete a blog comment, but mark it as “spam” much as e-mail clients do, so that over time it will become “smarter” at recognizing spam.

Blog spammers began doing the same thing that e-mail spammers do to try to circumvent filters: posts with long strings of unrelated words, random phrases copied from books and poetry and quotations, anything to fill their post with so much unrelated text that Bayesian filters will have a hard time classifying it. The problem with this tactic is that (a) filters are getting smarter all the time, and (b) a person looking at such posts can still recognize them for what they are very quickly.

Recently, though, bloggers have seen the latest escalation in the blogging arms race: posts that look like typical blog spam… but the links are to sites like Yahoo! and Apple and Adobe, CNN and Microsoft, websites for charities and museums and the like.

What is the point of this? To fill blacklists with popular high-traffic sites that don’t belong there and thus, render blacklisting useless or counterproductive.

For now, what this does is force bloggers to be more careful about removing spam from their blogs, and make sure to manually delete posts like the above without marking it as “spam” and thus adding it to their filters. So simultaneously, the spammers are both compromising the utility of blacklists and making us do more tedious work to keep them off our blogs.

I am sure new measures and countermeasures will evolve. But this is certainly clear evidence that spammers (at least some of them) are an organized, cynical cabal who are very deliberately trying to force everyone on the Internet to simply accept their “right” to use every resource on the ‘net for their own ends. In this way, they’re on precisely the same ethical level as virus-writers and hackers.

And this is why spam is neither “free speech” nor “advertising” and that it is right and proper to try to stop them by any legal means available — including by writing laws against spam. Because they aren’t just trying to advertise to you (even if we discount all the spammers selling products and services that are illegal). They are trying to take over your computer, your webserver, your bandwidth, your resources. They actively engage in technological warfare to commandeer resources that do not belong to them, whether it is by sending you unsolicited e-mail that consumes bandwidth that you pay for and they do not, or by going further and trying to sabotage, in an organized fashion, countermeasures people take to try to “opt out” of their endeavors.

And that’s only limiting the discussion to spamming tactics that are at least technically legal. We now know that the biggest spammers make use of botnets, which are large clusters of PCs that have been hacked and turned into “zombies” that can be used to anonymously relay spam, launch DDOS attacks, or anything else the owner wants. Spammers rent these botnets from the gangs that control them so they can distribute their spam without fear of it being traced back to them.

And this is why I really, really hate spammers.

(Check out Inside the Spam Cartel for more.)

This entry was posted on Saturday, November 19th, 2005 at 2:14 pm and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.