The end-to-end design principle and the real tragedy of spam

June 2, 2003, 11:00 PM —  ITworld — 

Every now and then there is a real e-mail message in the midst of my
spam. It used to be that every now and then there would be a spam
message in the midst of my real e-mail. Spam is a really serious problem
for me. I'm not alone.

As I write this, I am in the midst of investigating a variety of
anti-spam techniques. As a consequence, my head is swimming in pop3
proxies, Bayesian analysis and whitelist methodologies. Wading through
all of this stuff, one thought strikes me very forcefully. All the
technological solutions to the spam problem seem to address the problem
at point of receipt. They concentrate on filtering out the spam *after*
the spam has been created and sent. In other words, after the bandwidth
has been consumed. All that lovely bandwidth - what a waste! Even if I
managed to set up a filtering system so that I never saw a spam message
in my in-box, the sucking noise of bandwidth disappearing needlessly out
of the Internet's exhaust pipe would sit uneasily with me.

Unfortunately, addressing the problem with technology applied to the
routing side (in order to catch spam before it consumes so much
bandwidth) also sits uneasily with me. That is because solving the
problem in the network itself would involve breaking a key principle
that underlines the way the Internet works. I'm thinking of the so
called 'end to end principle' of system design. This simple principle
states that clever stuff should be on the edges of a distributed system
rather than in the middle. Clever stuff in the heart of a distributed
system design is hard to change and hard to maintain. Every time you
need to revisit your network to do something else with it, you end up
making changes in its core. This is both expensive and error prone. By
contrast, if the clever stuff is on the edges of the network, you can
make modifications more easily. Remember instant messaging? Gnutella?
Clever stuff can happen on the edges of the Internet because the core
functionality of the Internet is, by design, very, very basic. The
Internet routes packets without regard to what those packets are.

In the case of spam, there is another reason why it is not a good idea
to add spam technology to the core of the network. What if a real
message gets inadvertently filtered as spam? If the network took it upon
itself to remove it you would never catch the false positives. Not good.

So, can we rid the world of spam without sacrificing all the bandwidth
required by receipt-side filtering? I'm having trouble seeing a
technological solution that does not compromise the end-to-end
principle. Perhaps I've missed something but at the moment it seems to
me stopping spammers from spamming in the first place is the only way to
both preserve the bandwidth and remove the spam.

Perhaps receipt-side filtering technology will get so good that spammers
will just give up - thus giving us back the bandwidth? I have my doubts.
But if that doesn't work I think we are left with legislation as the
only alternative.

I hope I'm wrong.

Sean

[1] http://felix.openflows.org/html/lessig_future.html

Read more about opinion in ITworld's Opinion section

» posted by ITworld staff

ITworld

Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world

I like it!
Post a comment
The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
peer-to-peer

Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers

Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal

Tom Henderson
Top Ten General Operating Systems Rants

pasmith
PS3 motion controller delayed; goes up against Project Natal

sjvn
Neolithic Windows security hole alive and well in Windows 7

claird
Perl source code comparison makes for good reading

mikelgan
Cell phones don't create stress or interrupt much

Sandra Henry-Stocker
How to: The Unix Interview

 

Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann

Join the conversation here

The Daily Tip

The Daily TipQuick, practical advice for IT pros. Made fresh daily.

Hot tips:

Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.

Newsletters

Subscribe to ITWORLD TODAY and receive the latest IT news and analysis.

I would like to receive offers via email from ITworld partners.
By clicking submit you agree to the terms and conditions outlined in ITworld's privacy policy.
Marketplace